The Microsoft Baseline
Security Analyzer
A practical look….
Overview of Network Management
Larger networks means:
More computers to manage.
More computers to maintain.
Bigger security management issues.
More computers to check for security holes.
IT Departments Must
Continue to manage workstations even during growth.
Effectively find solutions to remain efficient in network
security management.
The Microsoft Baseline Security
Analyzer
The Tool:
– Scans computers locally or remotely for any possible
security hazards.
Weak Passwords.
Unnecessary services that are running.
Firewall status.
File Shares
– Scans Microsoft related products or technologies for
any missing patches or updates.
Microsoft Update Patches
Microsoft Office Updates
Microsoft Windows Vulnerabilities
The Microsoft Baseline Security
Analyzer
The Tool:
– Has the ability to scan itself or multiple
computers.
Up to 10,000 computers can be scanned.
The Microsoft Baseline Security
Analyzer
Installation
– Download the msi file from:
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
– System Requirements
Windows NT 4.x
Windows 2000
Windows XP or
Windows Server 2003
– For Scanning:
Locally: Must be an administrator user.
Remotely: Must have domain administrator privileges (or
administrator access to the remote computer[s]).
The MSBA User Interface
Using The MSBA
Local Scan
– Click on “Scan a
Computer”
– Select your computer
using the drop down box
– Click “Start Scan”
Using The MSBA
Remote Scan
– Click on “Scan a
Computer” or “Scan
Multiple Computers”
– Enter the computer
name or select the
domain to scan or
enter an IP range.
– Click “Start Scan”
Using The MSBA
The Results
Single Computer Scan
– Report of the single computer scanned shows.
Multiple Computer Scan
– Select the report of the computer scanned.
Using The MSBA
The Security Report
The Security Report
Details of Report
Most reports includes:
Microsoft Office Updates
Critical Updates or Patches
Weak Password Check
File Systems
Guest Accounts
Administrator Accounts
Recommended is two.
Windows Version
Recommended Settings in:
–
–
–
–
–
Windows
Internet Explorer
Services
Firewall
File Sharing
Details of Report
Details of Report
Details of Report
What is the Tool Doing?!
The MSBA uses a product and update catalogue
from the Microsoft web site.
Or a local intranet website that stores the catalogue.
The MSBA parses through the catalogue (XML file)
and compares certain values in the registry as well
as scan the OS internally.
Both remote and local scans are very similar
however,
To do a complete scan remotely, the remote registry service must
be enabled.
Some Opinions
Pros
Very flexible. Command line interface allows customized output.
Very efficient. Can scan up to 10,000 computers in one scan.
Scans transparently. No downtime required.
General User Interface acts like a Wizard. (Step 1, 2, 3…)
Cons
Security scans do not take into account recently discovered
vulnerabilities.
Accuracy depends on Microsoft’s knowledge of vulnerabilities.
Only scans Microsoft technologies.
Microsoft’s control of vulnerability information.
– Ultimately, you will only know if Microsoft makes it known. At one point,
Microsoft knew of a vulnerability for six months before information was
released.
Source: CBC News Online Article:
– http://www.cbc.ca/story/world/national/2004/02/10/microsoft_040210.html
Can give false alarms if you have set your own settings.
Some Opinions
The Bottom Line
– Very useful in enterprise style networks.
– A straightforward tool that allows any user to run it.
– Free.
Thank You!
Kaleem Maxwell