Re: Windows XP Services Best Practice

Aaron Margosis' WebLog : Anti-virus vs. Non-Admin:

Best practice to Aaron is running without Antivirus. Is it to your firm? Probably not for most of us.. but interesting thought nonetheless.

Following the 'high security' guidelines (or whatever they call them these days) WILL break things and in fact, in many cases leave the average network admin unable to properly manage a business network.

Many of those 'high security' networks were hammered out by committees from government security folks and remember they don't have much of a budget in the first place and aren't running a business network.

Read first Protect Your Windows Network by Riley and Johansson

Thor (Hammer of God) wrote:

I'm glad you said that... I reviewed the NSA docs early on- most of it was
simply a list of the most restrictive/highest settings you could apply
without any real information on what did what, what broke what, etc.

That being said, "best practices" documents really shouldn't attempt to list
what services should and shouldn't be enabled-- [this is now a general reply
to the list, not one directed at you ;) ] "Best Practice," to me, is doing
your due diligence in research and discovery into what your network's needs
are, determining threat and risk, and then determining what must be enabled
to serve those needs within your threat model.

Find out what the services do, map out what you need, and disable everything
else. And test. These lists are no more than "typical" services; they are
not, in themselves, a "best practice."


On 6/5/06 9:29 AM, "Shaffer, Bruce" <security@xxxxxxxxx> spoketh to all:

Be wary of using this one as it is downloaded. It is certainly secure;
but your users will not be able to work. I sent this to an admin as a
joke when we were rolling out AD and he applied it as it was downloaded
from the site with the expected result that we were so secure no one
could do anything other than log on.

Just sharing an experience.

-----Original Message-----
From: Alexandros Papadopoulos [mailto:apapadop@xxxxxxxxxxxxxx]
Sent: Monday, June 05, 2006 10:25 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Windows XP Services Best Practice

On Monday 05 June 2006 05:58, Vic Brown wrote:

Anyone has a useful link with with information about what XP Pro SP2
services should be "disabled" on enterprise desktops according to
"best" practice? Basically I'm looking for something that has the
service name, functionality, security implication, and best practice
recommendation. Desktop users are only running an office suite.

Try - NSA's security configuration guides.





Letting your vendors set your risk analysis these days?
The SBS product team wants to hear from you: