 |
The "No Network is 100% Secure" series
- Windows XP Services -
A White Paper
|
|
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
Contact Us
Purpose for this white paper: Running unnecessary services wastes computer
power and reduces performance. But more important, having unnecessary services
running on your computer can make you vulnerable to attack from hackers, crackers,
viruses and all sorts of malware. As a best practice, you should not enable any
service on any computer that isn't actually needed.
Cautions: It's certainly possible to "break" a Microsoft Windows workstation
by disabling a service that is required for proper operation. We would advise that
the reader proceed slowly and carefully when reducing the number of services that
are running on their PCs. For example, it would be unwise to disable every
service listed in this white paper in one shot. Better to stop a few services at a
time, set them to manual, document what you've done and then continue to use
the workstation for a day or two to see if you notice any adverse effects. If
everything seems fine, reboot the workstation and see if everything comes back up and
continues to operate properly. If there are any problems, it will be a lot easier to
roll back to your last known good configuration if you've only made a small number
of changes.
You would probably want to set these services to "manual" rather than disabling
them, at least during the test phase. Only when you are positive that a stopped
service is absolutely not needed should it be set to "disable".
Also note that Microsoft Windows workstations that are in a domain will need
services running that may be listed here as not needed. In a corporate environment,
you are probably supported by an IT staff that would take a dim view of users
fooling with service settings. You would want to discuss your plans with your
favorite IT person before making any changes to your workstation. But for home or
SOHO users, the recommendations on this list are fairly safe to implement.
But again, proceed slowly and carefully, documenting all of the changes you
make every step of the way.
We will assume that you know how to bring up the services GUI already. If you don't,
implementing the changes in this white paper might be ill-advised. This
white paper was written for Windows XP Pro but the settings for other XP offerings
would be similar.
The studious reader will likely note that many services are not listed in this
white paper. These have been intentionally omitted because those services should not
be stopped in most cases. Others do not present a significant security risk if
left running and/or the performance gain by stopping the service is so trivial as to
not be worth the effort.
Alerter: You can safely stop and disable this service. A caveat is if you
are in a domain that issues notices about upcoming password expirations or
things like that. With this service disabled, you will not get these notices
and could find yourself locked out of network one day.
Application Layer Gateway Service: Again, in almost all cases you can safely
stop and disable this service.
ClipBook: Disable it.
Computer Browser: If you are on a network with other computers, and need to
see them, this may be a useful tool. Otherwise, disable it.
Distributed Transaction Coordinator: If you are not accessing network
filesystems and databases, disable it.
Help and Support: If you don't use this feature, disable it or at least
stop it and set it to manual.
Human Interface Device Access: You should be able to safely disable this service.
Messenger: Disable it.
Net Logon: Not needed unless you are in a domain.
NetMeeting Remote Desktop Sharing: If you need this service, you already
know it. Otherwise, you can safely disable it.
Remote Desktop Help Session Manager: Same as NetMeeting.
Remote Procedure Call (RPC) Locator: In most cases you can stop this service
and set it to manual.
Remote Registry: In my opinion, having this running is a big security risk.
Stop it and set it to manual.
TCP/IP NetBIOS Helper: This service is rarely used any more even in the corporate
environment. Stop it and set it to manual. If you find that you are unable to print
or to access some types of network file systems, you may need to restart this
service.
Telephony: This service is used by all sorts of hardware that you wouldn't think
would use it. You can try setting it to manual and keeping an eye on the event logs.
Telnet: Disable it. Definitely!
Terminal Services: Your systems administrator may disagree, but I'd stop
this service and set it to manual. Or just disable it.
Themes: Disable it.
Uninterruptible Power Supply: Unless you are using a UPS on your computer
and it has the capability of managing the system, disable it.
Wireless Zero Configuration: Unless you are using wireless on your
workstation, disable it.
Workstation: If you are not in a local network sharing files, data or
services, disable it.
Comments: We would welcome feedback regarding this list and especially
any problems that were encountered disabling services that turned out to be
needed. We will update this white paper with feedback caveats and comments
as appropriate.
Next in the security white paper series:
How Cyber Criminals will mature over the next ten years
Are you vulnerable to drive-by exploits?
High value sites recent hacks
IT employment challenges of the 21st century
Employment reference checking white paper
Competency Certifications White Paper
Firewall White Paper
Virus White Paper
GhostNet White Paper
Password White Paper
Digital Identification Certificates White Paper
Cryptography White Paper
OpenID White Paper
Intrusion Detection Systems IDS White Paper
Rootkit White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Cloud Computing White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Phishing White Paper
DNS Poisoning White Paper
Conficker White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Trojan Virus Attacks White Paper
Port Scanning White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 102 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Shelfware White Paper
Outsourced IT White Paper
Easyrider LAN Pro Consulting services:
Network Security Audit and PC Tune-up service
- Proxy server installation and configuration
- Enterprise security consultations
- Disaster recovery planning
- Disaster recovery services
- Capacity, migration and upgrade planning
- Build and deploy central syslog server
- Build trouble ticket systems
- Design and build monitoring environments
- Design and build Network Operations Centers (NOC)
- HP Openview, BMC Patrol consulting
|
|
Last modified March 29, 2009
Copyright 1990-2009 Easyrider LAN Pro