No announcement yet.

Services shut down for security

  • Filter
  • Time
  • Show
Clear All
new posts

  • Services shut down for security


    I am currently at the tail end of a Countermeasures and Defense Course. I have followed several guides on hardening a Windows Server 2003 box but one part id like to harden is services.

    Using Metesploit and some other tools services are sometimes exploited and I want to shut down all I dont need in order to use the only feature this box is required to have.

    It has IIS and has a working web page. ALong with the need to RDP to the box and we are not allowed to change RDP port from 3389.

    So port 80 and 3389 are open rest are closed.

  • #2
    Re: Services shut down for security

    Why would you close them if you need them open??

    Is this server part of a domain??

    How do you transfer your files when development is complete for the web server??

    What exactly is the question you are asking??


    • #3
      Re: Services shut down for security

      IMHO stick with the MS security templates
      There was a large set of extra ones but I cannot remember the name they gave them and my google-fu is failing this morning
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **


      • #4
        Re: Services shut down for security

        what about, instead of shutting them down, you apply access control lists, so that only specific hosts can access specific ports.. ?
        Please do show your appreciation to those who assist you by leaving Rep Point