Re[2]: Windows XP Services Best Practice




switching the context from 'system' could be a good step among others but
it doesn't help to isolate services and does not reduce the attack
surface in general. Due to the weaknesses of windows impersonation
model an intruder can elevate services privileges. For example, the
context of the MS SQL service running as a unique user account can be
elevated up to 'System'. The same is true for any service run on
behalf of 'Network Service' account. http://www.securityfocus.com/bid/18008/discuss


Brian L. Walche,
Know the Fact - http://www.gentlesecurity.com/knowthefacts.html
GentleSecurity S.a.r.l.
www.gentlesecurity.com


Note that CIS, NIST and NSA templates are a baseline specs, many of the
settings are left undefined. Most places that implement it specifically
define all services in the template so you should test-test-test the
changes then test again. You can also define the context in which the
service runs (eg: not just system) which can help isolate some services
like 'remote registry'

Francisco Pecorella wrote:
Vic,

I think you can use the NIST Security Configuration Checklists
Repository, specifically

Windows XP Security Guide
http://checklists.nist.gov/repository/1007.html

Windows XP Security Checklist
http://checklists.nist.gov/repository/1057.html

Windows 2003/XP/2000 Addendum
http://checklists.nist.gov/repository/1057.html

--
Regards,
FP
----- Original Message ----- From: "Vic Brown" <vabrown@xxxxxxxxxxxxxx>
To: <focus-ms@xxxxxxxxxxxxxxxxx>
Sent: Sunday, June 04, 2006 10:58 PM
Subject: Windows XP Services Best Practice


Anyone has a useful link with with information about what XP Pro SP2
services should be "disabled" on enterprise desktops according to
"best" practice? Basically I'm looking for something that has the
service name, functionality, security implication, and best practice
recommendation. Desktop users are only running an office suite.

TIA
--
http://ccopanama.org





----------------------------------------------------------------



---------------------------------------------------------------------------

---------------------------------------------------------------------------




---------------------------------------------------------------------------

---------------------------------------------------------------------------





---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • Re: The Myth of the secure Mac
    ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ...
    (comp.sys.mac.advocacy)
  • SecurityFocus Microsoft Newsletter # 149
    ... MICROSOFT VULNERABILITY SUMMARY ... EveryBuddy Long Message Denial Of Service Vulnerability ... Intellitactics Network Security Manager ... Windows operating systems. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #120
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
    (Focus-Microsoft)