Search

Search for words used in entries on this website

Enter the words[s] to search for here:

Sponsors

Locking down services on XP client workstations

One of the easiest ways for crackers to exploit holes in your system is through open services. And lately, viruses have been masquerading as services listed in the Task Manager, making them harder to detect, clean and prevent. When you audit and close unused services, in addition to security benefits, you receive performance enhancement because stagnant programs aren't taking up available resources. Besides, a full security audit of your service can reveal some interesting details about your machine.

Peruse the following list of best practices and consider implementing them.

• Give strong passwords to service accounts. When you install applications that require services to run, you are typically given the option to choose an account under which the service is to be run. Use 15+ character passwords, and remember that you must set these passwords both in Active Directory Users and Computers or Computer Management (depending on your operating environment) and in the Log-On tab of the service's property sheet.
  
• Never let users log on using service accounts. This particularly applies to the Administrator account -- never assign the Administrator account to a service, and never distribute any service account name and password to any users. There is absolutely no reason to do so, and if users can access systems in these contexts, they can wreak more havoc than you could imagine. Just don't do it.
  
• Do not allow network access to service accounts. For one, this means don't create domain accounts for services. Wherever possible, use a local account on the server where the service is located. Also, check the "Deny Access to this Computer from the Network" right within the service account's property sheet to eliminate network access for that account.
  
• Use accounts of least privilege for service accounts. Windows XP includes a great set of built-in accounts, collectively called the Network Service and Local Service. They are specifically designed to be used for services that require different amounts of network connectivity. Use these where possible to decrease the attack surface of services.

Windows XP comes with only two services that require open access to an external interface for normal operation: Terminal Services, or Remote Desktop Connection, and the Remote Access Service for answering dial-in calls.
(Continue at source).

Name:			Remember personal info? Yes No
Email:
URL:
Comment:		Emoticons / Textile
Before sending a comment, you have to correctly answer a simple question you know the answer to. This is a countermeasure against automated spam bots. What are the first four letters of Techlog?     ( Register your username / Log in )
Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.