News Stay informed about the latest enterprise technology news and product updates.

Never assume that a default software installation is secure

This excerpt from "The administrator shortcut guide to patch management" provides a list of services you should never disable if you want to maintain strong security.

Software vendors tend to make their installation programs as generic as possible, focusing on ease of use rather than good security practices. There are four separate vulnerabilities you should be aware of when installing an OS or application:

  • Default services installed (mainly applies to OSs; however, you should always check what services are installed with applications as well as the ports that the applications use to communicate across the network)

  • Flaws in code

  • Sample scripts and templates

  • Default accounts and passwords

If you're looking to disable unnecessary services on your Windows servers for security purposes, the following list highlights services you should never disable. Disabling any of the services in the list will cause key server and network processes to stop functioning. These services are required for a member server to function within a domain structure:

  • COM+ Event System -- Permits management of component services

  • Dynamic Host Configuration Protocol (DHCP) Client -- Is required to update records in dynamic Domain Name System (DNS)

  • Distributed Link Tracking Client -- Is used to maintain links on NTFS volumes

  • DNS Client -- Permits resolution of DNS names

  • Event Logs -- Permits event log messages to be viewed in the event logs

  • Logical Disk Manager -- Is required to make sure dynamic disk information is updates
  • Logical Disk Manager Administration Service -- Is required to perform disk administration

  • Net Logon -- Is required for domain participation

  • Network Connections -- Is required for network communication

  • Performance Logs and Alerts -- Collects performance data for the computer, then writes the performance data to a log or triggers alerts

  • Plug and Play (PnP) -- Is required for Windows 2000 (Win2K) to identify and use system hardware

  • Protected Storage -- Is required to protect sensitive data such as private keys

  • Remote Procedure Call (RPC) -- Is required for internal processes in Win2K

  • Remote Registry Service -- Is required for the Hfnetchk utility

  • Security Accounts Manager (SAM) -- Stores account information for local security accounts

  • Server -- Is required for the Hfnetchk utility

  • System Event Notification -- Is required to record entries in the event logs

  • TCP/IP NetBIOS Helper Service -- Is required for software distribution in Group Policy; can be used to distribute patches

  • Windows Management Instrumentation (WMI) Driver Extensions -- Is required to implement performance alerts by using the Performance Logs and Alerts service.

  • Windows Time -- Is required for Kerberos authentication to function consistently

  • WorkStation -- Is required to participate in a domain

There might be additional services in your environment that need to run for functional or security purposes that should also never be disabled. It is highly recommended that you test for proper functionality of each service before you start shutting them off. For example, due to a recent vulnerability, some self-noted "experts" recommended disabling the DCOM service. Disabling the DCOM service caused critical business applications to stop functioning.

Dig Deeper on Windows applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.