switching the context from 'system' could be a good step among others but it doesn't help to isolate services and does not reduce the attack surface in general. Due to the weaknesses of windows impersonation model an intruder can elevate services privileges. For example, the context of the MS SQL service running as a unique user account can be elevated up to 'System'. The same is true for any service run on behalf of 'Network Service' account. http://www.securityfocus.com/bid/18008/discuss
Brian L. Walche, Know the Fact - http://www.gentlesecurity.com/knowthefacts.html GentleSecurity S.a.r.l. www.gentlesecurity.com > Note that CIS, NIST and NSA templates are a baseline specs, many of the > settings are left undefined. Most places that implement it specifically > define all services in the template so you should test-test-test the > changes then test again. You can also define the context in which the > service runs (eg: not just system) which can help isolate some services > like 'remote registry' > Francisco Pecorella wrote: >> Vic, >> >> I think you can use the NIST Security Configuration Checklists >> Repository, specifically >> >> Windows XP Security Guide >> http://checklists.nist.gov/repository/1007.html >> >> Windows XP Security Checklist >> http://checklists.nist.gov/repository/1057.html >> >> Windows 2003/XP/2000 Addendum >> http://checklists.nist.gov/repository/1057.html >> >> -- >> Regards, >> FP >> ----- Original Message ----- From: "Vic Brown" <[EMAIL PROTECTED]> >> To: <[email protected]> >> Sent: Sunday, June 04, 2006 10:58 PM >> Subject: Windows XP Services Best Practice >> >> >>> Anyone has a useful link with with information about what XP Pro SP2 >>> services should be "disabled" on enterprise desktops according to >>> "best" practice? Basically I'm looking for something that has the >>> service name, functionality, security implication, and best practice >>> recommendation. Desktop users are only running an office suite. >>> >>> TIA >>> -- >>> http://ccopanama.org >>> >>> >>> >>> >>> >>> ---------------------------------------------------------------- >>> >>> >>> >>> --------------------------------------------------------------------------- >>> >>> --------------------------------------------------------------------------- >>> >>> >> >> >> --------------------------------------------------------------------------- >> >> --------------------------------------------------------------------------- >> >> --------------------------------------------------------------------------- ---------------------------------------------------------------------------
