Administration Guide for Cisco Media Experience Engine 3500 Release 3.3
Security Best Practices
Download this chapter
Security Best PracticesSecurity Best Practices
Download the complete book
Administration Guide for Cisco Media Experience Engine 3500 Release 3.3Administration Guide for Cisco Media Experience Engine 3500 Release 3.3 (PDF - 11 MB)
 Feedback

Table Of Contents

Security Best Practices

Security Best Practices for Cisco MXE 3500

Cisco MXE 3500 Microsoft Hot Fix Release Policy

Windows Services


Security Best Practices

This section includes the following topics:

Security Best Practices for Cisco MXE 3500

Cisco MXE 3500 Microsoft Hot Fix Release Policy

Windows Services

Security Best Practices for Cisco MXE 3500

Cisco MXE 3500 ships with ESXi, RHEL4.7, and Windows 2003 Server settings, which ensures a high level of security. We recommend that you follow these security best practices:

Do not install additional software, applications, or firmware on Cisco MXE 3500 unless Cisco recommends that you do so in the product documentation. See also: "Cisco MXE 3500 Microsoft Hot Fix Release Policy" section.

Do not use Cisco MXE 3500 for any purpose other than those we specify in the product documentation.

Do not use Cisco MXE 3500 as a general purpose Windows or Linux device.

Do not browse to any Internet site on Cisco MXE 3500 other than www.cisco.com and www.microsoft.com to download product documentation and patches.

If you need to modify Windows or Linux components from the configured defaults, do so only from the Cisco MXE 3500 web UI or the Cisco MXE Appliance Configuration Menu as specified in the product documentation.

Do not change the Services startup types except for supported changes that are documented in the product documentation.

Back up Cisco MXE 3500 regularly.

Cisco MXE 3500 Microsoft Hot Fix Release Policy

Microsoft releases a list of security hot fixes Every 2nd Tuesday of the month. Every 3rd Tuesday of the month, excluding holidays, Cisco will release a technical bulletin with the Microsoft security bulletin hot fix identifiers that Cisco recommends you install on Cisco MXE 3500, at which time you should compete the following tasks:

1. Download and read the Cisco technical bulletin for each recommended hot fix.

2. Download and read the Microsoft security bulletin.

3. Download each recommended Microsoft hot fix.

4. Follow the procedures that Microsoft provides to install the hot fixes on Cisco MXE 3500.

If Microsoft releases a security hot fix for a catastrophic problem outside of the monthly cycle, Cisco will release a corresponding technical bulletin.

You can access Cisco MXE 3500 technical bulletins at the following URLs:
http://www.cisco.com/en/US/products/ps9892/prod_bulletins_list.html
http://www.cisco.com/en/US/products/ps12130/prod_bulletins_list.html

Windows Services

Table 21-1 lists Cisco MXE 3500 Windows 2003 Server services and startup types.

Table 21-1 Windows 2003 Server Services on the Cisco MXE 3500 

Service Name
Startup Type

.NET Runtime Optimization

Manual—Not started

Alerter

Disabled

Application Experience Lookup

Automatic

Application Layer Gateway

Manual—Not started

Application Management

Manual—Not started

ASP .NET State

Manual—Not started

Automatic Updates

Manual

Background Intelligent Transfer Service

Automatic started

ClipBook

Disabled

COM+ Event System

Automatic

COM+ System Application

Manual—Not started

Computer Browser

Automatic

Cryptographic Services

Automatic

DCOM Server Process Launcher

Automatic

Distributed File System

Manual—Not started

Distributed Link Tracking Client

Automatic

Distributed Link Tracking Server

Disabled

Distributed Transaction Coordinator

Automatic

DNS Client

Automatic

Error Reporting Service

Automatic

Event Log

Automatic

File Replication

Manual—Not started

Help and Support

Automatic

HID Input Service

Automatic

HTTP SSL

Manual—Not started

IIS Admin Service

Automatic

IMAPI-CD Burning COM Service

Disabled

Indexing Service

Disabled

Internet Connection Sharing

Disabled

Intersite Messaging

Disabled

IPSEC Services

Automatic

IPSEC Policy Agent

Automatic

Kerberos Key Distribution Center

Disabled

License Logging Service

Disabled

Logical Disk Manager

Automatic

Logical Disk Manager Administrative Service

Manual

Messenger

Disabled

Microsoft Software Shadow Copy Provider

Manual—Not started

MXE CAM

Automatic

MXE ECS

Automatic

MXE Encoder

Automatic

MXE Folder Attendant

Automatic

MXE Log Service

Automatic

Net Logon

Manual

Net .tcp port Sharing

Disabled

Netmeeting Remote Desktop Sharing

Disabled

Network Connections

Manual

Network DDE

Disabled

Network DDE DSDM

Disabled

Network Location Awareness

Manual—Not started

Network Provisioning Service

Manual

NT LM Security Support Provider

Manual

Performance Logs and Alerts

Automatic

Plug and Play

Automatic

Portable Media Serial Number Service

Manual

Print Spooler

Automatic

Protected Storage

Automatic

Remote Access Auto Connection Manager

Manual

Remote Access Connection Manager

Manual

Remote Desktop Help Session Manager

Automatic

Remote Procedure Call (RPC)

Automatic

Remote Procedure Call (RPC) Locator

Disabled

Remote Registry Service

Automatic

Removable Storage

Manual

Resultant Set of Policy Provider

Manual

Routing and Remote Access

Disabled

Secondary Logon

Automatic

Security Accounts Manager

Automatic

Server

Automatic

Shell Hardware Detection

Automatic

Smart Card

Manual

Special Administration Console Helper

Manual

SQL Server (MSSQLSERVER)

Automatic

SQL Server Active Directory Helper

Disabled

SQL Server Browser

Disabled

SQL Server VSS Writer

Automatic

SNMP Service

Automatic

SNMP Trap Service

Manual

System Event Notification

Automatic

Task Scheduler

Automatic

TCP/IP NetBIOS Helper Service

Automatic

Telephony

Manual

Telnet

Disabled

Terminal Services

Manual

Terminal Services Session Directory

Manual

Themes

Disabled

Uninterruptible Power Supply

Manual

Virtual Disk Service

Manual

Virtual Shadow Copy

Manual

WebClient

Disabled

Windows Audio

Automatic

Windows Firewall/Internet Connection Sharing (ICS)

Disabled

Windows Cardspace

Manual

Windows Image Acquisition (WIA)

Disabled

Windows Installer

Manual

Windows Management Instrumentation

Automatic

Windows Management Instrumentation Driver Extensions

Manual

Windows Time

Automatic

Windows Presentation Foundation Font Cache 3.0.0.0

Manual

Windows User mode Driver Framework

Manual

WinHTTP Web Proxy Auto-Discovery Service

Manual

Wireless Configuration

Automatic

World Wide Web Publishing Service

Automatic