[NCSA-discuss] a shameful problem
Derek Featherston
derek.featherston at cirruspharm.com
Fri Jun 23 10:01:20 EDT 2006
As an additional layer of security you should probably configure "TCP/IP filtering" in the Advanced TCP/IP Settings of the interface. And Windows Firewall as well assuming it's a 2k3 box and assuming you aren't using a 3rd party software firewall. You can disable every service on the box only to discover that the "critical" patch you install next week re-enables something.
Just out of curiosity though, why would you even consider running a Windows/Citrix server connected directly to the Internet?
________________________________
Derek
-----Original Message-----
From: ncsa-discussion-bounces at ncsysadmin.org [mailto:ncsa-discussion-bounces at ncsysadmin.org] On Behalf Of Matt Pusateri
Sent: Friday, June 23, 2006 8:54 AM
To: NC*SA Discussion List
Subject: Re: [NCSA-discuss] a shameful problem
Jason,
netstat -ab will show active processes and the programs/dll's
associated with that. It will also give you the PID as will the -o
switch. You can then look in Task Manager(you'll have to click on
view and add the column for the pid) You can then search(ctrl-f) the
registry for the dll or exe to find out what service is starting it
up. You'll probably get multiple entries, keep hitting F3 to find
next. You can look at the display name parameter and match that up to
what services are set to startup or are running. You probably end up
with a bunch of SVCHOST entries.
I normally open up services and sort by started and startup type. Then
you can go through each service and see if it's needed. I don't think
sysinternals.com has anything that will tell you PID to Service, but
again you can probably search the registry.
Matt P.
More information about the ncsa-discussion
mailing list