La lecture en ligne est gratuite
Leer Descargar

Compartir esta publicación

UsingMicrosoftBaselineSecurityAnalyzer(MBSA)
MicrosoftBaselineSecurityAnalyzerTutorialThisinformationwasadaptedfromthefollowingwebsite:http://www.malwarehelp.org/usingmicrosoftbaselinesecurity.htmlMBSAisafreesecurityscannerforMicrosoftproductswhichanalyzesacomputeroragroupofcomputersformissingpatches/updatesandcommonsecuritymisconfigurations.WhenrunMBSAprovidesachecklistofconfigurationproblemsandmissingupdates/patches.ThemostimportantpartofthesecurityreportprovidedbytheMicrosoftBaselineSecurityAnalyzer(MBSA)isthewayinformationgivenonthelinesof"Whatwasscanned",Resultdetails"and"Howtocorrectthis".SomeofthechecksthatMBSAperforms:CheckformissingWindowssecurityupdatesCheckformissingIEsecurityupdatesCheckformissingWindowsMediaPlayersecurityupdatesCheckformissingOfficesecurityupdatesCheckforfilesystemtypeonharddrivesCheckifAutoLogonfeatureisenabledCheckifGuestaccountisenabledCheckthenumberoflocalAdministratoraccountsCheckforblankorsimplelocaluseraccountpasswordsCheckifunnecessaryservicesarerunningCheckifInternetConnectionFirewallisenabledCheckifAutomaticUpdatesisenabled
ListtheInternetExplorersecurityzonesettingsforeachlocaluserCheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministratorsCheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornonAdministratorsListtheOfficeproductssecurityzonesettingsforeachlocaluserNote:1. ThecomputermustberunningMicrosoftWindowsServer2003,Windows2000ServicePack3orlater,orWindowsXP.RunningMBSAonWindowsNT,95,98orMesystemsisnotsupported.2. The"Workstation"and"Server"servicesmustbeenabledwhenscanningalocalcomputer.3. TheinitialscanrequiresinternetconnectionasMBSAdownloadsthesecurityupdatecatalogfromtheMicrosoftWebsiteintheformofacabinetfilecalledwsusscan.cab.4. Youmusthavelocaladministrativeprivilegesonthecomputerbeingscanned.ScanningyourSystemDownloadandInstallMicrosoftBaselineAnalyzer(MBSA)fromMicrosoft.DoubleclicktoopenMBSA.Click"Scanacomputer".
Ifyouarescanningthelocalcomputer,itwillbepreselectedforscanning.YoucanalsochoosetoscananothercomputerifyouareinanetworkbyselectingitsnameoritsIPaddress.Makesuretheoptions"CheckforWindowsAdministrativevulnerabilities","Checkforweakpasswords"and"Checkforsecurityupdates"arechecked.Youcanunchecktheoptions"CheckforIISvulnerabilities"and"CheckforSQLvulnerabilities",ifyoudon'thavetheminstalled.
MBSAisdownloadingthelistoflatestsecuritycatalogueintheformofaasigned.cabfilefromMicrosoft.
MBSAisscanningtheselectedcomputer.
Oncethescaniscomplete,theresultsareshowninanicelyorganizedreportthathasdetailsof"Whatwasscanned","Resultdetails"and"Howtocorrectthis".Noteifanyproductsarenotfoundtobeinstalledonscannedmachines,theassociatedproductcheckswillnotbeperformedandwillnotbereflectedthisreport.HowtointerprettheMBSAscanreports
MBSAdisplaysdifferenticonsinthereportscorecolumnsdependingonwhetheravulnerabilitywasfoundonthescannedmachine.Fortheadministrativevulnerabilitychecks,aredXisusedwhenacriticalcheckfailed(forexample,auserhasablankpassword).AyellowXisusedwhenanoncriticalcheckfailed(forexample,anaccounthasapasswordthatdoesnotexpire).Agreencheckmarkisusedwhenacheckpasses(thatis,noissuewasfoundforthatparticularcheck).Ablueasteriskisusedforbestpracticechecks(forexample,checkingifauditingisenabled),andablueasteriskinformationaliconisusedforchecksthatsimplyprovideinformationaboutthecomputerbeingscanned(forexample,theoperatingsystemversionofthescannedcomputer).Forthesecurityupdatechecks,aredXisusedwhenMBSAconfirmsthatasecurityupdateismissingfromthescannedcomputer.AyellowXisusedforwarningmessages(forexample,thecomputerdoesnothavethelatestservicepackorupdaterollup),andabluestarisusedforinformationalmessagesindicatingthatanupdateisnotavailabletothecomputerbecauseithasnotbeenapprovedontheUpdateServicesserver.Scorescannotbechangedorreassignedforsystemconfigurationchecks.MBSA2.0FrequentlyAskedQuestionsSecurityUpdateChecks
ThischeckdetermineswhichavailableservicepacksandsecurityupdatesforpredeterminedMSproductsarenotinstalledonthescannedcomputer.MBSAwillreportmissingupdatesmarkedascriticalsecurityupdatesinMicrosoftUpdateforthefollowingproducts:MicrosoftWindowsNT4.0,Windows2000,WindowsXP,WindowsServer2003InternetInformationServer(IIS)4.0,IIS5.0,IIS6.0SQLServer7.0,SQLServer2000(includingMicrosoftDataEngine1.0and2000)InternetExplorer5.01andlaterWindowsMediaPlayer6.4andlater
ExchangeServer5.5,ExchangeServer2000,ExchangeServer2003(includingExchangeAdminTools)MicrosoftDataAccessComponents(MDAC)2.5,MDAC2.6,MDAC2.7,MDAC2.8MicrosoftVirtualMachine(VM)MSXML2.5,MSXML2.6,MSXML3.0,MSXML4.0ContentManagementServer2001,ContentManagementServer2002CommerceServer2000,CommerceServer2002BizTalk®Server2000,BizTalkServer2002,BizTalkServer2004SNAServer4.0,HostIntegrationServer2000,HostIntegrationServer2004MicrosoftOfficeWindowsChecks
ThefollowingchecksareperformedbyMBSA:
CheckforaccountpasswordexpirationCheckforfilesystemtypeonharddrivesCheckifAutoLogonfeatureisenabledCheckifGuestaccountisenabledChecktheRestrictAnonymousregistrykeysettingsCheckthenumberoflocalAdministratoraccountsCheckforblankorsimplelocaluseraccountpasswordsCheckifunnecessaryservicesarerunningListthesharespresentonthecomputerCheckifWindowsauditingisenabledChecktheWindowsversionrunningonthescannedcomputerCheckifInternetConnectionFirewallisenabledCheckifAutomaticUpdatesisenabledCheckifincompleteupdatesrequirethecomputertoberestartedTheMBSAalsoprovidesadditionalsysteminformationaboutunnecessaryservices,Windowsshares,Windowsversionetc.
DesktopApplicationChecks
MBSAperformsthefollowingchecks:ListtheInternetExplorersecurityzonesettingsforeachlocaluserCheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministratorsCheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornonAdministrators
ListtheOfficeproductssecurityzonesettingsforeachlocaluserWitheachvulnerabilityfound,MBSAwillalsotellyouhowtofixit.Clickonthe"Resultdetails"linkonthereport.
Inthisinstance,clickingonthe"resultdetails"popsupanotherwindowwithdetailsofvulnerabilitiesfoundforInternetExplorer.ClickingontheprovidedlinkopensanotherWindow,whichshowstheexactindividualoptionswhicharenotsettotherecommendedsettings.
ClickingonHowtocorrectthisopensanIEWindowwiththerecommendedsolutionwithstepbystepinstructions.
Onceyouhavegonethroughthereportandfixedallthevulnerabilities,rerunMBSAtocheckthattherearenomorevulnerabilitiesexistsinyoursystem.