2.3.8.2 Removing Unnecessary Applications and Services

Principle of Least Functionality:
1. When an organization configures computers and other information systems to provide only the essential functions.
2. Using this method, a security administrator will restrict applications, services, ports, and protocols.
3. These programs should be removed to protect your organization:
  1. Instant Messaging Programs
  2. Remote Procedure Call (RPC) and Remote Desktop Connection Programs
    1. Note: Port 3389
  3. Previous versions of programs that have been updated to new versions
  4. Applications that require notifications and Internet connectivity, which run behind the scenes and compete for processor and RAM resources
4. These official frameworks describe the concept of least functionality:
  1. NIST CM-7:
    1. https://nvd.nist.gov/800-53/Rev4/control/CM-7
  2. US DoD Instruction 8551.01:
    1. http://www.dtic.mil/whs/directives/corres/pdf/855101p.pdf
Use these systems to efficiently configure all devices in your organization at once:
1. Desktop Devices:
  1. Centrally Administered Management System (CAMS)
  2. Example:
    1. Microsoft's System Center Configuration Manager (SCCM)
2. Mobile Devices:
  1. A dedicated Mobile Device Management (MDM) suite
Daemons (Services)
1. Service:
  1. In Windows NT operating systems, a service is a computer program that operates in the background. It is similar in concept to a Unix daemon. A Windows service must conform to the interface rules and protocols of the Service Control Manager, the component responsible for managing Windows services
  2. Important Windows networking commands to stop applications and services:
    1. The NET command is used to manage almost any aspect of a network and its settings.
    2. SC is a command line program used for communicating with the Service Control Manager and services.
2. In the Linux terminal, daemons can be stopped by typing the following command:
  1. /etc/init.d/<name_of_daemon> stop
3. In the MacOS X terminal, daemons can be stopped by typing the following command:
  1. sudo serveradmin stop <name_of_daemon>
  2. kill <process_id>
Summarize the means by which you can force quit services in different operating systems:
1. Windows:
  1. Access services.msc from the Run prompt.
  2. Use the net stop <servicename> command in the Command Prompt.
  3. Use the sc stop <servicename> command in the Command Prompt.
2. Linux:
  1. Use the syntax /etc/init.d/<servicename> stop
  2. Use the syntax service <servicename> stop (in select versions).
    1. Use the syntax chkconfig <servicename> off (in select versions).
3. macOS/OS X:
  1. Use the kill command to end processes. Also works in Linux. In Windows, this is the taskkill command.