. SQL Server Active Directory Helper??”This service should be disabled on an ISA
server because its function is to allow a SQL Server to publish itself in Active
Directory when certain permissions are used.
. Time Synchronization??”The Time Synchronization option enables Network Time
Protocol (NTP) to be used to keep the server??™s clock in synch. Keeping the clock
synchronized to a known time source, such as pool.ntp.org or an internal NTP
server, is an effective way to keep audit events and avoid replay attacks, so it is often
good practice to keep this service enabled and subsequently configure ISA to use a
time source. More information on using NTP with ISA can be found in Chapter 3. If
this service is disabled, the clock should be manually synchronized with a known
good time source on a regular basis.
. Web Proxy Auto-Discovery??”The Web Proxy Auto-Discovery (WPAD) service
permits certain HTTP traffic to be executed with fewer privileges than it would be
normally. This would serve to strengthen security, but the service function becomes
moot if web browsing is not performed. Because a server should not be used for web
browsing, save for such activities as Windows Update, it is better to disable this
option because it requires services such as the DHCP client, which can introduce
other vulnerabilities.
Pages:
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168