I'm glad you said that... I reviewed the NSA docs early on- most of it was simply a list of the most restrictive/highest settings you could apply without any real information on what did what, what broke what, etc.
That being said, "best practices" documents really shouldn't attempt to list what services should and shouldn't be enabled-- [this is now a general reply to the list, not one directed at you ;) ] "Best Practice," to me, is doing your due diligence in research and discovery into what your network's needs are, determining threat and risk, and then determining what must be enabled to serve those needs within your threat model. Find out what the services do, map out what you need, and disable everything else. And test. These lists are no more than "typical" services; they are not, in themselves, a "best practice." t On 6/5/06 9:29 AM, "Shaffer, Bruce" <[EMAIL PROTECTED]> spoketh to all: > Be wary of using this one as it is downloaded. It is certainly secure; > but your users will not be able to work. I sent this to an admin as a > joke when we were rolling out AD and he applied it as it was downloaded > from the site with the expected result that we were so secure no one > could do anything other than log on. > > Just sharing an experience. > -B- > > -----Original Message----- > From: Alexandros Papadopoulos [mailto:[EMAIL PROTECTED] > Sent: Monday, June 05, 2006 10:25 AM > To: [email protected] > Subject: Re: Windows XP Services Best Practice > > On Monday 05 June 2006 05:58, Vic Brown wrote: >> Anyone has a useful link with with information about what XP Pro SP2 >> services should be "disabled" on enterprise desktops according to >> "best" practice? Basically I'm looking for something that has the >> service name, functionality, security implication, and best practice >> recommendation. Desktop users are only running an office suite. > > Try http://www.nsa.gov/snac/ - NSA's security configuration guides. > > -A > > ------------------------------------------------------------------------ > --- > ------------------------------------------------------------------------ > --- > > > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- > > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
