Unnecessary services are not disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-3487	5.068	SV-18389r1_rule	ECSC-1	Medium

Description
Unnecessary services increase the attack surface of a system. Some services may be run under the local System account, which generally has more permissions than required by the service. Compromising a service could allow an intruder to obtain system permissions and open the system to a variety of attacks.

STIG	Date
Windows XP Security Technical Implementation Guide	2014-01-06

Details

Check Text ( C-38510r1_chk )
Select “Start”. Right-click the “My Computer” icon on the Start menu or the desktop. Select “Manage” from the drop-down menu. Expand the “Services and Applications” object in the Tree window. Select the “Services” object. If services listed below are found, are not disabled (or set to manual in a few cases), and the site does not have documented exceptions for these, this is a finding. Documentable Explanation: Required services should be documented with the IAO. Alerter Background Intelligent Transfer Service (Manual) ClipBook Computer Browser Error Reporting Service Fast User Switching Compatibility Fax FTP Publishing Service IIS Admin Service Indexing Service IPv6 Helper Service Messenger NetMeeting Remote Desktop Sharing Network DDE Network DDE DSDM Routing and Remote Access Simple Network Management Protocol (SNMP) Service Simple Network Management Protocol (SNMP) Trap SSDP Discovery Service Task Scheduler - See separate vulnerability WINSV-000106/V-30037 Telnet Terminal Services Universal Plug and Play Device Host WebClient Wireless Zero Configuration WMI Performance Adapter (Manual) World Wide Web Publishing Service

Check Text ( C-38510r1_chk )

Select “Start”.
Right-click the “My Computer” icon on the Start menu or the desktop.
Select “Manage” from the drop-down menu.
Expand the “Services and Applications” object in the Tree window.
Select the “Services” object.

If services listed below are found, are not disabled (or set to manual in a few cases), and the site does not have documented exceptions for these, this is a finding.

Documentable Explanation: Required services should be documented with the IAO.

Alerter
Background Intelligent Transfer Service (Manual)
ClipBook
Computer Browser
Error Reporting Service
Fast User Switching Compatibility
Fax
FTP Publishing Service
IIS Admin Service
Indexing Service
IPv6 Helper Service
Messenger
NetMeeting Remote Desktop Sharing
Network DDE
Network DDE DSDM
Routing and Remote Access
Simple Network Management Protocol (SNMP) Service
Simple Network Management Protocol (SNMP) Trap
SSDP Discovery Service
Task Scheduler - See separate vulnerability WINSV-000106/V-30037
Telnet
Terminal Services
Universal Plug and Play Device Host
WebClient
Wireless Zero Configuration
WMI Performance Adapter (Manual)
World Wide Web Publishing Service

Fix Text (F-6001r1_fix)
Configure the system to disable any services that are not required.