Sources:
https://hardenwindows10forsecurity.com/
https://hardenwindows7forsecurity.com/Harden%20Windows%207%20Home%20Premium%2064bit%20-%20Standalone.html
Windows 10:
AllJoyn router service (manual) not used by me
AVCTP service (manual) related to bluetooth audio and video, not used by me
bluetooth handsfree service:(manual) not used by me.
bluetooth support service:(manual) not used by me.
Certificate propagation (manual) smart card related. not used by me.
Data Usage (automatic) phone releated
Enterprise App Management Service (manual) not used by me
fax:(manual) not used by me
HV Host Service (manual) virtualization, not used by me
Hyper-V ... all 8 services (manual) virtualization. not used by me
Microsoft Account Sign in Assistant (manual) MS Accounts not used by me, NEEDED only for activation.
Microsoft iSCSI initiator service:(manual) not used by me
Network Connection Broker (manual) used by Windows Store, not used by me
Payments and NFC/SE Manager (manual) payment mechanism used by phone
Phone Service (manual) not a phone
Printer spooler:(automatic) not used by me
Printer extensions and notifications:(manual) not used by me
Radio Management Service (manual) phone related, not a phone
Sensor Data Service (manual) don't have sensors on my pc
Sensor monitoring service:(manual) not used by me. dont have screen briteness control.
Sensor service:(manual) no orientation device on my pc
Smart card device enumeration service:(manual). dont have smartcard devices
Smart card removal policy:(manual) dont have smartcard device. if hacked will lock pc.
Spatial Data Service (manual) no 3D equipment
Telephony: (manual) dont have telephony devices
Touch keyboard and handwriting panel service:(manual) dont have such device
WalletService (manual) don't use MS Wallet to make payments
Wi-Fi Direct Services Connection Manager Service (manual) don't have Wi-Fi enabled monitor
Windows biometric service:(manual) dont have such device
Windows connect now - config registrar:(manual) dont have wireless on pc
Windows Insider Service (manual) I don't run pre-public-release versions
Windows Perception Service (manual) don't have 3D components
Windows Perception Simulation Service (manual) don't have 3D components
Windows PushToInstall Service (manual) I don't download apps from the Store
WWAN autoconfig:(manual) dont have GSM or CDMA device
Windows 7 64-bit:
Computer Browser (manual) (finds other PCs in the network)
Distributed Link Tracking Client (automatic) (maintain shortcuts if source file name has changed)
DNS client (automatic) (caches previously looked up domain names)
Function Discovery Provider Host (manual) (HomeGroup)
Function discovery resource publication (manual) (HomeGroup)
HomeGroup Listener (manual) (HomeGroup)
HomeGroup Provider (manual) (HomeGroup)
Internet Connection Sharing (disabled) (makes PC act as router)
IP Helper (automatic) (IPv6 tunneling)
Link Layer Topology discovery mapper (manual) (network discovery)
Media Center Extender service (disabled) (turns PC into media server)
Net. TCP port Sharing service (disabled)
NetLogon (manual)
Network Access Protection Agent (manual) (reports security configuration)
Parental controls (manual) (empty stub for compatibility with Vista)
Peer Name Resolution Protocol (manual)
Peer Networking Grouping (manual) (HomeGroup, remote assistance)
Peer Networking Identity Mgr (manual) (HomeGroup, remote assistance)
Performance Counter DLL Host (manual) (allows remote query to performance counters)
Performance Logs & Alerts (manual) (collects remote and local perf data)
PnP-X Ip Bus Enumerator (manual) (uses SSDP)
PNRP Machine Name Publication Service (manual) (server that responds with a machine name)
Quality Windows Audio Video Experience (manual) (multimedia server)
Remote Access Auto Connection Mgr (manual)
Remote Access Connection Manager (manual) (dialup, VPN)
Remote Desktop Configuration (manual)
Remote Desktop Service (manual) (server allowing remote control)
Remote Registry (manual)
Routing and Remote Access (disabled)
Secondary logon (manual)
Secure Socket Tunneling Protocol service (manual) (VPN)
Server (automatic) (HomeGroup, File and Printer Sharing)
SNMP Trap (manual)
SSDP Discovery (manual)
Tablet PC Input Service (manual)
TCP/IP NetBIOS Helper (automatic)
Telephony (manual) (affects Remote Access Connection mgr/ VPN)
UPnP Device host (manual)
Web Client (manual)
Windows Connect Now (manual) (Wireless Setup - simplified configuration)
Windows Error Reporting Service (manual) (reports system problems to MS and fetches solutions)
Windows Event Collector (manual) (allow remote subscription to log events)
Windows Media Player Network Sharing service (manual)
Windows Remote Management (manual) (Server, listens for remote requests )
WinHTTP Web Proxy auto discovery (manual) (proxy discovery and some kind of http api )
WMI Performance Adapter (manual) (provides performance data to other PC collecting it)
Workstation (automatic) (HomeGroup)
Tuesday, April 30, 2019
Monday, April 29, 2019
Regarding DEP function being able to defend Buffer Overflow in Windows environments
Determine if DEP has been activated:
wmic OS Get DataExecutionPrevention_SupportPolicy
Statuses of DEP:
Value, Policy Level, Description
2, OptIn (default configuration), Only Windows system components and services have DEP applied
3, OptOut, DEP is enabled for all processes except for a list manually created by Administrator
1, AlwaysOn, DEP is enabled for all processes
0, AlwaysOff, DEP is not enabled for any processes
Enable DEP for all processes:
Execute the command below before restarting the PC:
bcdedit.exe /set nx AlwaysOn
Disable DEP:
Run the following command before restarting the PC:
bcdedit.exe /set nx AlwaysOff
wmic OS Get DataExecutionPrevention_SupportPolicy
Statuses of DEP:
Value, Policy Level, Description
2, OptIn (default configuration), Only Windows system components and services have DEP applied
3, OptOut, DEP is enabled for all processes except for a list manually created by Administrator
1, AlwaysOn, DEP is enabled for all processes
0, AlwaysOff, DEP is not enabled for any processes
Enable DEP for all processes:
Execute the command below before restarting the PC:
bcdedit.exe /set nx AlwaysOn
Disable DEP:
Run the following command before restarting the PC:
bcdedit.exe /set nx AlwaysOff
Monday, April 22, 2019
How to prevent unauthorized users from sending fake emails to Barracuda
Utilizing Wormly.com can allow attackers to send fake emails to Barracuda Email Security Gateway, and Barracuda would accept the emails by default.
The easy way to sort out this issue is to enable a function called "Send Spoof Protection".
Go to "ADVANCED"->"Email Protocol" page, and choose the "Yes" option next to "Sender Spoof Protection" before tapping the "Save" button on the top right side.
Wednesday, April 10, 2019
Subscribe to:
Posts (Atom)