In Windows2000, the service is basically a program running at startup, its running and any user, most of the functions performed by a server, such as file sharing, etc., are running in the form of service. And big Most Ten Self-privilege running, so that hackers use a service to obtain System privileges through illegal ways, which will determine whether it is not a good thing. Therefore, understand each Win2000 service and prohibit some unnecessary, can let Your server is safer.
Alerter
Service Direction: Responsible for notifying users to manage alerts, work together, the latter receives and routes the information.
Executable file:% systemroot% / system32 / services.exe
Risk: potential can lead to social engineering attacks
Recommendation: The warnings issued by the Alerter service are limited to only by the administrator.
Application Management
Service Direction: Provides communication between Active Directory. Specify by Group Policy, publish and delete applications installed in the system.
Executable file: Winnt / System32 / Services.exe
Risk: no
Recommendation: Non-group policies use applications, it is best to disable this service.
Boot Information NEGOTITION LAYER
Service Direction: Working with Remote Installation Service (RIS), except that there is a need to install the operating system through RIS, do not run.
Executable file: Winnt / System32 / Services.exe
Risk: no
Brower
Service Direction: Responsible for saving the list of computers on the network and provides the list to those processes that request the list.
Executable file: Winnt / System32 / Services.exe
Risk: Exposure of information about the network
Suggestion: disabled
Indexing
Service Direction: Responsible for documentation and document properties on the index disk, and save information in a directory so you can search them later.
Executable file: Winnt / System32 / Services.exe
Risk: It is the root cause of many security weaknesses on the IISWeb server
Recommendation: No disabling unless otherwise needed.
CLIPBOOK
Service Direction: Clipbook supports the CLIPBook Viewer program that allows the scrapbook to be browsed by ClipBook on remote computers. You can make users can connect and paste text and graphics over the network.
Executable file: Winnt / System32 / Clipsrv.exe
Risk: Potential illegal for remote access CLIPBOOK scrapbook
Suggestion: disabled
Distributed File System
Service Direction: Allows create a single logical disk. File distributions different locations on the network.
Executable file: Winnt / System32 / DFSRC.exe
Risk: No known risks
Suggestion: Disable (will generate Disk Error, Ignore this error)
DHCP Client
Service Direction: Manage network configuration by registering and updating IP addresses and DNS domain names.
Executable file: Winnt / System32 / Services.exe
Risk: no known risks
Suggest: Assign a static IP for the server
Logical Disk Manager Administrative ADMINISTRATIVE
Service direction: used to manage logic disk
Executable file: WinNT / System32 / DmAdmin.exe
Risk: No known risks
Recommendation: Set the startup type of the service to manual
Logical Disk Manager
Service Direction: This service is the Logical Disk Manager WatchDog service. Responsible for managing dynamic disks.
Executable file: Winnt / System32 / Services.exe
Risk: no known risks
Suggestion: The system is required to keep the default automatic start
DNS Server
Service Direction: Responsible for answering DNS domain name query
Executable file: Winnt / System32 / DNS.exe
Risk: no known risks
Recommendation: Because it is usually the root cause of many security weaknesses, the service should be used with caution.
DNS Client
Service Direction: Used to cache DNS queries to record. Can be used for DNS queries for an intrusion detection system to accelerate the speed of DNS queries. Executable files: Winnt / System32 / Services.exe
Risk: There is no known risk, but the attacker can view your cache content. Determine the website you have visited. The command line form is (ipconfig / displaydns)
Suggest: can stop non-stop
EVENT log
Service Direction: EVENT log service is responsible for logging management event messages from the system and running program. Although the service function is limited, it has some small problems, but the service can be used for intrusion detection and system monitoring.
Executable file: Winnt / System32 / Services.exe
Risk: no known risks
Recommendation: This service should be started, especially on the standalone server.
COM Eent System
Service Direction: Provide Auto Event Distribution Function to subscribe to COM components.
Executive file: Winnt / System32 / SVCHOST.EXE -K NESVCS
Risk: no known risks
Recommendation: If the service does not need to be used by any programs installed, you can disable COM Event System and System Event Notification services.
Fax
Service Direction: It is responsible for managing the sending and reception of faxes.
Executable file: winnt / system32 / faxsvc.exe
Risk: no known risks
Recommendation: For the server, it is not recommended to use this service unless the server is specified as a fax server.
SINGLE Instance Storage Groveler
Service Direction: This service is used with the Remote Installation service. Scan a single instance storage volume to find duplicate files and point your duplicate file to a data storage point to save disk space.
Risk: no known risks
Recommendation: Unless you need to use the REMOTE Installation service, please stop it.
Internet Authentication Service
Service Direction: Used to authenticate dial and VPN users.
Performable file: Winnt / System32 / SVCHOST.EXE -K Netsvcs
Risk: no known risks
Recommendation: Obviously, in addition to on the dial and VPN server, the service should not be used. Disable.
Iis admin
Service Direction: IIS Admin Service allows IIS services to be managed through the Internet Services Manager MMC program panel.
Executable file: Winnt / System32 / InetSRV / INETINFO.EXE
Risk: no known risks
Recommendation: If the server is running the iNetRnet service, the service is required. If you do not run any iNETRNET services, you should uninstall Internet Information Server from Control Panel, so that the IIS Admin service will also be uninstalled.
INTERSITE Messaging
Service Direction: INTERSITE Messaging service and Active Directory Replication are used with Active Directory RepLication.
Executable Documents: Winnt / System32 / ISMServ.exe
Risk: no known risks
Recommendation: This service is not recommended in addition to the Active Directory server.
Kerberos Key Distribution Center
Service Direction: This is a domain service, providing the Kerberos Certification Service (AS Authentication Service) and the ticket service (TGT, Ticket-Granting Service)
Executable file: Winnt / System32 / LSASS.EXE
Risk: No known risks
Recommendation: The Kerberos Key Distribution Center service works with Active Directory in a domain controller, and cannot be stopped, in addition to on the domain controller, the service should not run on other computers.
Server
Service Direction: This service provides RPC support as well as files, print and named pipe sharing, and Server services are implemented as a file system drive and can process I / O requests.
Executable: Winnt / System32 / Services.exe Risk: If you do not provide appropriate user protection, expose system files and printer resources
Recommendation: Unless you intend to share files or printers on a Windows network, you don't need to run the service. (Appearance: For 2000, this is a high-risk service, 2000 users know the default sharing, that is, the service Problem, if not prohibited, each time you log out or boot, the default share will open, so important information will be exposed. For example, the Winnt folder. Everyone should know that he is important for 2000. Unless your password is secure, Otherwise, this share will be the dead hole of your machine !!!!)
Workstation
Service Direction: This service provides network connection and communication, which works in the form of a file system drive and allows users to access resources located on the Windows network.
Executable file: Winnt / System32 / Services.exe
Risk: Some independent servers, such as web servers, should not participate in a Windows network
Recommendation: This service should only be on an internal network and is running on a workstation and server that is protected by a firewall. This service should be disabled on any server that can be connected to the Internet.
TCP / IP print server
Service Direction: This service allows remote UNIX users to access printers managed by a Windows2000 server by using TCP / IP protocol.
Executable file: WinNT / System32 / TCPSVCS.exe
Risk: Have some security weaknesses, and open a listener port
Recommendation: This service has some security weaknesses because the service is opened to the Internet, so unless the network is separated from the Internet. Otherwise, do not use the service.
License logging
Service Direction: This service is responsible for managing the license agreement information of a site.
Performable file: Winnt / System32 / Llssrv.exe
Risk: No known risks
Recommendation: In addition to on the domain controller, other computers should not use the service.
TCP / IP NetBIOS Helper
Service Direction: This service allows NetBIOS communication on TCP / IP networks.
Executable file: Winnt / System32 / Services.exe
Risk: Exposing NetBIOS security weaknesses in the system, such as NTLM certification
Recommendation: This service should be prohibited unless you need to keep it compatible with an old version of Windows.
Messenger
Service Direction: The Messenger service is responsible for sending and receiving messages passed by an administrator or alerter service.
Executable file: Winnt / System32 / Services.exe
Risk: No known risks
Recommendation: This service does not need and should be disabled.
Netmeeting Remote Desktop Sharing
Service Direction: This service allows authorized users to remotely access your Windows desktop by using NetMeeting.
Executable file: Winnt / System32 / MnMsrvc.exe
Risk: is a service with potentially unsafe
Recommendation: This service should be prohibited. Because it causes potential security weaknesses. You can use the Terminal service to replace this service for remote desktop access.
Distributed Transaction Coordinator
Service Direction: Microsoft's Distributed Transaction Coordinator Services (MS DTC) can provide a transaction coordination tool with the OLE Transactions protocol, which can be coordinated in two and multiple databases, message queue file systems and other transaction protection (TraSction Protected ) Resource manager's transaction.
Performable file: WinNT / System32 / MSDTC.exe
Risk: No known risks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^ ^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
