Disabling unnecessary and potentially dangerous services: A B C D E F H I K L M Refer Part Two for remaining services:<<Part Two>>
In security, reducing the attack surface area is the one of the important factor in protecting your assets. The minimum surface area you expose the less number of attacks possible to your application/ host/ network. One of the key elements in securing your host is disabling unnecessary and potentially dangerous services to reduce the attack surface area of your host. In this post, I am going to explain each and every service in detail and the recommended setting.
Windows 2000/2003 and other versions of Windows operating systems come with many services for different purposes by default. But, all of these services are not required in all cases. For example web server related services are not required in SQL box. Also, there are lot many services like Terminal Services, Telnet, Help & Support, Wireless Configuration, and RAS that may not require in many cases and can open holes into your operating system. Ofcourse you may require Terminal Services to allow remote control functions for the help desk or administering servers, but you have to make sure whether it is configured in proper way or not. There are also chances that several malicious programs can run quietly as services without anyone knowing. So, it is always a better idea to know all of the services that run on your servers and audit them periodically to minimize the risk of potentially dangerous services. Below is a list of the common services that you can found on your server (Windows OS). Know about each and every service and keep only those services that you require. If you are unsure about any service then instead of disabling it set it to manual. If you found that the service has started after restarting your server then it is probably required by one of your components or software products. If it is still off then disable it for greater protection.
Note: If any of the service is disabled then any services that explicitly depend on it will fail to start.
Short Name: Alerter
Process Name: svchost.exe -k LocalService
Depends on : Workstation
Components depend on this : None
Purpose : This service notifies selected users and computers of administrative alerts.
Consequence :If this service is turned off, applications that use the NetAlertRaise or NetAlertRaiseEx APIs will be unable to notify a user or computer (by a Message Box from the Messenger service) that the administrative alert took place. In simple words, programs that use administrative alerts will not receive them.
Recommendation : Disable
Service Name: Application Layer Gateway Service
Short Name: ALG
Process Name : alg.exe
Depends on : None
Components depend on this : Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Purpose : This service Provides support for application-level protocol plug-ins that is 3rd party plug-ins for Internet Connection Sharing/Internet Connection Firewall and enables network/protocol connectivity. It is required if Internet Connection Sharing/Internet Connection Firewall is used to connect to the internet.
Consequence :If disabled, programs that rely on this service like MSN Messenger and Windows Messenger will fail to function.
Recommendation : Enable (Manual) if using ICS, if not disable it. Only enable it when using either the Windows firewall or another firewall protects your computer. Failure to do so can result in a significant security hole.
Service Name: Application Management
Short Name: AppMgmt
Process Name: svchost.exe -k netsvcs
Depends on: None
Components depend on this: None
Purpose : This service is used for Assign, Publish and Remove software services. It processes installation, removal, and enumeration requests for Active Directory IntelliMirror group policy programs. If you cannot modify your software installation of certain applications, put this service in to Automatic or Manual.
Consequence :If disabled, users will be unable to install, remove, or enumerate any IntelliMirror programs.
Recommendation : Enable (Manual) if you modify an application i.e. Add/Remove, if not disable it.
Service Name: ASP .NET State Service
Short Name: aspnet_state
Depends on: None
Components depend on this: None
Purpose : It provides support for out of process session state. Enable this service only if out of process session state of ASP.NET is used in your application to handle the sessions. If your application is using in process session state then is better to disable this service.
Consequence :If this service is stopped and out process session state is used then the ASP requests will not be processed.
Recommendation : Disable
Service Name: Automatic Updates
Short Name: wuauserv
Process Name: svchost.exe -k netsvcs
Depends on: None
Components depend on this: None
Purpose : It provides support for the automatic download and installation of critical Windows updates. In simple words, it is used to check up to see if there are any critical or otherwise updates available for download. Automatic updates help keep your computer current. If you disable this service, you need to check the Windows Update site often to ensure the latest patches are installed. Manual (and automatic) update via Windows Update web site Requires Cryptographic Services to be running.
Consequence :If this service is disabled then the operating system cannot automatically install updates, but can still be manually updated at the Windows Update Web site.
Recommendation : Automatic if you do not wish to use Windows Update manually.
Short Name: BITS
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : It transfers data between clients and servers in the background. It is used to transfer asynchronous data via http1.1 servers. According to Microsoft's site, Windows Update uses this "feature". It "continues" a download if you log off or shutdown the system (that is, when you log in back).
Consequence :If this service is disabled then features such as Windows Update will not function correctly.
Recommendation : If you enabled automatic updates service then enable it and set start up type of this service to Manual otherwise disable it.
Short Name: CertSvc
Process Name: CERTSVC.EXE
Depends on: None
Components depend on this: None
Purpose : It is part of the core operating system that enables a business to act as if its own certificate authority (CA), and issue and manage digital certificates for applications such as Secure/Multipurpose Internet Mail Extensions (S/MIME), Secure Sockets Layer (SSL), Encrypting File System (EFS), IP Security (IPSEC), and smartcard log on.
Consequence :If this service is stopped or disabled, certificate requests will not be accepted and the Certificate Revocation Lists (CRLs) and delta CRLs will not be published. If this service is paused or stopped long enough for CRLs to expire, validation of existing certificates will fail.
Recommendation : Enable (Automatic)
Service Name: Client Service for NetWare
Short Name: NWCWorkstation
Process Name: svchost.exe -k netsvcs
Depends on: None
Components depend on this: None
Purpose : It provides access to files and directories as well as resources on NetWare networks.
Consequence :If this service is stopped or disabled, access to file and print resources on NetWare networks will no longer function unless the Novell Client for NetWare is installed.
Recommendation : If you require to access the resources on NetWare networks then Enable it and set start up type to Automatic otherwise disable it.
Service Name: Clipbook
Short Name: ClipSrv
Process Name: clipsrv.exe
Depends on: Network DDE, Network DDE DSDM
Components depend on this: None
Purpose : It enables the Clipbook Viewer to create and share "pages" of data to be viewed by remote computers.
Consequence :If this service is disabled then ClipBook Viewer will not be able to share information with remote computers.
Recommendation : Disable
Service Name: Cluster Service
Short Name: ClusSvc
Process Name: Clussvc.exe
Depends on: Network Connections, Remote Procedure Call (RPC), Windows Time, Network Cluster Driver
Components depend on this: None
Purpose : It is used for clustering and supports for up to 8-node server clusters.
Consequence :If this service is stopped or disabled, the cluster service itself and any applications or services hosted by the cluster service will be stopped.
Recommendation : Disable (Required only in case of clustering)
Service Name: COM+ Event System
Short Name: EventSystem
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC)
Components depend on this: System Event Notification, Window Internet Name Service (WINS), DHCP Server, COM+ System Application
Purpose : This service manages the configuration and tracking of Component Object Model (COM) +-based components.
Consequence :If the service is stopped, most COM+-based components will not function properly. One of the support files that you'll probably never have any use for, but if you disable it, the warning notices you receive are worse than leaving it enabled.
Recommendation : Enable (Manual)
Service Name: COM+ System Application
Short Name: COMSysApp
Process Name: dllhost.exe
Depends on: Remote Procedure Call (RPC)
Components depend on this: NonePurpose : This service manages the configuration and tracking of Component Object Model (COM) +-based components. One of the support files that you'll probably never have any use for, but if you disable it, the warning notices you receive are worse than leaving it enabled.
Consequence :If the service is stopped, most COM+-based components will not function properly. Disabling this service will generate Event Log entries noting it isn't running. It is an annoyance, but not harmful. The Manual setting avoids the Event Log entries.
Recommendation : Enable (Manual)
Service Name: Computer Browser
Short Name: Browser
Process Name: svchost.exe -k netsvcs
Depends on: Server, Workstation
Components depend on this: None
Purpose : It maintains an up-to-date list of computers on your network, and supplies the list to programs that request it. This service is used by Windows-based computers that need to view network domains and resources.
Consequence :If this service is disabled, your computer will be unable to locate other Windows computers on the network.
Recommendation : If you need to share files with other Windows computers, enable this service.
Service Name: Cryptographic Services
Short Name: CryptSvc
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : This service provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. You may always get a dialog box complaining about uncertified drivers if this is disabled. It is s required for Windows Update to function in manual and automatic mode. Also used by other Windows services, such as Task Manager. Windows Media Player may also require this service to function.
Consequence :If this service is disabled then Catalog Database Service, Protected Root Service, and Key Service will not function properly. Provides the annoying boxes that pop up telling you a driver you are about to install isn't digitally signed. If you disable this service you'll be flooded with uncertified driver notifications.
Recommendation : Enable (Automatic)
Short Name: Dhcp
Process Name: svchost.exe -k netsvcs
Depends on: AFD Networking Support Environment, NetBios over Tcpip, TCP/IP Protocol Driver, IPSEC driver
Components depend on this: WinHTTP Web Proxy Auto-Discovery Service
Purpose : Dynamic Host Configuration Protocol Client manages network configuration by registering and updating IP addresses and Domain Name Server (DNS) names. If you are only dialing up to ISP via modem, cable, etc. If you have a network card in your PC and attach out via a router or sharing device then this may be required. Set to manual if unsure then check on reboot if it has started. If not then disable.
Consequence :If this service is disabled, the system will be unable to obtain an IP address, WINS information, etc., from a DHCP server and will need to be configured with a static address.
Recommendation : Enable (Automatic). If you use don't use DHCP to obtain an IP address, this service can be disabled.
Service Name: DHCP Server
Short Name: DHCPServer
Process Name: tcpsvcs.exe
Depends on: Event Log, Remote Procedure Call (RPC), Security Accounts Manager, COM+ Event System, TCP/IP Protocol Driver, IPSEC Driver
Components depend on this: None
Purpose : This service distributes TCP/IP and WINS information to requesting clients
Consequence :If this service is disabled, clients will be unable to obtain addressing information, which could result in a loss of network connectivity.
Recommendation : Enable (Automatic)
Service Name: Distributed File System
Short Name: Dfs
Process Name: dfssvc.exe
Depends on: Server, Workstation, Remote Procedure Call (RPC), Security Account Manager, MUP DFS Driver
Components depend on this: None
Purpose : Manages volumes that are replicated to other domain controllers on the network, such as the SYSVOL volume present on all domain controllers. This can be disabled on non-domain controllers, but still not a good idea.
Consequence :If this service is disabled, users will be unable to access distributed files using the Dfs namespace and will instead need to specifically target an individual server to get the required information.
Recommendation : Enable (Automatic)
Service Name: Distributed Link Tracking Client
Short Name: TrkWks
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : It maintains links between the NTFS file system files within a computer or across computers in a network domain. It enables client programs to track linked files that are moved within an NTFS volume to another NTFS volume on the same computer or to an NTFS volume on another computer
Consequence :If this service is disabled, link tracking will be unavailable. Users on other computers won't be able to track links on this computer.
Recommendation : Disable
Service Name: Distributed Link Tracking Server
Short Name: TrkSvr
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : Enables the Distributed Link Tracking Client service within the same domain to provide more reliable and efficient maintenance of links within the domain.
Consequence :If this service is disabled, Distributed Link Tracking Client service within the same domain will not function.
Recommendation : Disable
Service Name: Distributed Transaction Coordinator
Short Name: MSDTC
Process Name: msdtc.exe
Depends on: Remote Procedure Call (RPC), Security Accounts Manager
Components depend on this: None
Purpose : It coordinates transactions that are distributed across multiple computer systems and/or resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers.
Consequence :If this service is disabled, distributed transactions will not occur.
Recommendation : Disable (If you are using distributed transactions like MSMQ, SQL server operations that span multiple systems then enable it).
Service Name: DNS Client
Short Name: Dnscache
Process Name: svchost.exe -k NetworkService
Depends on: TCP/IP Protocol Driver
Components depend on this: None
Purpose : It resolves and caches (Domain Name Server) DNS names, allowing the system to communicate with canonical names rather than strictly by IP address. The DNS client service must be running on every computer that will perform DNS name resolution.
Consequence :If this service is disabled, the system will be unable to resolve a name and will be able to communicate only via IP address. A client may be unable to communicate with its domain controller.
Recommendation : Enable (Automatic). Stopping this service will result in the inability for the computer to resolve names to IP addresses.
Service Name: DNS Server
Short Name: DNS
Process Name: dns.exe
Depends on: Remote Procedure Call, AFD Networking Support Environment, TCP/IP Protocol Driver, IPSEC Driver
Components depend on this: None
Purpose : It performs the name-to-IP address lookup both for itself and clients; required on the server to allow clients to use Active Directory services.
Consequence :If this service is disabled, access to resources must be made by IP address and not by name. There could be serious implications for Active Directory lookups.
Recommendation : Enable (Automatic).
Short Name: ERSvc
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : This service collects, stores, and reports unexpected application crashes to Microsoft.
Consequence :If this service is disabled, error Reporting will occur only for kernel faults and some types of user mode faults.
Recommendation : Disable
Service Name: Event Log
Short Name: Eventlog
Process Name: services.exe
Depends on: None
Components depend on this: DHCP Server, File Replication, Network News Transfer Protocol (NNTP), Simple Mail Transfer Protocol (SMTP), SNMP Service, SNMP Trap Service, Windows Internet Name Services (WINS), Windows Management Instrumentation
Purpose : This service logs event messages issued by programs and Windows in event log. This event Log reports contain information that can be useful in diagnosing problems. It is one of the few services that actually cannot be stopped. Event logs can be viewed through the Microsoft Management Console.
Consequence :If the event log is disabled, you will be unable to track events, which will significantly reduce the ability to successfully diagnose system problems. In addition security events will not be audited and you will not be able to view previous event logs using the MMC event viewer snap in.
Recommendation : Enable (Automatic)
Short Name: Fax
Process Name: fxssvc.exe
Depends on: Plug and Play, Print Spooler, Remote Procedure Call, Telephony
Components depend on this: None
Purpose : This service enables you to send and receive faxes.
Consequence :Disabling this service will render the computer unable to send or receive faxes. Recommendation : Leave uninstalled or Disable
Service Name: File Replication
Short Name: NtFrs
Process Name: ntfrs.exe
Depends on: Event Log, Remote Procedure Call, COM+ Event System
Components depend on this: None
Purpose : This service is used by services to replicate files to different servers on the network; used especially by the DFS (Distributed File System).
Consequence :If this service is stopped or disabled, file replication will not occur and server data will not be synchronized. Stopping the File Replication service on a domain controller may seriously impair a domain controller’s ability to function.
Recommendation : Enable (Manual)
Service Name: FTP Publishing Service
Short Name: MSFtpsvc
Process Name: inetinfo.exe
Depends on: IIS Admin Service, Remote Procedure Call, Security Accounts Manager
Components depend on this: None
Purpose : It provides (file transfer protocol) FTP connectivity and administration through the Internet Information Service (IIS) snap-in. It can pose a big security risk!
Consequence :FTP services will be unavailable.
Recommendation : Leave uninstalled or Disable.
Short Name: helpsvc
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : This service enables Help and Support Center to run on this computer. It is required for Microsoft’s online help documents. In security perspective enabling this service is not a good idea.
Consequence :If this service is disabled, The Help and Support Center will be unavailable.
Recommendation : Disable
Service Name: HTTP SSL
Short Name: HTTPFilter
Process Name: lsass.exe
Depends on: IIS Admin Service, Remote Procedure Call, Security Accounts Manager, HTTP
Components depend on this: World Wide Web Publishing Service
Purpose : This service Implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If you want to use HTTPS to secure Outlook Web Access or RPC over HTTP connections, you must enable this service.
Consequence :If this service is disabled, HTTPS requests for IIS will be disabled.
Recommendation : If it is a web server and secure channel is required then enable it otherwise disable.
Service Name: Human Interface Device Access
Short Name: HidServ
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices.
Consequence :If this service is disabled, hot buttons controlled by this service will no longer function.
Recommendation : Disable
Short Name: IASJet
Process Name: svchost.exe –k iasjet
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : The IAS Jet Database Access system service is only available on 64-bit versions of Windows Server Operating Systems. The service uses the Remote Authentication Dial in User Service (RADIUS) protocol to provide authentication, authorization, and accounting services. It only required on an IAS system. (IAS = Internet Access Security)
Consequence :Available only in 64-bit.
Recommendation : Disable
Service Name: IIS Admin Service
Short Name: IISADMIN
Process Name: inetinfo.exe
Depends on: Remote Procedure Call, Security Accounts Manager
Components depend on this: FTP Publishing Service, Simple Mail Transfer Protocol (SMTP), World Wide Web Publishing Service, HTTP SSL, Network News Transfer Protocol (NNTP), Microsoft POP3 Service
Purpose : This service enables this server to administer Web and FTP services. This service is required only in servers that run Web, FTP, NNTP, or SMTP sites and is also required to configure IIS. Not usually required unless you are running a local web server.
Consequence :If this service is disabled, the server will be unable to run Web, FTP, NNTP, or SMTP sites or configure IIS.
Recommendation : This is a required service for a web server. If it is not a web server then disable it.
Service Name: IMAPI CD-Burning COM Service
Short Name: ImapiService
Process Name: imapi.exe
Depends on: None
Components depend on this: None
Purpose : This service manages CD recording using Image Mastering Applications Programming Interface (IMAPI). Used for the "drag and drop" CD burn capability. You will need this service to burn CD's. This service can be disabled if you don't have a CDRW drive in your system.
Consequence :If this service is disabled, the server will be unable to record CDs.
Recommendation : Disable
Service Name: Indexing Service
Short Name: cisvc
Process Name: cisvc.exe
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : This service Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Indexing can speed up searching.
Consequence :If this service is disabled, Files will not be indexed.
Recommendation : Disable (Uninstall this service if you don't plan to use it).
Service Name: Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS)
Short Name: SharedAccess
Process Name: svchost.exe -k netsvcs
Depends on: Application Layer Gateway Service, Network Connections, Network Location Awareness, Remote Access Connection Manager, Remote Access Auto Connection Manager, Remote Procedure Call, Telephony, Plug and Play, AFD Networking Support Environment, TCP/IP Protocol Driver, IPSEC Driver
Components depend on this: None
Purpose : This service provides network address translation (NAT), addressing and name resolution services for all computers on your home or small-office network through a dial-up or broadband connection. Not required unless you are sharing a dial-up connection with other PC's on your network - not recommended! It is far better to use a router or gateway firewall software for this purpose. Consider using a higher specification firewall if sharing your connection.
Consequence :If this service is disabled, networking services such as Internet sharing, name resolution, addressing and/or intrusion prevention will be unavailable.
Recommendation : Disable. Set it to Automatic if sharing connection (Not recommended).
Service Name: Intersite Messaging
Short Name: IsmServ
Process Name: ismserv.exe
Depends on: Remote Procedure Call, Security Accounts Manager
Components depend on this: None
Purpose : It enables messages to be exchanged between computers running Windows Server sites.
Consequence :If this service is disabled, messages will not be exchanged, nor will site routing information be calculated for other services.
Recommendation : Disable
Service Name: IPSec Policy Agent (IPSec Service)
Short Name: PolicyAgent
Process Name: lsass.exe
Depends on: Remote Procedure Call (RPC), IPSEC Driver, TCP/IP Protocol Driver
Components depend on this: None
Purpose : It provides end-to-end security between clients and servers on TCP/IP networks. It manages IP security (IPSec) policy, starts the Internet Key Exchange (IKE) and coordinates IPSec policy settings with the IP security driver. Only leave on if you are using IPSec. It opens Port 500. If you are connecting over an IPSec secured connection, don't disable this service.
Consequence :If disabled, TCP/IP security between clients and servers on the network will be impaired.
Recommendation : Disable it unless you are connecting over an IPSec secured connection.
Short Name: Kdc
Process Name: lsass.exe
Depends on: Remote Procedure Call, AFD Networking Support Environment
Components depend on this: None
Purpose : It allows users with an appropriate client to log on to the network using Kerberos v5. For the domain controller role, this is a must-have service.
Consequence :If this service is disabled, users will be unable to log in to the domain.
Recommendation : Disable it unless the server is a Domain Controller and Kerberos is used.
Short Name: LicenseService
Process Name: llssrv.exe
Depends on: None
Components depend on this: None
Purpose : It monitors and records client access licensing for portions of the operating system (such as IIS, Terminal Server, and File/Print) as well as for products that aren't part of the OS, like SQL and Exchange Server.
Consequence :If this service is disabled, licensing will be enforced but will not be monitored.
Recommendation : Disable
Service Name: Logical Disk Manager
Short Name: dmserver
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC), Plug and Play
Components depend on this: Logical Disk Manager Administrative Service
Purpose : It waits for new drives to be added and passes required information to the LDM administrative service; required to ensure dynamic disk information is up to date. In simple words, it watches Plug and Play events for new drives to be detected and passes volume and/or disk information to the Logical Disk Manager Administrative Service to be configured.
Consequence :If disabled, the Disk Management snap-in display will not change when disks are added or removed. That is new disks will not be detected by the system. Dynamic disk status and configuration information may become out of date. Leaving this service enabled makes it easy to add new drives to the system. In a very high security environment, this should not be allowed. So, turn it on only if you add additional disks and then disable again.
Recommendation : Disable. Turn it on only if you add additional disks and then disable again.
Service Name: Logical Disk Manager Administrative Service
Short Name: dmadmin
Process Name: dmadmin.exe /com
Depends on: Remote Procedure Call (RPC), Plug and Play, Logical Disk Manager
Components depend on this: None
Purpose : Starts and allows configuration to take place when a new drive is detected or a partition/drive is configured. This is dependent on Logical Disk Manager Service.
Consequence :None; it runs only when needed that is this service runs only when new disks are added, this service will be called by Logical Disk Manager Service.
Recommendation : It gets started by the Logical Disk Manager service only when needed. Do not disable if you have the Logical Disk Manager Service enabled.
Short Name: Msmq
Process Name: mqsvc.exe
Depends on: RMCAST (Pgm) Protocol Driver, Remote Procedure Call, Security Accounts Manager, Message Queuing Access Control, NT LM Security Support Provider
Components depend on this: None
Purpose : A messaging infrastructure and development tool for creating distributed messaging applications for Windows.
Consequence :Message queuing will be unavailable.
Recommendation : Leave uninstalled or Disable.
Service Name: Message Queuing Triggers
Short Name: MSMQTriggers
Process Name: mqtgsvc.exe
Depends on: Distributed Transaction Coordinator, Message Queuing Access Control, NT LM Security Support Provider, Remote Procedure Call (RPC), Security Accounts Manager, RMCAST (Pgm) Protocol Driver, TCP/IP Protocol Driver, IPSEC Driver
Components depend on this: None
Purpose : Associates the arrival of incoming messages at a queue with functionality in a COM component or a stand-alone executable program. These triggers can be used to define business rules that can be invoked when a message arrives at the queue without doing any additional programming. Not installed by default. It is required only if you use Message Queuing service.
Recommendation : Leave uninstalled or Disable.
Service Name: Messenger
Short Name: Messenger
Process Name: svchost.exe -k netsvcs
Depends on: Remote Procedure Call (RPC), NetBIOS Interface, Plug and Play, Workstation
Components depend on this: None
Purpose : This service transmits net send and alerter service messages between clients and servers. This service is not related to Windows Messenger.
Consequence :Alerter messages will not be transmitted.
Recommendation : Disable
Service Name: Microsoft POP3 Service
Short Name: POP3SVC
Process Name: pop3svc.exe
Depends on: IIS Admin Service, Security Account Manager, Remote Procedure Call (RPC)
Components depend on this: None
Purpose : The POP3 service provides e-mail transfer and retrieval services. Administrators can use the POP3 service to store and manage e-mail accounts on the mail server.
Consequence :If this service is disabled, users will be unable to pop mail.
Recommendation : It is a required service on Mail Servers. Disable it in all other servers.
Service Name: MS Software Shadow Copy Provider
Short Name: SwPrv
Process Name: svchost.exe -k swprv
Depends on: Remote Procedure Call (RPC)
Components depend on this: None
Purpose : It manages software-based volume shadow copies taken by the Volume Shadow Copy service. This service is used in conjunction with the Volume Shadow Copy Service. Microsoft Backup uses these services so you will need it if you use Microsoft Backup. If disabled, you will receive Event Log entry complaining about not having this service running.
Consequence :If this service is disabled, software-based volume shadow copies cannot be managed.
Recommendation : Disabled (Set it to Manual if you intend to use Windows Backup).
Service Name: MSSQL$UDDI
Short Name: SQLSERVR
Process Name: SQLSERVR.EXE – sUDDI
Depends on: None
Components depend on this: SQLAgent$UDDI
Purpose : The full name of this service is Universal Description Discovery and Integration service. This service is used to locate web services.
Consequence :If disabled, web service discovery will be limited or stopped.
Recommendation : Do not stop this service unless you want to disable the functionality it provides.
Service Name: MSSQLserverADHelper
Short Name: MSSQLserverADHelper
Process Name: sqladhlp.exe
Depends on: None
Components depend on this: None
Purpose : It enables SQL Server publishing into Active Directory.
Consequence :SQL Server information cannot be published into AD.
Recommendation : Disable unless it is used as a SQL Server.
Friday, July 25, 2008
Disabling Unnecessary Services: Part One
Well, nowadays organizations are focusing on application security with growing number of attacks on applications. This is really good news to the end users who actually benefit from it however Organizations also benefit from the same by which their reputation can be increased. Securing only your applications won’t protect you from the attacks instead you need to secure your hosts and network along with your application. A security whole in a host configuration may compromise of your application or network in the similar manner a whole in your application may compromise your host and network wise versa. So, securing all of these three components is vital to protect your assets.
Service Name: Alerter
Service Name: Background Intelligent Transfer Service
Service Name: Certificate Service
Service Name: DHCP Client
Service Name: Error Reporting Service
Service Name: Fax Service
Service Name: Help and Support
Service Name: IAS Jet Database Access
Service Name: Kerberos Key Distribution Center
Service Name: License Logging Service
Service Name: Message Queuing
Subscribe to:
Post Comments (Atom)
Posts
2 comments:
Amiable fill someone in on and this enter helped me alot in my college assignement. Gratefulness you for your information.
Hi
Very nice and intrestingss story.
Post a Comment