Tunning Comp или Настроика Комп!

Тема в разделе "АНОНИМНОСТЬ В ИНТЕРНЕТЕ", создана пользователем UK7, 6 сен 2010.

  1. UK7

    UK7 Member

    Сообщения:
    57
    Симпатии:
    0
    Много написано по тюнингу винды и по безопасности работы в сети, но всё-же азы нельзя забывать.
    Поставили систему, поставили антивирь, апдэйтали.

    Disabling Unnecessary and Potentially Dangerous Services
    Posted on governmentsecurity.org
    Следуя рекомендациям специалистов бегло проверяем самые необходимые настройки
    Start -Settings-Control Panel-Administrative Tools-Services (Local)
    Windows XP comes with Terminal Services, IIS, and RAS that can open holes into your operating system. It's often convenient to enable
    Terminal Services to allow remote control functions for the help desk or administering servers, but you have to make sure it's configured correctly.
    There are also several malicious programs that can run quietly as services without anyone knowing. Be aware of all the services that all run on your servers and audit them periodically.

    Below is a list of the common services found on Windows XP, though don't be surprised if the vast majority are not present on your system.
    This is an almost complete list from Microsoft. Please read this and keep the running services to only those that you need. A useful tip is that instead
    of disabling something you are unsure of, set it to manual. When you restart your machine if that service has started then it is probably required by
    one of your components or software products. If it is still OFF then consider disabling it for greater protection.

    Here are a list of the services that you "may" see when in the Windows XP services control panel, along with our recommendation for use in a
    home environment - please note, that we do specify a HOME environment. These settings may not be appropriate for work-based workstations,
    though in all likelihood the majority of the recommendations apply there too.

    Alerter - notifies selected users and computers of administrative alerts. If this service is turned off, applications that use the NetAlertRaise or
    NetAlertRaiseEx APIs will be unable to notify a user or computer (by a Message Box from the Messenger service) that the administrative alert took
    place.
    Recommendation: Disabled.

    Application Layer Gateway Service - Provides support for 3rd party plug-ins for Internet Connection Sharing/Internet Connection Firewall. Required if
    using Internet Connection Sharing/Internet Connection Firewall to connect to the internet.
    Recommendation: Automatic if using ICS, Disabled if not.

    Application Management - Used for Assign, Publish and Remove software services. If you can not modify your software installation of certain
    applications, put this service in to Automatic or Manual.
    Recommendation: Disabled


    Automatic Updates - Used to check up to see if there is any critical or otherwise updates available for download. It is very important that if you decide
    to disable this service, you check the Windows Update site often to ensure the latest patches are installed. Manual (and Automatic) update via
    Windows Update web site Requires Cryptographic Services to be running.
    Recommends: Automatic if you do not wish to use Windows Update manually.


    Background Intelligent Transfer Service - Used to transfer asynchronous data via http1.1 servers. According to Microsoft's site, Windows
    Update uses this "feature." It "continues" a download if you log off or shutdown the system (that is, when you log back in.) Manual update
    via Windows Update web site Requires Cryptographic Services to be running.
    Recommendation: Disabled

    ClipBook - enables the Clipbook Viewer to create and share "pages" of data to be viewed by remote computers.
    Recommendation: Disabled

    COM+ Event System - provides automatic distribution of events to subscribing (Component Object Model) COM components.
    Recommendation: Disabled

    COM+ System Application - as above
    Recommendation: Disabled

    Computer Browser - maintains an up-to-date list of computers on your network, and supplies the list to programs that request it.
    The Computer Browser service is used by Windows-based computers that need to view network domains and resources.
    Not required unless you attach to a network of Windows computers.
    Recommendation: Disabled

    Cryptographic Services - Confirms signatures of Windows files. You may always get a dialog box complaining about uncertified drivers if this is disabled. Required for Windows Update to function in manual and automatic mode. Windows Media Player may also require this service to function.
    Recommendation: Automatic

    DHCP Client - Dynamic Host Configuration Protocol Client manages network configuration by registering and updating IP addresses and
    Domain Name Server (DNS) names. If you are only dialing up to ISP via modem, cable, etc. If you have a network card in your PC and attach out via a router or sharing device then this may be required. Set to manual if unsure then check on reboot if it has started.
    If not then disable.
    Recommendation : Automatic if required. Disabled if not.

    Distributed Link Tracking Client - maintains links between the NTFS file system files within a computer or across computers in a network domain.
    Recommendation: Disabled

    Distributed Transaction Coordinator - coordinates transactions that are distributed across multiple computer systems and/or resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers.
    Recommendation: Disabled

    DNS Client - resolves and caches (Domain Name Server) DNS names. The DNS client service must be running on every computer that will perform DNS name resolution.
    Recommendation: Disabled

    Error Reporting Service - Calls home to Microsoft when errors occur. Spy ware?
    Recommendation: Disabled

    Event Log -logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems.
    Recommends: Automatic


    Fax Service - enables you to send and receive faxes. Disabling this service will render the computer unable to send or receive faxes. Not used by most people.
    Recommendation: Leave not installed or Disabled

    Telephony - provides Telephony API (TAPI) support for programs that control telephony devices and IP-based voice connections on the local computer and through the LAN on servers that are also running the service. If you never use a dial-up modem on a PC but connect via a router then disable.
    Recommendation: Automatic (if using Dial-Up Networking/Faxing/ or PC Phone Services) Disabled otherwise


    FTP Publishing Service - Not available on Windows XP Home. Not installed by default on Windows XP Pro, provides
    (file transfer protocol) FTP connectivity and administration through the Internet Information Service (IIS) snap-in.
    Big security risk!
    Recommendation: Leave not installed or Disabled

    Help and Support - Required for Microsoft’s online help documents.
    Recommendation: Disabled.

    Human Interface Device Access - If all your devices function then disable it. Seems new with no devices for it as yet.
    Recommendation: Disabled.


    IIS Admin - Not available on Windows XP Home. Not installed by default on Windows XP Pro allows administration of Internet Information Services (IIS). If this service is not running, you will not be able to run Web, FTP, NNTP, or SMTP sites, or configure IIS. See also World Wide Web Publishing Service. Not usually required unless you are running a local web server. If you are then make sure that if no external access is required that you firewall protect port 80 to only local traffic! Do not even consider running a public web server unless you are 100% sure of the implications - use an ISP server.
    Recommendations: Leave not installed or Disabled unless you understand the implications.

    IMAPI CD - Burning COM Service - Used for the "drag and drop" CD burn capability. You will need this service to burn CD's. If you still can not burn a CD with it on Manual, switch to Automatic and feel safe that it will only be used when "needed."
    Recommendation: Disabled if you do not burn CD's otherwise set to Manual or Automatic.

    Indexing Service - indexes contents and properties of files on local and remote computers and provides rapid access to
    files through a flexible querying language.
    Recommendation: Disabled

    Internet Connection Firewall and Internet Connection Sharing - provides network address translation (NAT), addressing and name resolution services for all computers on your home or small-office network through a dial-up or broadband connection. Not required unless you are sharing a dial-up connection with other PC's on your network - not recommended! Far better to use a router or gateway firewall software for this purpose. Consider using a higher specification firewall like Kerio Winroute if sharing your connection.
    Recommendation: Automatic if sharing connection, Disabled if not required.

    IPSEC Services - manages IP security (IPsec) policy, starts the Internet Key Exchange (IKE) and coordinates IPsec policy settings with the IP security driver. Only leave on if you are using IPSec. Opens Port 500.
    Recommendation: Disabled

    Logical Disk Manager - watches Plug and Play events for new drives to be detected and passes volume and/or
    disk information to the Logical Disk Manager Administrative Service to be configured. If disabled, the Disk Management snap-in display will not change when disks are added or removed. Turn it on on

Поделиться этой страницей