microsoft baseline security analyzer n.
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft Baseline Security Analyzer PowerPoint Presentation
Download Presentation
Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer

589 Views Download Presentation
Download Presentation

Microsoft Baseline Security Analyzer

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Microsoft Baseline Security Analyzer INLS 187Security Software Presentationby Hinár György Polczer

  2. What is MBSA? How to get it? Installation Features How to use it? Evaluation Additional Resources Links Outline Microsoft Baseline Security Analyzer

  3. What is MBSA? • Microsoft Baseline Security Analyzer is a tool to make Windows based systems and server applications more secure. • MBSA points out known flaws which are not fixed on the tested system • Shows ways to patch security holes • Explains correct security guidelines • New version v1.2.1 is needed for SP2 Microsoft Baseline Security Analyzer

  4. How to get it? • Easiest to find it with a search on Microsoft’s download center: • The exact address to the MBSA page: Microsoft Baseline Security Analyzer

  5. Installation • Installation Demonstration Microsoft Baseline Security Analyzer

  6. Features • MBSA is the free, best practices vulnerability assessment tool for the Microsoft platform. • It is a tool designed for the IT Professional that helps with the assessment phase of an overall security management strategy. • MBSA Version 1.2.1 includes a graphical and command line interface that can perform local or remote scans of Windows systems. • MBSA scans for common system security misconfigurations

  7. Features MBSA runs on Windows 2000, Windows XP and Windows Server 2003 systems and will scan Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS), SQL Server, Internet Explorer, MS Office

  8. Features MBSA checks: • OS: account status, file system type, available file shares, members of the Administrators group, critical security patches • IIS: sample applications and certain virtual directories present on the machine, if the IIS Lockdown tool has been run on the machine • SQL: type of authentication mode, sa account password status and SQL service account memberships

  9. Features MBSA Scans: • Internet Explorer 5.01+ zone settings for each local user account and macro settings for Office 2000,Office XP, and Office System 2003. Supports: • Software Update Services (SUS) • Systems Management Server (SMS)

  10. Features Scanning Computer(s): • Single computer check local or remote • Multiple computers: • all computers in a domain (by domain name) • specific range of IP addresses • scan all of the Windows-based machines found within the range • up to 10,000 machines • These scans require Administrator access!

  11. Features Types of Scans: • MBSA-Style Scan An MBSA-style scan will scan and store results in an individual XML file to then be viewed in the MBSA UI (GUI-interface) • HFNetChk-Style Scan: HFNetChk-style scan will check for missing security updates only and will display scan results as text in the command line window

  12. Features • Previous security reports are saved in XML format and can be reviewed later • Items Checked for Vulnerabilities: Administrators Group Membership, Auditing, Auto Logon, Automatic Updates, Unnecessary Services, File System, Guest Account, Internet Connection Firewall, Account Passwords and Policies, Anonymous User, Shares…

  13. Features • MBSA checks for installed Security Updates by • system file versions • registry settings • sometimes does not recognize installed updates For more information read Microsoft MBSA White Paper Sample Scripts are also available

  14. How to use it? MBSA Demonstration

  15. Evaluation • MBSA is a tool created for Microsoft Systems specifically • Cannot be used as widely as other tools • Presents a security snapshot of the system with the expectations of a Microsoft security expert • Allows a safe scan of multiple Windows systems

  16. Additional Resources • The Microsoft Security Home Page is a good resource for Microsoft product security: • Windows 2000 & NT 4.0 Tool: Baseline Urlscan • Internet Information Services (IIS) Lockdown Tool 2.1

  17. Questions • Please ask if you have any questions, and I will try to answer them! • Thank you for your attention!

  18. Links • • • • • • •