
















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Microsoft Baseline Security Analyzer. (MBSA) is a software tool released by. Microsoft to determine security state by.
Typology: Slides
1 / 24
This page cannot be seen from the preview
Don't miss anything!

















Microsoft Baseline Security Analyzer (MBSA) is a software tool released by Microsoft to determine security state by assessing missing security updates and less- secure security settings within Microsoft Windows. It is a security vulnerability tool designed to help determine the security state in accordance with Microsoft security recommendations and offers specific remediation guidance.
Jamaal Green and Angela Richardson 11/16/
A vulnerability scanner is one of many security tools used to improve the security of networks. The goal of running a vulnerability scanner is to identify devices on a network that are open to known vulnerabilities. A vulnerability tool can help secure a network or it can be used by potential attackers to identify weaknesses in you system to mount an attack against. The tool can be used to identify and fix weaknesses before potential attacker use them to exploit victims. There are many different types of scanners that accomplish similar goals through different means. Some scanners work better than others. Some of the highly rated vulnerability scanning packages including SAINT, SARA and QualysGuard carry a hefty price tag. Some companies do not mind the cost of the tools because they add network security and peace of mind. With recent budget shortfalls within companies, many others do not have the budget needed for these products. Companies that primarily use Microsoft Windows products use a freely available tool called Microsoft Baseline Security Analyzer (MBSA). MBSA can be used to scan systems and identify missing patches and missing or weak passwords and other common security issues. MBSA tool is used to assess security settings within Microsoft (MS) Windows components such as: Internet Explorer, Web Server, Products Microsoft SQL server, MS Office Settings and is compatible with the Windows Operating Systems Windows – NT, 2000, XP, 2003, Vista, and 7. It average scans over three million computers each week and is used by many leading third-party vendors, security auditors, medium to large businesses, home Networks - Local Hosts.
MBSA (Microsoft Baseline Security Analyzer) is a security vulnerability scanner designed to assess computers, computer systems, networks or applications for weaknesses. MBSA will scan Windows- based computer(s) and check the operating system(s) and other installed components. MBSA 2. will be used in this project to help determine how safe a Windows system is by checking for common misconfigurations and missing security updates and by using the recommendations provided to improve the system safeguards in accordance with the Microsoft security standards. The objectives of this project are to use the tool to scan a computer system for system vulnerabilities, determine how to detect the misconfigurations of the computer system and learn how to correct these misconfigurations. Our project team will check certain settings to determine whether they are secure We will determine whether the Auto Logon feature is enabled. If enabled, it could allow other users to access personal files and use the host name to commit malicious acts. Automatic updates will be checked to identify whether the feature is enabled and if so, how it is configured. It should be configured to best fit the security needs of the host. Guest Account check will be checked to determine whether the built-in guest account is enabled. It may be enabled and used by all user connections from the network as part of the security model. The Firewall will be checked to determine whether it is enabled for allowing or denying access in and out of the host network. Local Account passwords will be checked to identify any local user accounts that are using blank or simple passwords. Since the tool was designed to work on windows based Operating Systems, a check will be performed to see if windows server 2003, XP 2000, or Windows 7 version is running on the local host. Local user accounts will be checked for non-expiring passwords because passwords should be changed regularly to mitigate against password attacks. Anonymous users should be restricted on the scanned computer because anonymous users can list certain types of system information, including user names and details, account policies, and share names. To provide enhanced security, these administrative vulnerabilities will be checked and
The MBSA 2.2 tool offers multiple scan options for identifying weaknesses. The MBSA provides the ability to check for Windows administrative vulnerabilities, weaknesses in administrative tools used to administer computers, services, other system components, and networks which will be the primary focus area for this project. The Windows administrative vulnerabilities are the main Security Issues focused on in this project. We will focus on checking settings like auto-updates, weak passwords, user accounts, auto-login, anonymous users, guest accounts, firewall, non-expiring passwords and operating system version that could be exploited by attackers if they are not set up and secured properly. We will also focus on any best practices, critical and non-critical scan issues identified by the MBSA tool to improve the security state of the scanned hosts. Since the tool provides the ability to check for weak passwords - passwords that are blank or considered simple and easy to crack, we will focus on these to see if vulnerabilities exist and correct all critical issues. The tool also provides the ability to check for Internet Information Services (IIS) admin vulnerabilities, weaknesses in the administration of Web and RP services through the internet Information Services; and the ability to check for SQL vulnerabilities, weaknesses in administrative tools used in database development, maintenance and administration. While these features are available, we are not planning to focus on these security vulnerabilities in this project.
There were a few project scenarios that were completed, in order to see how the tool actually operates. Of course, there are many different tasks that can be administered to check the security state of the system but not all were chosen in this particular scan. In this scan, the MBSA tool performed Windows checks. These checks consisted of checking the administrator’s group membership, the auto log on, the local account passwords, the automatic updates that the system may have needed, and if there was a firewall in place. The purpose of checking the administrator’s group membership is to verify the individual user accounts that belong to the local administrator, to keep administrators to a minimum, and correct any misconfigurations or missing security updates. The tool also scans for auto logons to determine whether the Auto Logon feature is either enabled or disabled. Local account password checks are administered in order to determine if a password is blank, if a particular password is the same as the username, and if the password is considered weak. Checking for automatic updates reveal information about whether the Automatic Update feature is enabled or disabled, how the automatic update is configured, and corrects any misconfigurations or missing security updates. The MBSA tool also checks the firewall to determine whether it is enabled or disabled. Checking the firewall also determines whether any static bound ports are open in the firewall.
Once this scan was completed, the results were astounding. There were not many issues, but the information that was given was very vital. The administrator’s group membership was considered sufficient because there were only two administrators on that particular system. The auto logon check was not configured on this computer, which was also a considered a good report. The local account passwords check however, did not have a good report. Some user accounts, maybe 3 or 4, had simple or blank passwords, or could not be analyzed. The solution to this problem was to
MBSA was a very simple and very easy to use yet powerful and intuitive tool to identify system weaknesses. Our project team was very fortunate because of the tool’s simple tasks/features identified in <Figure 1>; we did not have any project challenges. We were able to download the tool without any issues, we easily navigated the tool features and because of the scan report simplicity in <Figure 2>, we were able to easily read and access the results. We did not face any challenges working with this tool. It can be very useful for anyone that would like to know the security state of their machine(s). The Microsoft Baseline Security Analyzer is far from cumbersome, and can be used by any entry-level Information Technology personnel. MBSA not only informs the administrator of the issues that may be associated with a system, it also provides suggestions of how to correct these particular problems.
Figure 1.
Figure 2.
MBSA was a very good tool in that it provided really good and helpful information to help seek out analyze and correct Windows Administrative vulnerabilities on a windows-based computer. We did not run into any challenges working with the tool. It can be very useful for anyone that would like to know the security state of their local network or any commercial IT infrastructure. The Microsoft Baseline Security Analyzer is far from cumbersome, and can be used by any entry-level Information Technology personnel and for in home use. The tool not only informs the administrator of the issues that may be associated with the system, it also provides suggestions of how to correct any identified problems.
We learned how to:
Author: Angela Richardson Ref: Network Security - Term Project Semester: Fall 2011 Date: 11/16/ Type of Investigation: Detecting System Vulnerabilities - Vulnerability Scanner Software: Microsoft Baseline Security Analyzer Version: 2. Source: Freeware Hardware: Gateway Operating Systems: Windows – NT, 2000, XP, 2003, Vista, and 7 Files/Data/Documents (optional): XML Download: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id= Background: In these Labs we will use Microsoft Baseline Security Analyzer 2.2 (MBSA), vulnerability scanner to check for Windows Administrative Vulnerabilities. Microsoft Baseline Security Analyzer (MBSA) is a software tool released by Microsoft to Determine security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IIS web server, and products Microsoft SQL Server, and Microsoft Office macro settings. MBSA determines which critical security updates are available for particular Microsoft products by referring to an Extensible Markup Language (XML) file that contains security bulletin names and titles, and detailed data about product specific security updates. It can scan a single computer or multiple computers and generates security reports that are saved in an XML format. The tool allows users to scan one or more Windows-based computers for common security misconfigurations. It will scan a Windows-based computer and check the operating system and other installed components for security misconfigurations and whether or not they are up-to-date with respect to recommended security updates. MBSA 2.2 is the latest version of Microsoft’s free security and vulnerability assessment scan tool foradministrators, security auditors, and IT professionals.
Goals of Lab 1: In this lab we will learn to:
Detail Procedures: (Detecting System Vulnerabilities using MBSA 2.2) MBSA requires administrator privileges on both the computer with MBSA installed and the target computers that you scan. Users of the MBSA tool must provide a valid computer name (s) or Ip address (es) in order to invoke a scan.
(GET READY!) ACTIVITY 1: (Log onto a Computer as Admin and Launch the MBSA tool)
(GET SET!) ACTIVITY 2: (Validate the Computer Name Before Starting the Scan)
Questions:
ACTIVITY 4: (Scan the Computer and Analyze the Scan)
Questions:
ACTIVITY 5: (Correct any Issues)
Questions:
Solution: Passwords should be changed regularly to prevent password attacks.
MBSA requires administrator privileges on both the computer with MBSA installed and the target
Activity 1: (Log onto a Computer and Launch the MBSA tool)
o Enter the name or the ip address of the computer you wish to scan.(The name of the system should automatically be entered) o Determine scan options: Select
o Questions:
Activity 3(Begin Scanning the Computer for System Vulnerabilities):
o Select < Start Scan>
o Questions: