Windows 2000 Service Security and Recommendations In Windows 2000, the service is basically a program running at startup, its running and any users have nothing to do, most of the functions performed by a server, such as file sharing, etc. There is also a form of operation. And most of the ten System privileges, so that hackers use a service to obtain SYSTEM privileges through illegal ways, which will determine whether it is not a good thing. Of course!
You can create administrative privileges separately for each service, but I don't think that most administrators don't have this idle. Because the service item is too much like ~~~~~~~~~ ^ _ ^ said a topic. Therefore Understand each Win2000 service and prohibit some unnecessary, let your server safer. The following is some of the margin: 1: Alerter service direction: Responsible for notify the user to manage alert, the service and MESENGER service Work, the latter receives and routes the information of the former. Executable file:% systemroot% / system32 / services.exe risk: potential can lead to social engineering attacks: Limit a warning that Alerter service is limited to only administrators. 2: Application Management Direction: Provides communication between Active Directory. Specified by Group Policy, publish and delete applications installed in the system. Executable file: Winnt / System32 / Services.exe risk: no suggestion : Non-group strategies use applications, it is best to disable this service. 3: Boot Information Negotiation Layer Service Direction: Working with Remote Installation Service (RIS), except if you need to install the operating system via RIS, do not run. Executable file: Winnt / System32 / Services.exe Risk: None 4: BROWER Service Direction: Responsible for saving a list of computer on the network and providing the list to those program executables requesting the list: WinNT / System32 / Services.exe risk: Exposure to information about networks: Prohibit 5: Indexing Service Direction: Responsible for indexing documents and document properties on disk, and save information in a directory so you can search them later. Executable file: Winnt / System32 / Services. EXE Risk: It is the root source recommendation for many security weaknesses on the IISWeb server: Users can connect and paste text and graphics over a network. Executable file: Winnt / System32 / Clipsrv.exe Risk: Potential illegal for remote access CLIPBOOK scrap page suggestions: Disable 7 : Distributed File System Service Direction: Allow a single logical disk. File distributions different locations on the network. Executable files: Winnt / System32 / DFSSRC.EXE Risk: No known risk recommendation: Prohibit 8: DHCP Client Service Direction: Pass Register and update the IP address and DNS domain name to manage network configuration. Executable file: Winnt / System32 / Services.exe risk: No known risk recommendation: assign a static IP 9: Logical Disk Manager Administrative Service Direction: For management Logical disk executable: Winnt / System32 / dmadmin.exe risk: No known risk recommendation: Set the startup type of the service to manual (MANUAL) 10: Logical Disk Manager service direction: This service is the Logical Disk Manager Watchdog service. Responsible for managing dynamic disks. Executable file: Winnt / System32 / Services.exe risk: No known risk recommendation: System running, keep default automatic start 11: DNS Server service direction: responsible for answering DNS Domain Name Query can be implemented File: Winnt / System32 / DNS.exe Risk: No known risk recommendation: Because of its usual leads to the root cause of many security weaknesses, the service should be cautious. 12: DNS Client Service Direction: Used to Cache DNS Query to record Can be used for DNS queries for an intrusion detection system to accelerate the speed of DNS queries. Executable file: Winnt / System32 / Services.exe risk:
There is no known risk, but the attacker can view your cache content. Determine the website you have visited. The command line form is (ipconfig / displaydns) suggestion: can stop non-stop 13: Event log service direction: Event log service is responsible for logging The management event message from the system and running program. Although the service function is limited, it has some small problems, the service can be used for intrusion detection and system monitoring. Executable file: Winnt / System32 / Services.exe risk: no Knowledge Risk Suggestions: This service should be started, especially on standalone servers. 14: COM Ent System service direction: Provide automatic event distribution function to subscribe to COM components. Executable file: Winnt / System32 / SVCHOST.EXE -K NESVCS Risk : No known risk recommendation: If the service does not need to use any programs installed, you can disable COM
Event System and System Event Notification Services. 15: Fax Service Direction: It is responsible for managing the sending and reception of faxes. Executable file: winnt / system32 / faxsvc.exe risk: no known risk recommendation: For the server, no need This service is not recommended unless the server is specified as a fax server. 16: Single Instance Storage Groveler Service Direction: This service is used with the Remote Installation service. Scan a single instance storage volume to find duplicate files, and will Duplicate file points to a data storage point to save disk space. Risk: No known risk recommendations: Unless you need to use the Remote Installation service, please stop it. 17: Internet Authentication Service Service Direction: Used to authenticate dial-up and VPN users. Executable: WinNT / System32 / Svchost.exe -k Netsvcs Risk: No known risk recommendation: Obviously in addition to in dial and VPN servers, the service should not be used. Prohibited. 18: IIS Admin Service Direction: IIS Admin Service Allow Manage IIS services via the Internet Services Manager MMC program panel. Executable file: Winnt / System32 / InetSRV / INETINFO.EXE Risk: No known risk recommendation: If the server is running the INETRNET service, the service is needed. If Without running any iNETRNET service, the Internet Information Server should be uninstalled from the Control Panel, and the IIS Admin service will also be uninstalled. 19: Intersite Messaging service direction: Intersite Messaging service and Active Directory Replication are used together. Executive File: Winnt / System32 / ISMSERV.EXE Risk: No known risk recommendation: In addition to the Active Directory server, it is not recommended to use this service. 20: Kerberos Key Distribution Center service direction: This is a domain service, providing Kerberos Authentication service (AS Aut Hentication Service) and Ticket Grants Service (TGT, Ticket-Granting Service) Executable Documents: Winnt / System32 / LSASS.exe Risk: No known risk recommendation: Kerberos Key Distribution Center service and Active Directory in a domain controller Work together, and cannot be stopped, in addition to on the domain controller, the service should not run on other computers. 21: Server service direction: This service provides RPC support and file, print and named pipe sharing, Server service is used as File system drives are implemented, can process I / O requests. Executable files: Winnt / System32 / Services.exe risk: If you do not provide appropriate user protection, exposure system files and printer resources suggestions: unless you intend to in Windows network Sharing a file or printer, otherwise you don't need to run the service. (Listant: For 2000, this is a high-risk service, 2000 users know the default sharing, that is, the service problem, if not ban, every Dance or boot, the default share will open, so important information will be exposed. For example, the Winnt folder. Everyone should know that he is important for 2000. Unless your password is secure, this share will be your machine. Dead hole !!!!
22: WorkStation Service Direction: This service provides network connection and communication, which works in the form of a file system drive and allows users to access resources on the Windows network. Executable file: Winnt / System32 / Services.exe risk : Some independent servers, such as web servers, should not be involved in a Windows network: This service should only be running on an internal network and is running on a firewall-protected workstation and a server that can be connected to the Internet. This service should be disabled. 23: TCP / IP Print Server Service Direction: This service allows remote UNIX users to access printers managed by a Windows2000 server by using TCP / IP protocol. Executable file: Winnt / System32 / Tcpsvcs.exe Risk: Have some security weaknesses, and open a monitor port suggestion: This service has some security weaknesses, because open a port to the Internet, so unless the network is separated from the Internet. Otherwise do not use This service. 24: license logging service direction: This service is responsible for managing a license agreement information for a site. Executive file: Winnt / System32 / llssrv.exe risk: No known risk recommendation: In addition to in the domain controller, other computers This service should not be used. 25: TCP / IP NetBIOS Helper service direction: This service allows NetBIOS communication on the TCP / IP network. Executable file: Winnt / System32 / Services.exe Risk: NetBIOS security in the system Weakness, such as NTLM certification: Unless you need to be compatible with an old version of Windows, you should prohibit the service. 26: Messenger service direction: Messenger service is responsible for sending and receiving messages passed by an administrator or Alerter service. Executive Document: Winnt / System32 / Services.exe Risk: No known risk recommendation: This service does not need and should be disabled. 27: NetMeeting Remote Desktop Sharing Service Direction: This service allows authorized users to remotely access your Windows desktop remotely by using Netmeeting Performable file: Winnt / System32 / MnMsrvc.exe Risk: is a service suggestion with potentially unsafe: this service should be prohibited Because it can lead to potentially safe weaknesses. You can use the Terminal service instead of remote desktop access. 28: Distributed Transaction Coordinator Service Direction: Microsoft's Distributed Transaction Coordinator Service (MS DTC) can with OLE Transactions The protocol provides a Transaction Coordination tool to coordinate transactions distributed in two and multiple databases, message queue file systems, and other transaction protected resource managers. Executable files: Winnt / System32 / MSDTC. EXE risk: No known risk recommendation: No need to prohibit 29: FTP Publishing Service Direction: File Transfer Protocol is not a secure protocol, if properly protected, the FTP Publishing service will come to a lot of security risks. Executable file : Winnt / System32 / InetSRV / INETINFO.EXE Risk: Microsoft's FTP Server has no known risks. But in general, FTP is a known unsafe service. Suggest: Unless you need to provide file sharing by FTP, otherwise the service It should be prohibited. If necessary, please protect and monitor it. 30: Windows Installer Service Direction: Responsible for managing software installation, useful for installation and repair software applications. Executable file: WinNT / System32 / Msiexec.exe / V Risk: No known risk recommendation: Reserved 31: Network DDE Service Direction: This service provides Dynamic Data Exchange (DDE, Dynamic Data Exhange) data stream transfer and security. Executable file: Winnt / System32 / NETDDE.EXE Risk:
Accept DDE Request By Network: For most applications, NetWork DDE is not required. You should set it to manually start. 32: Network DDE DSDM Service Direction: This Service Saves a Shared Conversation Database This, when a NetWork DDE share is accessed, the shared session will be applied, and the security detection system will determine whether the request is allowed to be accessed. Executable file: Winnt / System32 / NetDDe.exe risk: No known risk suggestion : This service should be set to manually start 33: Net Logon Service Direction: Support for the pass-through automation of the account login event in the domain, executable: Winnt / System32 / lsass.exe risk: you can use Pressing the powerful password attack: This service should not be used on a separate server that is not part of the domain. 34: NetWork Connections Service Direction: This service is responsible for managing the object in the Network and Dial-Up Connections folder You can see the local area network and remote connection. Executable file: Winnt / System32 / SVCHOST.EXE -K Netsvcs Risk: No known risk recommendations: Since the service starts yourself, you can set it to Manual startup. 35: Network News Transport Protocol (NNTP) Service Direction: Used to provide a news server service, such as usenet. Executable: WinntSystem32 / inetsrv / inetinfo.exe risk: No known risk recommendation: NNTP server should be installed A DMZ network and should be treated like other network services, such as FTP, NAIL, and Web services. Not recommended to configure NNTP servers on private networks, any server on an internal network should uninstall or disable NNTP services. 36 : File Replication Service Direction: File Replication Services (FRS) can be copied in the fields, system policies, and login scripts across the domain, which can also be used to copy data for distributed file systems (DFS, Distributed File System) Document: Winnt / System32 / NTFRS.EXE Risk: No known risk recommendation: it is in multiple Maintain the file synchronization of the contents of the file directory, keep the original. Author BLOG:
http://blog.9cbs.neet/micklesl/
