Re: Services
From: Mark Strelecki, ACP (be6-507@nospam.strelecki.com)
Date: 10/22/02
- Next message: Torgeir Bakken (MVP): "Re: Messenger"
- Previous message: Daniel Angelucci: "Re: port 137"
- In reply to: NeoSadist: "Re: Services"
- Next in thread: machiaveli: "Re: Services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: " Mark Strelecki, ACP" <be6-507@nospam.strelecki.com> Date: Mon, 21 Oct 2002 19:00:27 -0400
NS -
I have not used either the DNS client or the RunAs Services, and my system
works great.
I have Internet access over a LAN with full file and printer sharing behind
a Linksys NAT router.
Otherwise, your list looks quite good, and thanks for the reminder that many
default settings and services can (and SHOULD) be changed for more secure
operation as well as enhanced performance.
A site I highly recommend on the subject can be found here:
http://www.blkviper.com/WIN2K/servicecfg.htm
-- Mark Strelecki, ACP BE6.XP1097.020817 Atlanta, GA. - Computing and Programming Since 1975 I MAKE IT GO! © http://www.strelecki.com/links.html -------------------------------------- "I think the sole purpose of our inventions is to fill our needs to be mad at something." Paul Roussin, August, 2002 "NeoSadist" <neos@dist> wrote in message news:ur90r6jjc2b843@corp.supernews.com... > > "machiaveli" <machiaveli280278@hotmail.com> wrote in message > news:8e6401c2794b$2b322590$2ae2c90a@phx.gbl... > > Can anyone help me which services i can shut down and tell > > me if there should be a smss.exe and csrss.exe in the > > taskmanager. > > > > Machiaveli > Ok. > You tell me what operating system you're using (which flavor of win2k) and > if this is a home LAN or work LAN, and what things you need. > However, to quote Philip Cox in his article "Hardening Windows 2000": > > "For a medium to high-security system, ensure the services listed below are > the only ones runnig. The asterisks (*) indicate the minimal services > required to operate the box -- all others are optional and represent > potential risk. > > DNS Client * > EventLog * > IPSec Policy Aent > Logical Disk Manager * > Network Connections Manager > Plug & Play * > Protected Storage * > Remote Procedure Call > Remote Registry Service > RunAs Service > Security Accounts Manager * > For a domain controller you will need: > > DNS Server (unless you have a Dynamic DNS server already existing) > File Replication Service > Kerberos Key Distribution Center > Net Logon > NT LM Service Provider > RPC Locator > Windows Time > TCP/IP NetBIOS helper > Server (when sharing resources or running the AD) > Workstation (when connecting to resources)" > > <SNIP> > Remember, that was written for Win2k Server, but should apply to Win2k pro > and Win2k clients. > For further info, go to www.sans.org 's reading room, and "Hardening Windows > 2000" by Philip Cox should be available there. Getting a reading room > account is free.
- Next message: Torgeir Bakken (MVP): "Re: Messenger"
- Previous message: Daniel Angelucci: "Re: port 137"
- In reply to: NeoSadist: "Re: Services"
- Next in thread: machiaveli: "Re: Services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
