G
Guest
I need some advice on the impact of security with respect to some of the default services that roll out with Windows XP?
I am on a team of people which is looking into possible exploits or vulnerabilities with respect to services that can be disabled without affecting end users in our environment. It has been suggested to look at some 40+ services that are enabled by default with Windows XP and try to decide if it would strengthen our environment by disabling any unnecessary ones. The problem now is to determine which ones can safely be disabled (or should be) and not impact users or troubleshooters down the road.
I have some concern with this strategy but don’t have enough information to make a good decision and was hoping that some one here may be able to help?
We are on a 2000 platform with active directory in force and the main emphasis here is security. I don’t feel that disabling services without a complete understanding of inter-dependency’s is a good idea and was hoping that some one may have a list of services that can be safely disabled (to improve security) without disrupting the end user environment or maybe a list of potential ones to look at that may be of concern.
I tend to have the "Don’t fix it if it is not broke" mentality and but do understand that some may need to be looked at and disabled. I am however concerned with the mentality of "disable every service that is not directly utilized" or what some people may consider to be "not directly utilized".
Can some one help direct me with the best overall strategy?
I am sure that are some that are more important than others but the question seems to come down to are some services potential problems when left in the default configuration (i.e. auto or manual) or have the current XP security policies already considered this? I would like to think that any service that has potential risk would already be disabled but that may be too much to hope for, right?
Some educated advice would be very much appreciated.
Thanks,
I am on a team of people which is looking into possible exploits or vulnerabilities with respect to services that can be disabled without affecting end users in our environment. It has been suggested to look at some 40+ services that are enabled by default with Windows XP and try to decide if it would strengthen our environment by disabling any unnecessary ones. The problem now is to determine which ones can safely be disabled (or should be) and not impact users or troubleshooters down the road.
I have some concern with this strategy but don’t have enough information to make a good decision and was hoping that some one here may be able to help?
We are on a 2000 platform with active directory in force and the main emphasis here is security. I don’t feel that disabling services without a complete understanding of inter-dependency’s is a good idea and was hoping that some one may have a list of services that can be safely disabled (to improve security) without disrupting the end user environment or maybe a list of potential ones to look at that may be of concern.
I tend to have the "Don’t fix it if it is not broke" mentality and but do understand that some may need to be looked at and disabled. I am however concerned with the mentality of "disable every service that is not directly utilized" or what some people may consider to be "not directly utilized".
Can some one help direct me with the best overall strategy?
I am sure that are some that are more important than others but the question seems to come down to are some services potential problems when left in the default configuration (i.e. auto or manual) or have the current XP security policies already considered this? I would like to think that any service that has potential risk would already be disabled but that may be too much to hope for, right?
Some educated advice would be very much appreciated.
Thanks,