Configure NT-Services Securely (for NT and XP)
Do you need network services if you are not connected to a network with a computer that is running Windows XP or Windows NT? No you don't. Still, network services are running as a default service when you install Windows and this leads to security risks which can be avoided by turning services off that you do not need for their functionality. The configure NT Services Securely website has unfortunately only a small section of their tips in English but the rest should be understandable when you are using a translation service.
They offer a script which does the following automatically:
- changes start type (auto, demand,disabled)
- stops and deactivates critical services (i.e. Distributed Transaction Coordinator, Messenger)
- deactivates DCOM and removes standard protocol bindings
- closes SMB /server message block) and consequently port 445 (only if you use switch "/std" or "/all")
- deactivates DHCP if it is not used
- disable NetBios on all network interfaces (exception: switch "/lan" prevent it)
You have several options and may leave some enabled, just take a look at the website for the different options. I suggest you backup your settings before you start the script. The script itself has a restore mode as well which restores the last changes made.
Update: The website is no longer available, which means that the script that was available for download there is not available anymore as well.
I suggest you visit Black Viper's website instead where you find service configuration information for all major versions of the Windows operating system. Each service is explained at the site, and you see its default state for all editions of Windows, and suggested states for safe, tweaked and bare-bone systems.
What you need to do now is to look at the networking services, or go through the whole list. This may take some time, and you may need to click on a service to get information about it, but it is well worth it in the long run as you not only may improve the overall security of your system but also its performance and memory.
A good configuration to start with is the safe configuration which only gives suggestions in regards to services that can be safely changed from their default values. Once you have gone through the list and made the changes, restart the system and use it for some time to see if you notice any ill-effects. If you do not, you may want to make further modifications by implementing the tweaked suggestions instead. Again, check the service descriptions before you make any modifications as it prevents you from making modifications that may render the system unusable.Advertisement