Re: Messenger Service
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 11/28/03
- Next message: Keith: "Re: Window 2000 Professional"
- Previous message: anonymous_at_discussions.microsoft.com: "RE: logoff all servers in my domain..."
- In reply to: Kevin Davisł: "Re: Messenger Service"
- Next in thread: Kevin Davisł: "Re: Messenger Service"
- Reply: Kevin Davisł: "Re: Messenger Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Nov 2003 10:04:05 -0800
Kevin Davisł <zkevindavisz@cfl.rr.com> wrote in message news:<m7bdsvkt6o5967bqs1dvu1ukjcrh5rm0c6@4ax.com>...
> What is unwise from a security standpoint is to run any services that
> are not needed. If you don't need the Messenger Service, disable it.
> if you need it, keep it running but be aware that it has a serious
> vulnerability that needs patched immediately.
> What is also unwise from a security context is to use something as a
> security tool that was never intended to be that. To use the
> Messenger Service as an IDS of sorts for warning you that your
> firewall is down is bad. If you need an IDS system to alert you to
> intruders, run a real one. There is a free open source one called
> Snort that would do the trick.
What you say is not exactly untrue, but for most home users, hardening
a computer by disabling services and a long list of other things
manually is usually not the ideal answer, due to the time and
expertise necessary and the likelihood that mistakes will be made.
While it is true that firewall plus disabling services is more secure
that just firewall alone, for most home users, firewall should be the
first step, disabling the messenger service and Snort for IDS are
optional ninth and tenth steps.
Snort is a fine IDS, but there are a lot of other things that were
never meant to be IDS that are nevertheless good to monitor for signs
of intrusion, such as the Windows System and Application logs,
computer reboots, service starts and stops, file changes, IIS logs,
router syslogs, local user databases, windows file access auditing on
key files, etc.
Disabling the messenger service alone does not do very much to
increase the security of most home computers. There is currently only
one known vulnerability in the messenger service, and there is a patch
for that vulnerability. I would argue that leaving the messenger
service enabled with the patch installed can increase your security
compared to disabling the service.
The goal of computer security is not to become 100% secure no matter
what the cost.
- Next message: Keith: "Re: Window 2000 Professional"
- Previous message: anonymous_at_discussions.microsoft.com: "RE: logoff all servers in my domain..."
- In reply to: Kevin Davisł: "Re: Messenger Service"
- Next in thread: Kevin Davisł: "Re: Messenger Service"
- Reply: Kevin Davisł: "Re: Messenger Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
