Securing Windows services to prevent hacker attacks

Yes, there are problems involved with disabling services, but they can usually be worked around with better security in mind. So, for example, although Microsoft Exchange requires TCP 135 open for MAPI clients, there are methods to make this more secure, the easiest being to not use MAPI clients and go for Outlook Web Access instead. Failing that, use RPC over HTTP on TCP 593, which is safer.

Windows advanced options: Using the Windows Vista Firewall
The Windows Vista Firewall, via the advanced security interface, actually does a good job of filtering these services under the public profile and allows for Windows Group Policy control of inbound connectivity, so make use of it. This means not going through the usual control panel route to fire up the Windows Firewall, but instead executing wf.msc to access the Windows Firewall with Advanced Security MMC control panel.

Disabling NetBIOS over TCP/IP does not block SMB access; all this does is block TCP 139 while leaving an SMB listener open on TCP 445. In Vista, disable File and Printer Sharing for Microsoft Networks via the local area connection properties dialogue to prevent null sessions over both TCP 139 and 445 (although the former will still be visible, connectivity is disabled).

Windows services security: Ask SID about service accounts
Service accounts are, generally speaking, used by Windows to launch automated routines that are implemented by the operating system itself. Though they are something of a necessary evil, that doesn't mean they cannot be hardened. Indeed, Vista and Server 2008 do this already with service-specific SIDs (security identifiers) that assign unique SIDs to processes as they start. Run sc.exe with the showsid modifier to discover the allocated SIDs for any service. These service-specific SIDs, restricted SID lists in Vista and Server 2008 help reduce the domino effect whereby one service running as LocalService is compromised and can then compromise the integrity of others executing as the same user. To discover which services are restricted, or otherwise, run sc.exe with the qsidtype modifier.

About the author:
Davey Winder has worked as a freelance technology journalist for nearly 20 years. He is based in South Yorkshire.

Rate this Tip To rate tips, you must be a member of SearchSecurity.co.UK. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Tech tips Windows security: Remote Desktop, hosts file and keyboard lock down How to detect and remove rootkits with Windows encryption How to prevent SQL Server and Internet Explorer hack attacks Windows password security: System tools and policy How to secure Windows: Pre- and post-installation Integrating biometric authentication with Active Directory Microsoft Baseline Security Analyzer: Do updates offer improved Windows security? Windows registry forensics guide: Investigating hacker activities Understanding multifactor authentication features in IAM suites More built-in Windows commands for system analysis Provisioning Single sign-on implementation lets South Manchester doctors work more effectively Virtualisation success requires security preparation Identity management still eludes most companies Bank security chief focuses on internal threats Information protection: Using Windows Rights Management Services to secure data Partner access: Balancing security and availability IBM releases simplified Tivoli Identity Manager Is it secure to use .NET membership class for user authentication? Top 10 access-related controls for PCI compliance How can root and administrator privilegesof different systems be delegated on one account? Endpoint Protection Marshal and 8e6 combine to control Web and mail communications UTMs creep into the enterprise market, despite some resistance Major security revamp seals NHS trust against data leakage How to secure Windows: Pre- and post-installation Q&A: Paul Dorey on DLP, deperimeterisation Microsoft Baseline Security Analyzer: Do updates offer improved Windows security? Malicious spam soars to new level Sophos adds browser and virtualisation blocking features William Hill bets on PGP for encryption Brits lose their fear of encryption – slowly RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Computer Misuse Act 1990  (SearchSecurityUK.com) Regulation of Investigatory Powers Act  (SearchSecurityUK.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.