Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Microsoft Baseline Security Analyzer

advertisement

Microsoft Baseline

Security Analyzer

INLS 187

Security Software Presentation by Hinár György Polczer http://www.microsoft.com

Outline

• What is MBSA?

• How to get it?

• Installation

• Features

• How to use it?

• Evaluation

• Additional

Resources

• Links

Microsoft Baseline Security Analyzer

What is MBSA?

• Microsoft Baseline Security Analyzer is a tool to make Windows based systems and server applications more secure.

• MBSA points out known flaws which are not fixed on the tested system

• Shows ways to patch security holes

• Explains correct security guidelines

• New version v1.2.1 is needed for SP2

Microsoft Baseline Security Analyzer

How to get it?

• Easiest to find it with a search on

Microsoft’s download center: http://www.microsoft.com/downloads/

• The exact address to the MBSA page: http://www.microsoft.com/downloads/details.aspx

?FamilyID=b13ebd6b-e258-4625-b0a3-

64a4879f7798&DisplayLang=en

Microsoft Baseline Security Analyzer

Installation

• Installation Demonstration

Microsoft Baseline Security Analyzer

Features

• MBSA is the free, best practices vulnerability assessment tool for the Microsoft platform.

• It is a tool designed for the IT Professional that helps with the assessment phase of an overall security management strategy.

• MBSA Version 1.2.1 includes a graphical and command line interface that can perform local or remote scans of Windows systems.

• MBSA scans for common system security misconfigurations http:// www.microsoft.com/technet/security/tools/mbsahome.mspx

Features

MBSA runs on

Windows 2000, Windows XP and

Windows Server 2003 systems and will scan

Windows NT 4.0, Windows 2000,

Windows XP, Windows Server 2003,

Internet Information Server (IIS), SQL

Server, Internet Explorer, MS Office http:// www.microsoft.com/technet/security/tools/mbsahome.mspx

Features

MBSA checks:

• OS: account status, file system type, available file shares, members of the

Administrators group, critical security patches

• IIS: sample applications and certain virtual directories present on the machine, if the

IIS Lockdown tool has been run on the machine

• SQL: type of authentication mode, sa account password status and SQL service account memberships http://www.microsoft.com/technet/security/tools/mbsawp.mspx

Features

MBSA Scans:

• Internet Explorer 5.01+ zone settings for each local user account and macro settings for Office 2000,Office XP, and

Office System 2003.

Supports:

• Software Update Services (SUS)

• Systems Management Server (SMS) http://www.microsoft.com/technet/security/tools/mbsawp.mspx

Features

Scanning Computer(s):

• Single computer check local or remote

• Multiple computers:

– all computers in a domain (by domain name)

– specific range of IP addresses

– scan all of the Windows-based machines found within the range

– up to 10,000 machines

• These scans require Administrator access!

http://www.microsoft.com/technet/security/tools/mbsawp.mspx

Features

Types of Scans:

• MBSA-Style Scan

An MBSA-style scan will scan and store results in an individual XML file to then be viewed in the MBSA UI (GUI-interface)

• HFNetChk-Style Scan:

HFNetChk-style scan will check for missing security updates only and will display scan results as text in the command line window http://www.microsoft.com/technet/security/tools/mbsawp.mspx

Features

• Previous security reports are saved in

XML format and can be reviewed later

• Items Checked for Vulnerabilities:

Administrators Group Membership, Auditing,

Auto Logon, Automatic Updates,

Unnecessary Services, File System, Guest

Account, Internet Connection Firewall,

Account Passwords and Policies,

Anonymous User, Shares… http://www.microsoft.com/technet/security/tools/mbsawp.mspx

Features

• MBSA checks for installed Security

Updates by

– system file versions

– registry settings

– sometimes does not recognize installed updates

For more information read

Microsoft MBSA White Paper

Sample Scripts are also available http://www.microsoft.com/technet/security/tools/mbsawp.mspx

How to use it?

MBSA Demonstration

Evaluation

 MBSA is a tool created for

Microsoft Systems specifically

 Cannot be used as widely as other tools

 Presents a security snapshot of the system with the expectations of a Microsoft security expert

 Allows a safe scan of multiple

Windows systems

Additional Resources

• The Microsoft Security Home Page is a good resource for Microsoft product security: http://www.microsoft.com/security/default.mspx

• Windows 2000 & NT 4.0 Tool:

Baseline Urlscan

• Internet Information Services (IIS)

Lockdown Tool 2.1

Questions

• Please ask if you have any questions, and I will try to answer them!

• Thank you for your attention!

Links

• http://www.microsoft.com/downloads/

• http://www.microsoft.com/downloads/details.aspx?FamilyID=b13ebd6be258-4625-b0a3-64a4879f7798&DisplayLang=en

• http://www.microsoft.com/technet/security/tools/mbsawp.mspx

• http://www.microsoft.com/security/default.mspx

• http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0bb30-47eb-9a61-fd755d23cdec&DisplayLang=en

• http://www.microsoft.com/downloads/details.aspx?FamilyID=42661e18-

93c2-4ce2-85d6-3679defe1a3e&DisplayLang=en

• http://www.microsoft.com/downloads/details.aspx?FamilyID=12244f33a5da-4203-a3a8-83f4388bb71f&DisplayLang=en

Related documents
Chapter 1Computer Concept
Chapter 1Computer Concept
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
Nichole Klocke de Rodriguez
Nichole Klocke de Rodriguez
Database Administration Fundamentals
Database Administration Fundamentals
ASP.NET MVC
ASP.NET MVC
Old YMCA Building in Richmond, Indiana 47374
Old YMCA Building in Richmond, Indiana 47374
Database Administration Fundamentals Course Outline
Database Administration Fundamentals Course Outline
Download
advertisement