Re: Windows XP Services Best Practice



Aaron Margosis' WebLog : Anti-virus vs. Non-Admin:
http://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx

Best practice to Aaron is running without Antivirus. Is it to your firm? Probably not for most of us.. but interesting thought nonetheless.

Following the 'high security' guidelines (or whatever they call them these days) WILL break things and in fact, in many cases leave the average network admin unable to properly manage a business network.

Many of those 'high security' networks were hammered out by committees from government security folks and remember they don't have much of a budget in the first place and aren't running a business network.

Read first Protect Your Windows Network by Riley and Johansson
http://www.protectyourwindowsnetwork.com/default.htm


Thor (Hammer of God) wrote:

I'm glad you said that... I reviewed the NSA docs early on- most of it was
simply a list of the most restrictive/highest settings you could apply
without any real information on what did what, what broke what, etc.

That being said, "best practices" documents really shouldn't attempt to list
what services should and shouldn't be enabled-- [this is now a general reply
to the list, not one directed at you ;) ] "Best Practice," to me, is doing
your due diligence in research and discovery into what your network's needs
are, determining threat and risk, and then determining what must be enabled
to serve those needs within your threat model.

Find out what the services do, map out what you need, and disable everything
else. And test. These lists are no more than "typical" services; they are
not, in themselves, a "best practice."

t



On 6/5/06 9:29 AM, "Shaffer, Bruce" <security@xxxxxxxxx> spoketh to all:



Be wary of using this one as it is downloaded. It is certainly secure;
but your users will not be able to work. I sent this to an admin as a
joke when we were rolling out AD and he applied it as it was downloaded
from the site with the expected result that we were so secure no one
could do anything other than log on.

Just sharing an experience.
-B-

-----Original Message-----
From: Alexandros Papadopoulos [mailto:apapadop@xxxxxxxxxxxxxx]
Sent: Monday, June 05, 2006 10:25 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Windows XP Services Best Practice

On Monday 05 June 2006 05:58, Vic Brown wrote:


Anyone has a useful link with with information about what XP Pro SP2
services should be "disabled" on enterprise desktops according to
"best" practice? Basically I'm looking for something that has the
service name, functionality, security implication, and best practice
recommendation. Desktop users are only running an office suite.


Try http://www.nsa.gov/snac/ - NSA's security configuration guides.

-A

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------








---------------------------------------------------------------------------
---------------------------------------------------------------------------





--
Letting your vendors set your risk analysis these days? http://www.threatcode.com
The SBS product team wants to hear from you:
http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx


---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • RE: Require password for network access
    ... Require password for network access ... practice to master. ... SensePost willl be at Black Hat Vegas in July. ...
    (Security-Basics)
  • RE: network security, network in general PODcast?
    ... Cause I'm not a security expert neither and I can argu with him on the Call for help show sometime. ... Objet : Re: network security, network in general PODcast? ... practice to master. ... SensePost willl be at Black Hat Vegas in July. ...
    (Security-Basics)
  • RE: Calculating ROI for a Network/Security Practice
    ... architectures for a classified network, ... Resources for security technologies and practices must compete with the ... Calculating ROI for a Network/Security Practice ...
    (Security-Basics)
  • Sniffer - Hows the best way to deploy ?
    ... Please someone could tell me the best practice to deploy a sniffer on the network? ... There are some technical root cause for that: ...
    (Security-Basics)
  • Re: VLANs & DMZs
    ... > they started treating them as if they were security boundaries. ... it is considered to be best practice to implement VLANS of the ... > networks by having a separate, highly secure classified network ...
    (comp.security.firewalls)