Microsoft Baseline Security Analyzer (MBSA), Slides of Operating Systems

Microsoft Baseline Security Analyzer. (MBSA) is a software tool released by. Microsoft to determine security state by.

Typology: Slides

2022/2023

Uploaded on 03/01/2023

fazal
fazal 🇺🇸

4.6

(12)

230 documents

1 / 24

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer
(MBSA) is a software tool released by
Microsoft to determine security state by
assessing missing security updates and less-
secure security settings within Microsoft
Windows. It is a security vulnerability tool
designed to help determine the security
state in accordance with Microsoft security
recommendations and offers specific
remediation guidance.
Microsoft
Baseline
Security
Analyzer
(MBSA)
Vulnerability Scanner
Jamaal Green and Angela Richardson
11/16/2011
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18

Partial preview of the text

Download Microsoft Baseline Security Analyzer (MBSA) and more Slides Operating Systems in PDF only on Docsity!

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) is a software tool released by Microsoft to determine security state by assessing missing security updates and less- secure security settings within Microsoft Windows. It is a security vulnerability tool designed to help determine the security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

Microsoft

Baseline

Security

Analyzer

(MBSA)

Vulnerability Scanner

Jamaal Green and Angela Richardson 11/16/

Microsoft Baseline Security Analyzer

  • Project Introduction Table of Contents
  • Project Description........................................................................................................................................
  • Project Security Issues
  • Completed Project Tasks, Challenges, and Lessons Learned
    • Completed Project Tasks...........................................................................................................................
    • Project Challenges.....................................................................................................................................
    • Lessons Learned
  • Hands on Labs - Microsoft Baseline Security Analyzer Labs 1 &
    • Project - Microsoft Baseline Security Analyzer Lab 1 – Angela Richardson............................................
    • Project - Microsoft Baseline Security Analyzer Lab 2 – Jamaal Green
  • Conclusion
  • References
  • Project MBSA Team 1 Evaluations
    • Evaluated by Jamaal Green
    • Evaluated by Angela Richardson

Project Introduction

A vulnerability scanner is one of many security tools used to improve the security of networks. The goal of running a vulnerability scanner is to identify devices on a network that are open to known vulnerabilities. A vulnerability tool can help secure a network or it can be used by potential attackers to identify weaknesses in you system to mount an attack against. The tool can be used to identify and fix weaknesses before potential attacker use them to exploit victims. There are many different types of scanners that accomplish similar goals through different means. Some scanners work better than others. Some of the highly rated vulnerability scanning packages including SAINT, SARA and QualysGuard carry a hefty price tag. Some companies do not mind the cost of the tools because they add network security and peace of mind. With recent budget shortfalls within companies, many others do not have the budget needed for these products. Companies that primarily use Microsoft Windows products use a freely available tool called Microsoft Baseline Security Analyzer (MBSA). MBSA can be used to scan systems and identify missing patches and missing or weak passwords and other common security issues. MBSA tool is used to assess security settings within Microsoft (MS) Windows components such as: Internet Explorer, Web Server, Products Microsoft SQL server, MS Office Settings and is compatible with the Windows Operating Systems Windows – NT, 2000, XP, 2003, Vista, and 7. It average scans over three million computers each week and is used by many leading third-party vendors, security auditors, medium to large businesses, home Networks - Local Hosts.

Project Description

MBSA (Microsoft Baseline Security Analyzer) is a security vulnerability scanner designed to assess computers, computer systems, networks or applications for weaknesses. MBSA will scan Windows- based computer(s) and check the operating system(s) and other installed components. MBSA 2. will be used in this project to help determine how safe a Windows system is by checking for common misconfigurations and missing security updates and by using the recommendations provided to improve the system safeguards in accordance with the Microsoft security standards. The objectives of this project are to use the tool to scan a computer system for system vulnerabilities, determine how to detect the misconfigurations of the computer system and learn how to correct these misconfigurations. Our project team will check certain settings to determine whether they are secure We will determine whether the Auto Logon feature is enabled. If enabled, it could allow other users to access personal files and use the host name to commit malicious acts. Automatic updates will be checked to identify whether the feature is enabled and if so, how it is configured. It should be configured to best fit the security needs of the host. Guest Account check will be checked to determine whether the built-in guest account is enabled. It may be enabled and used by all user connections from the network as part of the security model. The Firewall will be checked to determine whether it is enabled for allowing or denying access in and out of the host network. Local Account passwords will be checked to identify any local user accounts that are using blank or simple passwords. Since the tool was designed to work on windows based Operating Systems, a check will be performed to see if windows server 2003, XP 2000, or Windows 7 version is running on the local host. Local user accounts will be checked for non-expiring passwords because passwords should be changed regularly to mitigate against password attacks. Anonymous users should be restricted on the scanned computer because anonymous users can list certain types of system information, including user names and details, account policies, and share names. To provide enhanced security, these administrative vulnerabilities will be checked and

Project Security Issues

The MBSA 2.2 tool offers multiple scan options for identifying weaknesses. The MBSA provides the ability to check for Windows administrative vulnerabilities, weaknesses in administrative tools used to administer computers, services, other system components, and networks which will be the primary focus area for this project. The Windows administrative vulnerabilities are the main Security Issues focused on in this project. We will focus on checking settings like auto-updates, weak passwords, user accounts, auto-login, anonymous users, guest accounts, firewall, non-expiring passwords and operating system version that could be exploited by attackers if they are not set up and secured properly. We will also focus on any best practices, critical and non-critical scan issues identified by the MBSA tool to improve the security state of the scanned hosts. Since the tool provides the ability to check for weak passwords - passwords that are blank or considered simple and easy to crack, we will focus on these to see if vulnerabilities exist and correct all critical issues. The tool also provides the ability to check for Internet Information Services (IIS) admin vulnerabilities, weaknesses in the administration of Web and RP services through the internet Information Services; and the ability to check for SQL vulnerabilities, weaknesses in administrative tools used in database development, maintenance and administration. While these features are available, we are not planning to focus on these security vulnerabilities in this project.

Completed Project Tasks, Challenges, and Lessons Learned

Completed Project Tasks

There were a few project scenarios that were completed, in order to see how the tool actually operates. Of course, there are many different tasks that can be administered to check the security state of the system but not all were chosen in this particular scan. In this scan, the MBSA tool performed Windows checks. These checks consisted of checking the administrator’s group membership, the auto log on, the local account passwords, the automatic updates that the system may have needed, and if there was a firewall in place. The purpose of checking the administrator’s group membership is to verify the individual user accounts that belong to the local administrator, to keep administrators to a minimum, and correct any misconfigurations or missing security updates. The tool also scans for auto logons to determine whether the Auto Logon feature is either enabled or disabled. Local account password checks are administered in order to determine if a password is blank, if a particular password is the same as the username, and if the password is considered weak. Checking for automatic updates reveal information about whether the Automatic Update feature is enabled or disabled, how the automatic update is configured, and corrects any misconfigurations or missing security updates. The MBSA tool also checks the firewall to determine whether it is enabled or disabled. Checking the firewall also determines whether any static bound ports are open in the firewall.

Once this scan was completed, the results were astounding. There were not many issues, but the information that was given was very vital. The administrator’s group membership was considered sufficient because there were only two administrators on that particular system. The auto logon check was not configured on this computer, which was also a considered a good report. The local account passwords check however, did not have a good report. Some user accounts, maybe 3 or 4, had simple or blank passwords, or could not be analyzed. The solution to this problem was to

Project Challenges

MBSA was a very simple and very easy to use yet powerful and intuitive tool to identify system weaknesses. Our project team was very fortunate because of the tool’s simple tasks/features identified in <Figure 1>; we did not have any project challenges. We were able to download the tool without any issues, we easily navigated the tool features and because of the scan report simplicity in <Figure 2>, we were able to easily read and access the results. We did not face any challenges working with this tool. It can be very useful for anyone that would like to know the security state of their machine(s). The Microsoft Baseline Security Analyzer is far from cumbersome, and can be used by any entry-level Information Technology personnel. MBSA not only informs the administrator of the issues that may be associated with a system, it also provides suggestions of how to correct these particular problems.

Figure 1.

Figure 2.

Lessons Learned

MBSA was a very good tool in that it provided really good and helpful information to help seek out analyze and correct Windows Administrative vulnerabilities on a windows-based computer. We did not run into any challenges working with the tool. It can be very useful for anyone that would like to know the security state of their local network or any commercial IT infrastructure. The Microsoft Baseline Security Analyzer is far from cumbersome, and can be used by any entry-level Information Technology personnel and for in home use. The tool not only informs the administrator of the issues that may be associated with the system, it also provides suggestions of how to correct any identified problems.

We learned how to:

  • Improve the IT Infrastructure of a local host
  • Use MBSA to perform a security updates scan on a local host
  • Use MBSA to check for current settings that are not secure on a local host
  • Determine how to detect the misconfigurations of a local host by scanning a local host and analyzing the scan results
  • Correct the misconfigurations of a local host using the scan results recommendations generated by the MBSA tool

Project - Microsoft Baseline Security Analyzer Lab 1 – Angela Richardson

Author: Angela Richardson Ref: Network Security - Term Project Semester: Fall 2011 Date: 11/16/ Type of Investigation: Detecting System Vulnerabilities - Vulnerability Scanner Software: Microsoft Baseline Security Analyzer Version: 2. Source: Freeware Hardware: Gateway Operating Systems: Windows – NT, 2000, XP, 2003, Vista, and 7 Files/Data/Documents (optional): XML Download: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id= Background: In these Labs we will use Microsoft Baseline Security Analyzer 2.2 (MBSA), vulnerability scanner to check for Windows Administrative Vulnerabilities. Microsoft Baseline Security Analyzer (MBSA) is a software tool released by Microsoft to Determine security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IIS web server, and products Microsoft SQL Server, and Microsoft Office macro settings. MBSA determines which critical security updates are available for particular Microsoft products by referring to an Extensible Markup Language (XML) file that contains security bulletin names and titles, and detailed data about product specific security updates. It can scan a single computer or multiple computers and generates security reports that are saved in an XML format. The tool allows users to scan one or more Windows-based computers for common security misconfigurations. It will scan a Windows-based computer and check the operating system and other installed components for security misconfigurations and whether or not they are up-to-date with respect to recommended security updates. MBSA 2.2 is the latest version of Microsoft’s free security and vulnerability assessment scan tool foradministrators, security auditors, and IT professionals.

Goals of Lab 1: In this lab we will learn to:

  • Improve the IT Infrastructure of a local host (Activities 4 – 5)
  • Check Operating System Version (Activity 4)
  • Check Password Expiration (Activity 4)
  • Check Anonymous Users (Activity 4)
  • Detect Misconfigurations of a local host (Activities 1-4)
  • Analyze Scan Report (Activity 4)
  • Correct Critical Issues (Activities 4 – 5)

Detail Procedures: (Detecting System Vulnerabilities using MBSA 2.2) MBSA requires administrator privileges on both the computer with MBSA installed and the target computers that you scan. Users of the MBSA tool must provide a valid computer name (s) or Ip address (es) in order to invoke a scan.

(GET READY!) ACTIVITY 1: (Log onto a Computer as Admin and Launch the MBSA tool)

  • Log onto a local host
  • Make sure that the account used to log onto the host has admin privileges: o o SelectSelect < Start> o Select o Select o Selec t o Close the window
  • Launch MBSA 2.2 by selecting the following: o < Start> o o <Microsoft Baseline Security Analyzer 2.2>

(GET SET!) ACTIVITY 2: (Validate the Computer Name Before Starting the Scan)

  • Minimize the MBSA tool to get back to the computer’s desk top
  • Verify the computer properties: o Select < Start> o Right click o Select o Close the window 1. Which operating systems are supported by MBSA? Windows – NT, 2000, XP, 2003, Vista, and 7

Questions:

  1. What is the name of the Operating System? Windows 7
  2. What is the name of the computer? DEVIN-PC
  3. What is the full computer name? DEVIN-PC
  4. What is the name of the workgroup? WORKGROUP
  5. Please list the steps to rename the computer or change its domain or workgroup. ^ Click^ < Start>,^ Right click < tab , Select Computer>, ,^ Select Enter^ , “new name here”, SelectSelect
  6. Is there a description of the computer? No If so, what is it?
  7. What other information is provided in this section and give a brief description of the information? System information like manufacture, model, rating, processor, installed memory (RAM), and system type

(GO!)

ACTIVITY 4: (Scan the Computer and Analyze the Scan)

  • Start MBSA scan: o Select < Start Scan>
  • Review the Scan Report for details of the issues found for Guess Accounts, Operating System Version, Password Expiration, Restrict Anonymous Users, and Security Reports.
    1. What format are the security reports saved in? XML

Questions:

  1. Was the Operating System flagged in the security report? No, t he OS was not be flagged in the security report because Windows 7 is windows based
  2. Was the Guest account enabled? No. How do you know? If the Guest account is enabled, it should be flagged in the security report as vulnerability.
  3. If the users account is non-expiring, it should be flagged in the security report. Was the Users account flagged? Yes.
  4. Where there any best practice found? What type of information does the tool provide regarding the best practice? Score: Best Practice Issue: Incomplete Updates Result: No incomplete software updates installations were found What was scanned: has a software update installed that required a system restart that has not yet taken Incomplete Updates - This check determines whether the system place. This is flagged in the scan report as a potential vulnerability, because if the update was for security purposes, it may not be providing needed protection until the restart has completed.
  5. Where there any non-critical checks found? Yes. What type of information/recommendations did the tool offer to correct the problem? Score: Check Failed Issue: Password Expiration Result: All user accounts have non-expiring passwords What was scanned: Password Expiration - This check determines whether any local accounts have passwords that do not expire. Each local user account that has a password that does not expire will be listed in the security scan report, with the exception of any user accounts specified in the NoExpireOk.txt file in the MBSA installation folder.
  6. Where there any passed checks found? Yes. List at least three passed checks. Local Account password tests, automatic updates, and restrict anonymous users.
  • Use the recommended security updates in Activity 4 to update the missing misconfigurations and missing security updates. For each issue listed in the scan report, click the How to correct this link. The page that appears provides the solution to the issue and the instructions to correct the issue.

ACTIVITY 5: (Correct any Issues)

  1. What type of recommendations did the tool offer to correct the problem with Password Expiration?

Questions:

Solution: Passwords should be changed regularly to prevent password attacks.

  1. What type of information did the tool provide for Restrict Anonymous Users? Passed Check Note: access confidential information. For enhanced security, restrict this function so that anonymous users cannot 3. What type of information/recommendations did the tool provide for Guess Accounts? It determined whether the built-in Guest account was enabled on the scanned computer. The guest account is disabled on the computer.

Detail Procedures: (Detecting System Vulnerabilities using MBSA 2.2)

MBSA requires administrator privileges on both the computer with MBSA installed and the target

computers that you scan. Users of the MBSA tool must provide a valid computer name (s) or Ip

address (es) in order to invoke a scan.

  • Log onto a local host

Activity 1: (Log onto a Computer and Launch the MBSA tool)

  • Log into the account
  • Launch MSBA 2.2 by selecting the following: o < Start> o o <Microsoft Baseline Security Analyzer 2.2> Activity 2:( Select MBSA tasks and options for scanning)
  • Check a Single Computer using its name obtained from the tasks in step 2: o Double Click < Scan a Computer>

o Enter the name or the ip address of the computer you wish to scan.(The name of the system should automatically be entered) o Determine scan options: Select Select Select< Check for security updates> Select< Configure computers for Microsoft Updates and scanning prerequisites>

o Questions:

  1. Why is it imperative that you have security updates? To ensure that your system remains uncompromised.
  • Start MBSA scan:

Activity 3(Begin Scanning the Computer for System Vulnerabilities):

o Select < Start Scan>

  • Review the Security Report:

o Questions:

  1. What is the IP address of the system you are scanning? 192.168.2.
  2. What is the result of the “Windows Security Updates” issue? are missing. No security updates
  3. Are there any accounts that have non-expiring passwords? If so, how many? Yes, all user accounts (4) have non-expiring passwords.
  4. How do you correct this issue? Any local accounts identified in the security report as having passwords that do not expire should be reviewed to determine why the option is set, and if it should be removed.Accounts in the NoExpireOk.txt file (in the MBSA installation folder) will not be reportedduring the password expiration check. Users can add or remove account names in this file to be skipped during the scan
  5. What is the result of the “Local Account Password Test” issue? Some user accounts (3 or 4) have blank or simple passwords, or could not be analyzed.
  6. How do you correct this issue? Adopt a strong password policy. This is one of the most effective ways to ensure system security.