Turning off unnecessary Windows XP services to reduce security risks White Paper | Portland, Oregon IT Consulting

Page 1

The "No Network is 100% Secure" series - Windows XP Services A White Paper

All rights reserved - may not be copied without permission Easyrider LAN Pro, NOC Design Consultants NOC_Designs_2013@NOCdesigns.com Contact Us

Purpose for this white paper: Running unnecessary services wastes computer power and reduces performance. But more important, having unnecessary services running on your computer can make you vulnerable to attack from hackers, crackers, viruses and all sorts of malware. As a best practice, you should not enable any service on any computer that isn't actually needed. Cautions: It's certainly possible to "break" a Microsoft Windows workstation by disabling a service that is required for proper operation. We would advise that the reader proceed slowly and carefully when reducing the number of services that are running on their PCs. For example, it would be unwise to disable every service listed in this white paper in one shot. Better to stop a few services at a time, set them to manual, document what you've done and then continue to use the workstation for a day or two to see if you notice any adverse effects. If everything seems fine, reboot the workstation and see if everything comes back up and continues to operate properly. If there are any problems, it will be a lot easier to roll back to your last known good configuration if you've only made a small number of changes. You would probably want to set these services to "manual" rather than disabling them, at least during the test phase. Only when you are positive that a stopped service is absolutely not needed should it be set to "disable". Also note that Microsoft Windows workstations that are in a domain will need services running that may be listed here as not needed. In a corporate environment, you are probably supported by an IT staff that would take a dim view of users fooling with service settings. You would want to discuss your plans with your favorite IT person before making any changes to your workstation. But for home or SOHO users, the recommendations on this list are fairly safe to implement. But again, proceed slowly and carefully, documenting all of the changes you make every step of the way. We will assume that you know how to bring up the services GUI already. If you don't, implementing the changes in this white paper might be ill-advised. This white paper was written for Windows XP Pro but the settings for other XP offerings would be similar. The studious reader will likely note that many services are not listed in this white paper. These have been intentionally omitted because those services should not be stopped in most cases. Others do not present a significant security risk if left running and/or the performance gain by stopping the service is so trivial as to not be worth the effort. Alerter: You can safely stop and disable this service. A caveat is if you are in a domain that issues notices about upcoming password expirations or things like that. With this service disabled, you will not get these notices and could find yourself locked out of network one day. Application Layer Gateway Service: Again, in almost all cases you can safely stop and disable this service. ClipBook: Disable it.

http://www.nocdesigns.com/xp_services_white_paper.htm

6/26/2013 12:24:54 PM

Turning off unnecessary Windows XP services to reduce security risks White Paper | Portland, Oregon IT Consulting Computer Browser: If you are on a network with other computers, and need to see them, this may be a useful tool. Otherwise, disable it. Distributed Transaction Coordinator: If you are not accessing network filesystems and databases, disable it. Help and Support: If you don't use this feature, disable it or at least stop it and set it to manual. Human Interface Device Access: You should be able to safely disable this service. Messenger: Disable it. Net Logon: Not needed unless you are in a domain.

Page 2

NetMeeting Remote Desktop Sharing: If you need this service, you already know it. Otherwise, you can safely disable it. Remote Desktop Help Session Manager: Same as NetMeeting. Remote Procedure Call (RPC) Locator: In most cases you can stop this service and set it to manual. Remote Registry: In my opinion, having this running is a big security risk. Stop it and set it to manual. TCP/IP NetBIOS Helper: This service is rarely used any more even in the corporate environment. Stop it and set it to manual. If you find that you are unable to print or to access some types of network file systems, you may need to restart this service. Telephony: This service is used by all sorts of hardware that you wouldn't think would use it. You can try setting it to manual and keeping an eye on the event logs. Telnet: Disable it. Definitely! Terminal Services: Your systems administrator may disagree, but I'd stop this service and set it to manual. Or just disable it. Themes: Disable it. Uninterruptible Power Supply: Unless you are using a UPS on your computer and it has the capability of managing the system, disable it. Wireless Zero Configuration: Unless you are using wireless on your workstation, disable it. Workstation: If you are not in a local network sharing files, data or services, disable it. Comments: We would welcome feedback regarding this list and especially any problems that were encountered disabling services that turned out to be needed. We will update this white paper with feedback caveats and comments as appropriate.

Next in the security white paper series: How Cyber Criminals will mature over the next ten years Are you vulnerable to drive-by exploits? High value sites recent hacks IT employment challenges of the 21st century Employment reference checking white paper Competency Certifications White Paper Firewall White Paper Virus White Paper GhostNet White Paper Password White Paper Digital Identification Certificates White Paper

http://www.nocdesigns.com/xp_services_white_paper.htm

6/26/2013 12:24:54 PM

Turning off unnecessary Windows XP services to reduce security risks White Paper | Portland, Oregon IT Consulting Cryptography White Paper OpenID White Paper Intrusion Detection Systems IDS White Paper Rootkit White Paper Scareware White Paper Exaflood Internet Brownout White Paper Cloud Computing White Paper Proxy Server White Paper Personal Computer PC Security White Paper Phishing White Paper DNS Poisoning White Paper Conficker White Paper SPAM White Paper Best Practices White Paper Denial of Service DoS White Paper Trojan Virus Attacks White Paper Port Scanning White Paper Monitoring Basics 101 White Paper Monitoring Basics 102 White Paper Monitoring Basics 103 White Paper Virtual Machine Security White Paper Aurora vulnerability White Paper Shelfware White Paper Outsourced IT White Paper Easyrider LAN Pro Consulting services: Network Security Audit and PC Tune-up service - Proxy server installation and configuration - Enterprise security consultations - Disaster recovery planning - Disaster recovery services - Capacity, migration and upgrade planning - Build and deploy central syslog server - Build trouble ticket systems - Design and build monitoring environments - Design and build Network Operations Centers (NOC) - HP Openview, BMC Patrol consulting

Page 3

Last modified March 29, 2009 Copyright 1990-2009 Easyrider LAN Pro

http://www.nocdesigns.com/xp_services_white_paper.htm

6/26/2013 12:24:54 PM