Your location:Tech News>OS>Windows 2000>Win2000 system service security and recommendation comparison table

Latest News

Win2000 system service security and recommendation comparison table



In windows2000 a service is basically a program that runs at startup. Its operation has nothing to do with any user. Most of the functions performed by a server such as files Sharing etc. are all run in the form of services. And most of the ten run with system privileges so that hackers use a certain service to obtain system privileges through illegal means which is definitely not a good thing. Therefore understand each Win2000 services and prohibiting some unnecessary ones can make your server more secure.
  Service direction: Responsible for notifying users of management alerts. This service works with the Messenger service which receives and Route the information of the former.
  Executable file: %systemRoot%\\system32\\services.exe
  Risk: Potentially cause social engineering attacks
  Recommendation: Limit warnings issued by the Alerter service to only The administrator accepts.
  Application Management
  Service direction: Provide communication with active directory. Specify through group policy (group planning) publish and delete applications installed in the system.
  Executable file: winnt\\system32\\services.exe
  Risk: None
  Recommendation: It is better to disable the service if you use the application without group policy.
 Boot Information Negotiation Layer
Service direction: Used together with Remote Installation Service (RIS) do not run unless you need to install the operating system through RIS.
  Executable file: winnt\\system32\\services.exe
  Risk: None
  Service direction: Responsible for saving the list of computers on the network and providing the list to those programs that request the list
  Executable file: winnt\\system32\\services.exe
Risk: Expose information about the network
  Recommendation: Prohibit
  Service direction: Responsible for indexing documents and document attributes on disk and storing information in a directory so that you can search later They.
executable text File: winnt\\system32\\services.exe
  Risk: It is the source of many security weaknesses on the IIS web server
  Recommendation: Unless specifically needed it is prohibited. ClipBook supports the ClipBook Viewer program which allows clip pages to be viewed by ClipBook on a remote computer. It allows users to cut and paste text and graphics through a network connection.
executable file: winnt\\system32\\Clipsrv. exe
  Risk: Potentially illegally used to remotely access the ClipBook clip page
  Suggestion: Prohibit
  Distributed File System
  Service direction: Allow the creation of a single logical disk. File distribution is different on the network Location.
  Executable file: winnt\\system32\\Dfssrc.exe
  Risk: No known risk for the time being
  Recommendation: Prohibited (it will generate a disk error you can ignore the error)
DHCP client
  Service direction: Manage network configuration by registering and updating IP address and DNS domain name.
  Executable file: winnt\\system32\\services.exe
  Risk: No known risk
  Recommendation: Assign a static IP to the server
  Logical Disk Manager Administrative
  Service direction: Used to manage logical disks
  Executable file: winnt\\system32\\dmadmin.exe
risk : No known risks for the time being
  Recommendation: Set the service startup type to Manual (Manual)
  Logical Disk Manager
  Service direction: This service is Logical Disk Manager Watchdog service. Responsible for managing dynamic disks
  Executable file: winnt\\system32\\services.exe
  Risk: No known risk
  Recommendation: It is required when the system is running keep the default to start automatically
DNS Server
Service direction: Responsible for answering DNS domain name queries Inquire
  Executable file: winnt\\system32\\dns.exe
  Risk: No known risk
  Recommendation: Because it is usually the source of many security weaknesses this service should be used with caution.
  DNS Client
  Service direction: Used to cache DNS queries to record. It can be used for DNS queries of an intrusion detection system which can speed up DNS queries.
  Executable file: winnt\\ system32\\services.exe
Risk: There is no known risk but an attacker can view the contents of your cache. Determine which website you have visited. The command line form is (ipconfig/displaydns)
Suggestion: Yes Stop or stop
  Event Log
  Service direction: The Event Log service is responsible for recording management event messages from the system and running programs. Although the service has limited functions and has some minor problems the service can be used for Intrusion detection and system monitoring.
  Executable file: winnt\\system32\\services.exe
  Risk: No known risk
  Recommendation: The service should be started especially on a separate server. < br/>  COM+Eent System
  Service direction: Provide automatic event distribution function to subscribe to COM components.
  Executable file: winnt\\system32\\svchost.exe -k nesvcs
Risk: None Know the risks
Suggestion: If the service does not need any installed programs to use you can disable the COM+Event System and System Event Notification services.
Service direction: It is responsible for managing fax
  Executable file: winnt\\system32\\faxsvc.exe
  Risk: No known risk
  Recommendation: For the server this service is not required or recommended Unless the server is specifically designated as a fax server.
  Single Instance Storage Groveler
  Service direction: This service is used together with the Remote Installation service. Scan a single instance storage volume to find duplicate files and Duplicate files point to a data storage point to save disk space
  Risk: No known risk
  Recommendation: Unless you need to use Remote Installation service please stop it.
  Internet Authentication Service
  Service direction: Used to authenticate dial-up and VPN users.
  Executable file: winnt\\system32\\svchost.exe -k netsvcs
  Risk: No known risk
  Recommendation: Obviously this service should not be used except on dial-up and VPN servers Use. Prohibit.
  IIS Admin
  Service direction: IIS Admin service allows the IIS service to be managed through the Internet Services Manager MMC program panel.
  Executable file: winnt\\system32\\inetsrv\\inetinfo .exe
  Risk: No known risk
  Recommendation: If the server is running the Inernet service the service is required. If no Inernet service is running you should select it from Control Panel Add and Remove Programs Uninstall Internet Information Server so the IIS Admin service will also be uninstalled.
  Intersite Messaging
  Service direction: Intersite Messaging service and Active Directory replication are used together.
  Executable file: winnt\\system32\\ismserv .exe
  Risk: No known risk
  Recommendation: In addition to Active Directory server this service is not required or recommended.
  Kerberos Key Distribution Center
  Service direction: This It is a domain service that provides Kerberos authentication service (AS Authentication Service) and ticket-granting service (TGT Ticket-Granting Service)
  Executable file: winnt\\system32\\lsass.exe
Risk: No known Risks
Suggestion: Kerberos Key D The istribution Center service works with Active Directory located on a certain domain controller and cannot be stopped. This service should not be running on other computers except on the domain controller.
  Service Direction: The service provides RPC support and file print and named pipe sharing. The Server service is implemented as a file system driver and can handle I/O requests.
  Executable file: winnt\\system32\\services.exe < br/>  Risk: If proper user protection is not provided system files and printer resources will be exposed.
  Recommendation: Unless you plan to share files or printers on a windows network you do not need to run this service. (P.S.: Yes As far as 2000 is concerned this is a high-risk service. Most users in 2000 know that the default sharing is the problem of the service. If it is not prohibited every time you log out or boot the default sharing will be turned on. All your important information will be Exposure. For example the winnt folder. Everyone should know how important it is to 2000. Unless your password is secure enough this share will be your machine’s culprit!!!!)
Service direction : The service provides network connection and communication. The service works as a file system drive and allows users to access resources located on the windows network.
  Executable file: winnt\\system32\\services.exe
  Risk: Some independent servers such as web servers should not participate in a windows network
  Recommendation: This service should only run on workstations and servers that are located on an internal network and protected by a firewall. This service should be disabled on any server that can connect to the Internet.
  TCP/IP print server
  Service direction: This service allows remote UNIX users to access a windows2000 server by using TCP/IP protocol Managed printer.
  Executable file: winnt\\system32\\tcpsvcs.exe
  Risk: Has some security weaknesses and opens a **** port
Suggestion: The service has some Security weakness because a port to the internet is opened so unless the network is isolated from the Internet by a firewall. Do not use this service.
  License Logging
  Service direction: This service is responsible for managing the license agreement information of a certain site.
  Executable file: winnt\\system32\\llssrv.exe
  Risk: No known risk
  Recommendation: Except on the domain controller Other computers should not use this service.
  Service direction: This service allows NETBIOS communication on TCP/IP networks.
  Executable file: winnt\\system32\\services .exe
Risk: Expose the netBIOS security weaknesses in the system such as NTLM authentication.
Suggestion: Unless you need to be compatible with an old version of Windows you should disable the service.
  Service direction: Messenger service is responsible for sending and receiving messages delivered by administrator or Alerter service.
  Executable file: winnt\\system32\\services.exe
  Risk: no known risk< br/>Suggestion: This service is not needed and should be disabled.
  NetMeeting Remote Desktop Sharing
  Service direction: This service allows authorized users to remotely access your Windows desktop by using NetMeeting.
can Executable file: winnt\\system32\\mnmsrvc.exe
  Risk: It is a potentially insecure service
  Recommendation: This service should be banned. Because it can lead to potential security weaknesses. You You can use the Terminal service instead of the service for remote desktop access.
  Distributed Transaction Coordinator
  Service direction: Microsoft’s Distributed Transaction Coordinator service (MS DTC) can provide a transaction (Transaction) with the help of the OLE Transactions protocol Coordination tool which can coordinate transactions distributed in two or more databases message queue file system and other transaction protected (trasaction protected) resource managers.
  Executable file: winnt\\system32\\msdtc.exe
  Risk: No known risk
  建Discussion: No need to prohibit
  FTP Publishing
  Service direction: The file transfer protocol is not a secure protocol. If it is not properly protected the FTP Publishing service will pose a lot of security risks.
Executable file: winnt\\system32\\inetsrv\\inetinfo.exe
risk: Microsoft’s FTP Server has no known risks. But generally speaking FTP is a known insecure service.
Suggestion: Unless you FTP is required to provide file sharing otherwise the service should be prohibited. If necessary please protect and monitor it carefully.
?Ping is forbidden in Win2000 system

Recommend article

Relate article