Your Internet workstation can be made more safe by turning off five unwanted services (and possibly removing them as well).
Telnet was used. On any Win2K platform, Telnet servers are automatically installed and started whenever they are ready. This vulnerability is made abundantly evident by the fact that Telnet enables users who have the required logon credentials to connect to a TCP/IP address or port number and submit an endless number of instructions at a command prompt. This service cannot be uninstalled, however it can be disabled instead.
Providing an Indexing Service. By routinely classifying system documents, the Indexing Service makes it possible to do full-text searches very quickly. On Windows 2000 Professional, the Indexing Service is a standalone component; on Windows 2000 Server, however, it is integrated into Microsoft Internet Information Services (IIS). The Indexing Service was vulnerable to a number of known exploits, which allowed attackers to read personal information. If you are not operating a Web server or managing terabytes of documents on the computer connected to the Internet, you should disable this service.
IIS. You might not be aware that the Windows 2000 Advanced Server setup automatically installs Internet Information Services (IIS), which enables Web and FTP connectivity. If you do not require a Web server, you should turn off both the World Wide Publishing Service and the FTP Publishing Service. Uninstalling IIS by using the Add/Remove Windows Components option within Add/Remove Programs is the only way to entirely get rid of these Tunities access chances.
Registrar located remotely. You shouldn’t remotely edit the registry since having a consistent registry is essential to having a happy and healthy Windows 2000 system. In order to edit the registry, you will need to log on locally or use group or local policies if you disable the Remote Registry Service. Alternatively, you can disable the Remote Registry Service.
UPnP. Because UPnP and SSDP Discovery are prerequisites for MSN Explorer and Windows Messenger (and because Windows XP automatically installs MSN Explorer), these protocols should be disabled. Contrary to what you may have anticipated, UPnP is not capable of recognizing Plug and Play (PnP) devices. TCP/IP devices are able to interact with other UPnP-compatible devices on a soho network solutions thanks to the UPnP protocols, which allow for the broadcasting of their presence. The fact that the computer is willing to accept TCP and UDP connections is signaled by a steady stream of packets coming from UPnP. In order to locate compatible devices on the network, they frequently transmit UPnP requests at intervals of every 25 seconds, 24 hours a day. These packets use bandwidth while simultaneously announcing the machine’s readiness to receive incoming connections. Attackers have utilized the security weaknesses in this service to launch denial of service and distributed denial of service attacks.
Stop the Win2K service if it is currently operating, and then change the startup type to either Manual or Disabled to turn it off. Launch the Services applet found inside Administrative Tools to view the current status of all services. The right-hand column contains a list of available services. Click Stop after right-clicking the Telnet icon. When you disable the service, it will remain disabled until the next time you reboot. Whenever Windows 2000 is restarted, all of the Automatic services are immediately started by the operating system.
The second step is to change the beginning type in order to deactivate the service for good. When you double-click the Telnet icon, you’ll get the configuration window, as shown in Figure 5. Replace automatic beginning with manual starting or disable automatic starting. When the beginning type is set to Manual, the service can be started by either right-clicking or typing “Net Start Telnet” into a command prompt. While the service is in the Disabled state, Win2K hides the Start, Stop, and Resume choices. As a result, the service is unable to function unless its startup type is changed to either Manual or Automatic. It is necessary to repeat this process for the FTP Publishing, Indexing, and Remote Registry Services.
To thwart UPnP assaults, disable the SSDP Discovery service as well as any partner UPNP DH services. Put an end to the UPNP DH service that was operating and change the startup type to disabled. It is recommended that the SSDP Discovery service be repeated.
