Home > Checklist: Protecting users from themselves
Checklist:
EMAIL THIS LICENSING & REPRINTS

Checklist: Protecting users from themselves

04 Apr 2006 | SearchWindowsSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Protecting users from themselves

Any good security practitioner will tell you that security is a process that involves a number of different components working in concert. The elements of good Windows systems security involve hardened desktops and servers, well configured firewalls, effective use of anti-malware software and user education. Most of these same security practitioners will tell you that the last element is the hardest to pull off.

Windows is known for the power and convenience that it places in the hands of users, but sometimes too much power in the hands of those that don't fully understand the power -- and security risks that come with it -- is a recipe for disaster. While the ultimate goal of a good security implementation should be to educate users, sometimes it is best to take some of the power away from users and decrease the security exposure of the enterprise.

To that end this document examines Windows XP services that if left enabled can lead to security exposures.

Deactivating unneeded services

One of the easiest ways for crackers to exploit holes in your system is through open services. And lately, viruses have been masquerading as services listed in the Task Manager, making them harder to detect, clean and prevent. When you audit and close unused services, in addition to security benefits, you receive performance enhancement because stagnant programs aren't taking up available resources. Besides, a full security audit of your service can reveal some interesting details about your machine.

Windows XP comes with only two services that require open access to an external interface for normal operation: Terminal Services, or Remote Desktop Connection, and the Remote Access Service for answering dial-in calls.

Follow these instructions to manage services on your computer:

  1. Right-click My Computer, and choose Manage
  2. Expand the Services & Applications tab, and select Services
  3. Double-click a service
  4. Under Startup Type, select Manual to disable a service from automatically starting when the computer boots up. Click the Stop button to stop the service if it's already running

The following services ship with Windows XP. The list is not complete, but it includes the recommended state that each service shown should be in on your computer, assuming normal office functions are performed on the machine. On this list you'll see the name of the service, followed by a short description and my recommendation regarding the state of the service.