Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3487 | 5.068 | SV-3487r1_rule | ECSC-1 | Medium |
Description |
---|
Unnecessary services increase the attack surface of a system. Some services may be run under the local System account, which generally has more permissions than required by the service. Compromising a service could allow an intruder to obtain system permissions and open the system to a variety of attacks. |
STIG | Date |
---|---|
Windows 2003 Domain Controller Security Technical Implementation Guide | 2013-10-01 |
Check Text ( C-38509r1_chk ) |
---|
Select “Start”. Right-click the “My Computer” icon on the Start menu or the desktop. Select “Manage” from the drop-down menu. Expand the “Services and Applications” object in the Tree window. Select the “Services” object. If services listed below are found, that are not disabled, and the site does not have documented exceptions for these, then this is a finding. Documentable Explanation: Required services should be documented with the IAO. Alerter Application Layer Gateway Service Application Management ASP .NET State Service Certificate Services Client Service for NetWare ClipBook Cluster Service COM+ System Application DHCP Server Distributed Link Tracking Client Distributed Link Tracking Server Distributed Transaction Coordinator Error Reporting Service Fax Service File Server for Macintosh FTP Publishing Service Help and Support HTTP SSL Human Interface Device Access IAS Jet Database Access IIS Admin Service IMAPI CD-Burning COM Service Indexing Service Infrared Monitor Internet Authentication Service IP Version 6 Helper Service License Logging Service Message Queuing Message Queuing Down Level Clients Message Queuing Triggers Messenger Microsoft POP3 Service MSSQL$UDDI MSSQLServerADHelper .NET Framework Support Service NetMeeting Remote Desktop Sharing Network DDE Network DDE DSDM Network News Transport Protocol (NNTP) Portable Media Serial Number Print Server for Macintosh Print Spooler Remote Access Auto Connection Manager Remote Access Connection Manager Remote Desktop Help Session Manager Remote Installation Remote Server Manager Remote Server Monitor Remote Storage Notification Remote Storage Server Resultant Set of Policy Provider Routing and Remote Access SAP Agent Secondary Logon Shell Hardware Detection Simple Mail Transport Protocol (SMTP) Simple TCP/IP Services Single Instance Storage Groveler SNMP Service SNMP Trap Service Special Administration Console Helper Task Scheduler - See separate vulnerability WINSV-000106/V-30037 TCP/IP Print Server Telephony Telnet Terminal Services Terminal Services Licensing Terminal Services Session Directory Themes Trivial FTP Daemon Uninterruptible Power Supply Upload Manager Virtual Disk Service WebClient Web Element Manager Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Image Acquisition (WIA) Windows Internet Name Service (WINS) Windows Media Services Windows System Resource Manager WinHTTP Web Proxy Auto-Discovery Service Wireless Configuration World Wide Web Publishing Service |
Fix Text (F-6001r1_fix) |
---|
Configure the system to disable any services that are not required. |