I'm glad you said that...  I reviewed the NSA docs early on- most of it was
simply a list of the most restrictive/highest settings you could apply
without any real information on what did what, what broke what, etc.

That being said, "best practices" documents really shouldn't attempt to list
what services should and shouldn't be enabled-- [this is now a general reply
to the list, not one directed at you ;) ] "Best Practice," to me, is doing
your due diligence in research and discovery into what your network's needs
are, determining threat and risk, and then determining what must be enabled
to serve those needs within your threat model.

Find out what the services do, map out what you need, and disable everything
else.  And test.  These lists are no more than "typical" services; they are
not, in themselves, a "best practice."

t



On 6/5/06 9:29 AM, "Shaffer, Bruce" <[EMAIL PROTECTED]> spoketh to all:

> Be wary of using this one as it is downloaded.  It is certainly secure;
> but your users will not be able to work.  I sent this to an admin as a
> joke when we were rolling out AD and he applied it as it was downloaded
> from the site with the expected result that we were so secure no one
> could do anything other than log on.
> 
> Just sharing an experience.
> -B-
> 
> -----Original Message-----
> From: Alexandros Papadopoulos [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 05, 2006 10:25 AM
> To: [email protected]
> Subject: Re: Windows XP Services Best Practice
> 
> On Monday 05 June 2006 05:58, Vic Brown wrote:
>> Anyone has a useful link with with information about what XP Pro SP2
>> services should be "disabled" on enterprise desktops according to
>> "best" practice?  Basically I'm looking for something that has the
>> service name, functionality, security implication, and best practice
>> recommendation.  Desktop users are only running an office suite.
> 
> Try http://www.nsa.gov/snac/ - NSA's security configuration guides.
> 
> -A
> 
> ------------------------------------------------------------------------
> ---
> ------------------------------------------------------------------------
> ---
> 
> 
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
> 
> 
> 



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to