Unnecessary services are not disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-3487	5.068	SV-3487r1_rule	ECSC-1	Medium

Description
Unnecessary services increase the attack surface of a system. Some services may be run under the local System account, which generally has more permissions than required by the service. Compromising a service could allow an intruder to obtain system permissions and open the system to a variety of attacks.

STIG	Date
Windows 2003 Member Server Security Technical Implementation Guide	2014-01-07

Details

Check Text ( C-38509r1_chk )
Select “Start”. Right-click the “My Computer” icon on the Start menu or the desktop. Select “Manage” from the drop-down menu. Expand the “Services and Applications” object in the Tree window. Select the “Services” object. If services listed below are found, that are not disabled, and the site does not have documented exceptions for these, then this is a finding. Documentable Explanation: Required services should be documented with the IAO. Alerter Application Layer Gateway Service Application Management ASP .NET State Service Certificate Services Client Service for NetWare ClipBook Cluster Service COM+ System Application DHCP Server Distributed Link Tracking Client Distributed Link Tracking Server Distributed Transaction Coordinator Error Reporting Service Fax Service File Server for Macintosh FTP Publishing Service Help and Support HTTP SSL Human Interface Device Access IAS Jet Database Access IIS Admin Service IMAPI CD-Burning COM Service Indexing Service Infrared Monitor Internet Authentication Service IP Version 6 Helper Service License Logging Service Message Queuing Message Queuing Down Level Clients Message Queuing Triggers Messenger Microsoft POP3 Service MSSQL$UDDI MSSQLServerADHelper .NET Framework Support Service NetMeeting Remote Desktop Sharing Network DDE Network DDE DSDM Network News Transport Protocol (NNTP) Portable Media Serial Number Print Server for Macintosh Print Spooler Remote Access Auto Connection Manager Remote Access Connection Manager Remote Desktop Help Session Manager Remote Installation Remote Server Manager Remote Server Monitor Remote Storage Notification Remote Storage Server Resultant Set of Policy Provider Routing and Remote Access SAP Agent Secondary Logon Shell Hardware Detection Simple Mail Transport Protocol (SMTP) Simple TCP/IP Services Single Instance Storage Groveler SNMP Service SNMP Trap Service Special Administration Console Helper Task Scheduler - See separate vulnerability WINSV-000106/V-30037 TCP/IP Print Server Telephony Telnet Terminal Services Terminal Services Licensing Terminal Services Session Directory Themes Trivial FTP Daemon Uninterruptible Power Supply Upload Manager Virtual Disk Service WebClient Web Element Manager Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Image Acquisition (WIA) Windows Internet Name Service (WINS) Windows Media Services Windows System Resource Manager WinHTTP Web Proxy Auto-Discovery Service Wireless Configuration World Wide Web Publishing Service

Check Text ( C-38509r1_chk )

Select “Start”.
Right-click the “My Computer” icon on the Start menu or the desktop.
Select “Manage” from the drop-down menu.
Expand the “Services and Applications” object in the Tree window.
Select the “Services” object.

If services listed below are found, that are not disabled, and the site does not have documented exceptions for these, then this is a finding.

Documentable Explanation: Required services should be documented with the IAO.

Alerter
Application Layer Gateway Service
Application Management
ASP .NET State Service
Certificate Services
Client Service for NetWare
ClipBook
Cluster Service
COM+ System Application
DHCP Server
Distributed Link Tracking Client
Distributed Link Tracking Server
Distributed Transaction Coordinator
Error Reporting Service
Fax Service
File Server for Macintosh
FTP Publishing Service
Help and Support
HTTP SSL
Human Interface Device Access
IAS Jet Database Access
IIS Admin Service
IMAPI CD-Burning COM Service
Indexing Service
Infrared Monitor
Internet Authentication Service
IP Version 6 Helper Service
License Logging Service
Message Queuing
Message Queuing Down Level Clients
Message Queuing Triggers
Messenger
Microsoft POP3 Service
MSSQL$UDDI
MSSQLServerADHelper
.NET Framework Support Service
NetMeeting Remote Desktop Sharing
Network DDE
Network DDE DSDM
Network News Transport Protocol (NNTP)
Portable Media Serial Number
Print Server for Macintosh
Print Spooler
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Desktop Help Session Manager
Remote Installation
Remote Server Manager
Remote Server Monitor
Remote Storage Notification
Remote Storage Server
Resultant Set of Policy Provider
Routing and Remote Access
SAP Agent
Secondary Logon
Shell Hardware Detection
Simple Mail Transport Protocol (SMTP)
Simple TCP/IP Services
Single Instance Storage Groveler
SNMP Service
SNMP Trap Service
Special Administration Console Helper
Task Scheduler - See separate vulnerability WINSV-000106/V-30037
TCP/IP Print Server
Telephony
Telnet
Terminal Services
Terminal Services Licensing
Terminal Services Session Directory
Themes
Trivial FTP Daemon
Uninterruptible Power Supply
Upload Manager
Virtual Disk Service
WebClient
Web Element Manager
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Internet Name Service (WINS)
Windows Media Services
Windows System Resource Manager
WinHTTP Web Proxy Auto-Discovery Service
Wireless Configuration
World Wide Web Publishing Service

Fix Text (F-6001r1_fix)
Configure the system to disable any services that are not required.