In Windows2000, the service is basically a program running at startup, its running and any user, most of the functions performed by a server, such as file sharing, etc., are running in the form of service. And big Most of the number of SYSTEM privileges, such hackers use a service to get the SYSTEM privilege through illegal ways, which will be determined to be a good thing. Of course! You can create administrative rights separately for each service, but I think big Most administrators don't have this idle. Because the service item is too much like ~~~~~~~~~ ^ _ ^ said a topic. Therefore, understand each Win2000 service and prohibit some unnecessary, Can make your server more secure.
Here are some of the margin introductions:
1: Alerter
Service Direction: Responsible for notifying users to manage alerts, work together, the latter receives and routes the information.
Executable file:% systemroot% / system32 / services.exe
Risk: potential can lead to social engineering attacks
Recommendation: The warnings issued by the Alerter service are limited to only by the administrator.
2: Application Management Direction: Provides communication between Active Directory. Specify by Group Policy, publish and delete applications installed in the system. Executable file: Winnt / System32 / Services.exe risk: Non-recommended: Non-group policies use applications, it is best to disable it.
3: Boot Information Negotiation Layer Service Direction: Working with Remote Installation Service (RIS)
4: BROWER Service Direction: Responsible for saving the list of computer on the network and provides the list to those programs requesting the list: WinNT / System32 / Services.exe risk: exposure to information about the network: prohibit
5: Indexing Service Direction: Responsible for the documentation and document properties on the index disk, and save information in a directory so you can search them later. Executable file: Winnt / System32 / Services.exe Risk: It is an IisWeb server The root advice of many security weaknesses: unless otherwise needed, it will be prohibited.
6: CLIPBOOK Service Direction: Clipbook supports the Clipbook Viewer program that allows the scrapbook to be browsed by ClipBook on a remote computer. You can make users can connect and paste text and graphics over the network. Executable file: Winnt / System32 / CLIPSRV.EXE Risk: Potential illegal useful for remote access CLIPBOOK clip page suggestions: disable
7: Distributed File System Service Direction: Allow a single logical disk. File distributions different locations on the network. Executable files: Winnt / System32 / DFSSRC.EXE Risk: No known risk recommendations: prohibited
8: DHCP Client Service Direction: Manage Network Configurations by registering and updating IP addresses and DNS domain names. Executable file: Winnt / System32 / Services.exe risk: None known risk recommendations: Assign a static IP for servers
9: Logical Disk Manager Administrative Service Direction: Used to Manage Logic Download Execution: Winnt / System32 / DmAdmin.exe Risk: No known risk recommendation: Set the service start-up type to manual (Manual)
10: Logical Disk Manager Service Direction: This service is the Logical Disk Manager Watchdog service. Responsible for managing dynamic disk services. Executable files: Winnt / System32 / Services.exe risk: No known risk recommendation: System running, keep default Automatic start
11: DNS Server Service Direction: Responsible to answer the DNS Domain Name Query Executable: Winnt / System32 / DNS.exe Risk: None of the Risk Suggestions: This service should be used with caution because it is usually caused by many security weaknesses.
12: DNS Client Service Direction: Used to cache DNS queries to record. Can be used for DNS queries for an intrusion detection system to accelerate the speed of DNS queries. Executable file: Winnt / System32 / Services.exe risk: no known Risk, but attackers can view your cache content. Determine the website you have visited. The command line form is (ipconfig / displaydns) suggestion: can stop non-stop 13: Event log service direction: Event log service is responsible for record from the system and The management event message of the program is running. Although the service is limited, it has some small problems, but the service can be used for intrusion detection and system monitoring. Executable file: Winnt / System32 / Services.exe risk: no known risk suggestion : This service should be started, especially on the standalone server.
14: COM Ent System Service Direction: Provide automatic event distribution function to subscribe to COM components. Executable file: Winnt / System32 / SVCHOST.EXE -K NESVCS Risk: No known risk recommendation: If the service does not need to be installed Use of the program, you can disable COM Event System and System Event Notification services.
15: Fax Service Direction: It is responsible for managing fax sending and receiving. Executable file: Winnt / System32 / FaxSvc.exe risk: No known risk recommendation: For servers, it is not recommended to use this service unless The server is specified as being used as a fax server.
16: Single Instance Storage Groveler Service Direction: This service is used with the Remote Installation service. Scan a single instance storage volume to find duplicate files, and point your duplicate file to a data storage point to save disk space. Risk: no known risks Recommendation: Unless you need to use the REMOTE Installation service, please stop it.
17: Internet Authentication Service Direction: For authentication dial and VPN users. Executive files: Winnt / System32 / SVCHOST.EXE -K Netsvcs Risk: No known risk recommendation: Obviously, in addition to in the dial and VPN server, the service is not Should be used. Prohibited.
18: IIS Admin Service: IIS Admin Service allows IIS services to be managed through the Internet Services Manager MMC program panel. Executable file: WinNT / System32 / INETSRV / INETINFO.EXE Risk: No known risk recommendation: If the server is running The service is required. If you do not run any iNETRNET services, you should uninstall the Internet Information Server from Control Panel, and this IIS Admin service will also be uninstalled.
19: Intersite Messaging Service and Active Directory Replication for use. Executive file: Winnt / System32 / ISMSERV.EXE Risk: No known risk recommendation: In addition to the Active Directory server, it is not recommended to use service.
20: Kerberos Key Distribution Center Service Direction: This is a domain service, providing the Kerberos Authentication Service (TGT, Ticket-Granting Service) executable: Winnt / System32 / LSASS.EXE Risk: No Known Risk Suggestions: Kerberos Key Distribution Center service and Active Directory in a domain controller are working together, and cannot be stopped, in addition to on the domain controller, the service should not run on other computers.
21: Server Service Direction: This service provides RPC support and file, print and named pipe sharing. Server service is implemented as a file system drive, can process I / O requests. Executable file: Winnt / System32 / Services.exe risk : If there is no suitable user protection, exposing system files and printer resources suggestions: Unless you intend to share files or printers on a Windows network, you don't need to run the service. (Appendix: For 2000, this is a High-risk service, 2000 users know more about the default sharing, that is, the service problem, if not prohibited, the default share will open, so important information will be exposed. For example, the Winnt folder. Everyone It should be known that he is important for 2000. Unless your password is secure enough, this share will be the dead point of your machine !!!) 22: Workstation Service Direction: This service provides network connection and communication, the service takes a file The system driver works in the form of the system, and the user can allow users to access resources on the Windows network. Executable files: Winnt / System32 / Services.exe risk: Some independent servers, such as web servers, should not participate in a Windows network: The service should only be in an internal network and run on a workstation and server that is protected by a firewall, which should be disabled on any server that can be connected to the Internet.
23: TCP / IP Print Server Service Direction: This service allows remote UNIX users to access printers managed by a Windows2000 server by using the TCP / IP protocol. Executable File: Winnt / System32 / TCPSVCS.EXE Risk: Have Something Various weaknesses, and open a listener port suggestion: This service has some security weaknesses because it opens a port to the Internet, so unless the network is separated from the Internet. Otherwise, do not use the service.
24: License Logging Service Direction: This service is responsible for managing a site license agreement information. Executable file: Winnt / System32 / llssrv.exe risk: No known risk recommendation: In addition to on the domain controller, other computers should not be used This service.
25: TCP / IP NetBIOS Helper Service Direction: This service allows NetBIOS communication on the TCP / IP network. Executable file: Winnt / System32 / Services.exe risk: exposed NetBIOS security weaknesses in your system, such as NTLM certification advice : This service should be prohibited unless you need to keep it compatible with an old version of Windows.
26: Messenger Service Direction: Messenger Service is responsible for sending and receiving messages passed by an administrator or Alerter service. Executable File: Winnt / System32 / Services.exe Risk: No known risk recommendation: This service does not need and should be disabled .
27: NetMeeting Remote Desktop Sharing Service Direction: This service allows authorized users to remotely access your Windows desktop by using NetMeeting. Executable File: Winnt / System32 / MnMsrvc.exe Risk: It is a service suggestion with potentially unsafe: The service should be prohibited. Because it will result in potentially safe weaknesses. You can use the Terminal service to replace this service for remote desktop access.
28: Distributed Transaction Coordinator Service Direction: Microsoft's Distributed Transaction Coordinator Services (MS DTC) can provide a transaction coordination tool with the OLE Transactions protocol, which can be coordinated in two and multiple databases, message queue file systems and others. Transaction Protected Explorer Transaction. Executable File: Winnt / System32 / MSDTC.exe Risk: No known risk recommendations: No need to ban
29: FTP Publishing Service Direction: File Transfer Protocol is not a secure protocol, if not properly protected, FTP Publishing services will come to a lot of security risks. Executable files: WinNT / System32 / InetSrv / inetinfo.exe risk : Microsoft's FTP Server has no known risks. However, in general, FTP is a known unsafe service. Suggest: Unless you need to provide file sharing by FTP, the service should be banned. If necessary, please carefully It protects and monitors. 30: Windows Installer Service Direction: Responsible for managing software installation, reform services are useful for installation and repair software applications. Executable file: Winnt / System32 / Msiexec.exe / V Risk: None Knowledge risk recommendation: keep
31: Network DDE Service Direction: This service provides Dynamic Data Exchange (DDE, Dynamic Data Exhange) data streaming and security. Executable files: Winnt / System32 / NetDDe.exe Risk: Accept DDE Request Suggestions: For most Application, NetWork DDE is not required, you should set it to manually start.
32: NetWork DDE DSDM Service Direction: This service saves a shared conversation database so that the shared session will be applied when a NetWork DDE share is accessed, and the security detection system will determine if the request is allowed to be accessed. Performable file: Winnt / System32 / NetDDe.exe Risk: No known risk recommendation: This service should be set to start
33: NET LOGON Service Direction: Pass-Through Authentication is supported for the account login event in the domain. Executive file: Winnt / System32 / LSASS.EXE Risk: Can be used to deliver a strong password attack : This service should not be used on separate servers that are not part of the domain.
34: Network Connections Service Direction: This service is responsible for managing objects in the Network and Dial-Up Connections folder, you can see local area networks and remote connections. Executable files: Winnt / System32 / SVCHOST.EXE -K Netsvcs Risk: No known risk recommendation: Because the service starts yourself, you can set it manually.
35: Network News Transport Protocol (NNTP) Service Direction: Used to provide a news server service, such as usenet. Executable file: WinntSystem32 / inetsrv / inetinfo.exe risk: No known risk recommendation: NNTP server should be installed in a DMZ network It should be treated like other network services, such as FTP, NAIL, and Web services. Not recommended to configure NNTP servers on private networks, any server on an internal network should uninstall or disable NNTP services.
36: File Replication Service Direction: File Replication Service (FRS) can be used in cross-domain to make files, system policies, and login scripts, which can also be used to replicate distributed file systems (DFS, Distributed File System) Data. Executable Documents: Winnt / System32 / NTFRS.exe Risk: No known risk recommendation: It maintains the file synchronization of the contents of the file directory between multiple services.
