Re[2]: Windows XP Services Best Practice




switching the context from 'system' could be a good step among others but
it doesn't help to isolate services and does not reduce the attack
surface in general. Due to the weaknesses of windows impersonation
model an intruder can elevate services privileges. For example, the
context of the MS SQL service running as a unique user account can be
elevated up to 'System'. The same is true for any service run on
behalf of 'Network Service' account. http://www.securityfocus.com/bid/18008/discuss


Brian L. Walche,
Know the Fact - http://www.gentlesecurity.com/knowthefacts.html
GentleSecurity S.a.r.l.
www.gentlesecurity.com


Note that CIS, NIST and NSA templates are a baseline specs, many of the
settings are left undefined. Most places that implement it specifically
define all services in the template so you should test-test-test the
changes then test again. You can also define the context in which the
service runs (eg: not just system) which can help isolate some services
like 'remote registry'

Francisco Pecorella wrote:
Vic,

I think you can use the NIST Security Configuration Checklists
Repository, specifically

Windows XP Security Guide
http://checklists.nist.gov/repository/1007.html

Windows XP Security Checklist
http://checklists.nist.gov/repository/1057.html

Windows 2003/XP/2000 Addendum
http://checklists.nist.gov/repository/1057.html

--
Regards,
FP
----- Original Message ----- From: "Vic Brown" <vabrown@xxxxxxxxxxxxxx>
To: <focus-ms@xxxxxxxxxxxxxxxxx>
Sent: Sunday, June 04, 2006 10:58 PM
Subject: Windows XP Services Best Practice


Anyone has a useful link with with information about what XP Pro SP2
services should be "disabled" on enterprise desktops according to
"best" practice? Basically I'm looking for something that has the
service name, functionality, security implication, and best practice
recommendation. Desktop users are only running an office suite.

TIA
--
http://ccopanama.org





----------------------------------------------------------------



---------------------------------------------------------------------------

---------------------------------------------------------------------------




---------------------------------------------------------------------------

---------------------------------------------------------------------------





---------------------------------------------------------------------------
---------------------------------------------------------------------------