Microsoft Baseline Security Analyzer Tutorial Handout

De
Publicado por

Using Microsoft Baseline Security Analyzer (MBSA)    Microsoft Baseline Security Analyzer Tutorial  This information was adapted from the following website: http://www.malwarehelp.org/using‐microsoft‐baseline‐security.html   MBSA is a free security scanner for Microsoft products which analyzes a computer or a group of computers for missing patches/updates and common security mis‐configurations. When run MBSA provides a checklist of configuration problems and missing updates/patches. The most important part of the security report provided by the Microsoft Baseline Security Analyzer (MBSA) is the way information given on the lines of "What was scanned", Result details" and "How to correct this".  Some of the checks that MBSA performs:  • Check for missing Windows security updates  • Check for missing IE security updates  • Check for missing Windows Media Player security updates  • Check for missing Office security updates  • Check for file system type on hard drives  • Check if Auto Logon feature is enabled  • Check if Guest account is enabled  • Check the number of local Administrator accounts  • Check for blank or simple local user account passwords  • Check if unnecessary services are running  • Check if Internet Connection Firewall is enabled  • Check if Automatic Updates is enabled  • List the Internet Explorer security zone settings for each local user  • ...
Publicado el : sábado, 24 de septiembre de 2011
Lectura(s) : 44
Número de páginas: 8
Ver más Ver menos
UsingMicrosoftBaselineSecurityAnalyzer(MBSA)
MicrosoftBaselineSecurityAnalyzerTutorialThisinformationwasadaptedfromthefollowingwebsite:http://www.malwarehelp.org/usingmicrosoftbaselinesecurity.htmlMBSAisafreesecurityscannerforMicrosoftproductswhichanalyzesacomputeroragroupofcomputersformissingpatches/updatesandcommonsecuritymisconfigurations.WhenrunMBSAprovidesachecklistofconfigurationproblemsandmissingupdates/patches.ThemostimportantpartofthesecurityreportprovidedbytheMicrosoftBaselineSecurityAnalyzer(MBSA)isthewayinformationgivenonthelinesof"Whatwasscanned",Resultdetails"and"Howtocorrectthis".SomeofthechecksthatMBSAperforms:CheckformissingWindowssecurityupdatesCheckformissingIEsecurityupdatesCheckformissingWindowsMediaPlayersecurityupdatesCheckformissingOfficesecurityupdatesCheckforfilesystemtypeonharddrivesCheckifAutoLogonfeatureisenabledCheckifGuestaccountisenabledCheckthenumberoflocalAdministratoraccountsCheckforblankorsimplelocaluseraccountpasswordsCheckifunnecessaryservicesarerunningCheckifInternetConnectionFirewallisenabledCheckifAutomaticUpdatesisenabled
ListtheInternetExplorersecurityzonesettingsforeachlocaluserCheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministratorsCheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornonAdministratorsListtheOfficeproductssecurityzonesettingsforeachlocaluserNote:1. ThecomputermustberunningMicrosoftWindowsServer2003,Windows2000ServicePack3orlater,orWindowsXP.RunningMBSAonWindowsNT,95,98orMesystemsisnotsupported.2. The"Workstation"and"Server"servicesmustbeenabledwhenscanningalocalcomputer.3. TheinitialscanrequiresinternetconnectionasMBSAdownloadsthesecurityupdatecatalogfromtheMicrosoftWebsiteintheformofacabinetfilecalledwsusscan.cab.4. Youmusthavelocaladministrativeprivilegesonthecomputerbeingscanned.ScanningyourSystemDownloadandInstallMicrosoftBaselineAnalyzer(MBSA)fromMicrosoft.DoubleclicktoopenMBSA.Click"Scanacomputer".
Ifyouarescanningthelocalcomputer,itwillbepreselectedforscanning.YoucanalsochoosetoscananothercomputerifyouareinanetworkbyselectingitsnameoritsIPaddress.Makesuretheoptions"CheckforWindowsAdministrativevulnerabilities","Checkforweakpasswords"and"Checkforsecurityupdates"arechecked.Youcanunchecktheoptions"CheckforIISvulnerabilities"and"CheckforSQLvulnerabilities",ifyoudon'thavetheminstalled.
MBSAisdownloadingthelistoflatestsecuritycatalogueintheformofaasigned.cabfilefromMicrosoft.
MBSAisscanningtheselectedcomputer.
Oncethescaniscomplete,theresultsareshowninanicelyorganizedreportthathasdetailsof"Whatwasscanned","Resultdetails"and"Howtocorrectthis".Noteifanyproductsarenotfoundtobeinstalledonscannedmachines,theassociatedproductcheckswillnotbeperformedandwillnotbereflectedthisreport.HowtointerprettheMBSAscanreports
MBSAdisplaysdifferenticonsinthereportscorecolumnsdependingonwhetheravulnerabilitywasfoundonthescannedmachine.Fortheadministrativevulnerabilitychecks,aredXisusedwhenacriticalcheckfailed(forexample,auserhasablankpassword).AyellowXisusedwhenanoncriticalcheckfailed(forexample,anaccounthasapasswordthatdoesnotexpire).Agreencheckmarkisusedwhenacheckpasses(thatis,noissuewasfoundforthatparticularcheck).Ablueasteriskisusedforbestpracticechecks(forexample,checkingifauditingisenabled),andablueasteriskinformationaliconisusedforchecksthatsimplyprovideinformationaboutthecomputerbeingscanned(forexample,theoperatingsystemversionofthescannedcomputer).Forthesecurityupdatechecks,aredXisusedwhenMBSAconfirmsthatasecurityupdateismissingfromthescannedcomputer.AyellowXisusedforwarningmessages(forexample,thecomputerdoesnothavethelatestservicepackorupdaterollup),andabluestarisusedforinformationalmessagesindicatingthatanupdateisnotavailabletothecomputerbecauseithasnotbeenapprovedontheUpdateServicesserver.Scorescannotbechangedorreassignedforsystemconfigurationchecks.MBSA2.0FrequentlyAskedQuestionsSecurityUpdateChecks
ThischeckdetermineswhichavailableservicepacksandsecurityupdatesforpredeterminedMSproductsarenotinstalledonthescannedcomputer.MBSAwillreportmissingupdatesmarkedascriticalsecurityupdatesinMicrosoftUpdateforthefollowingproducts:MicrosoftWindowsNT4.0,Windows2000,WindowsXP,WindowsServer2003InternetInformationServer(IIS)4.0,IIS5.0,IIS6.0SQLServer7.0,SQLServer2000(includingMicrosoftDataEngine1.0and2000)InternetExplorer5.01andlaterWindowsMediaPlayer6.4andlater
ExchangeServer5.5,ExchangeServer2000,ExchangeServer2003(includingExchangeAdminTools)MicrosoftDataAccessComponents(MDAC)2.5,MDAC2.6,MDAC2.7,MDAC2.8MicrosoftVirtualMachine(VM)MSXML2.5,MSXML2.6,MSXML3.0,MSXML4.0ContentManagementServer2001,ContentManagementServer2002CommerceServer2000,CommerceServer2002BizTalk®Server2000,BizTalkServer2002,BizTalkServer2004SNAServer4.0,HostIntegrationServer2000,HostIntegrationServer2004MicrosoftOfficeWindowsChecks
ThefollowingchecksareperformedbyMBSA:
CheckforaccountpasswordexpirationCheckforfilesystemtypeonharddrivesCheckifAutoLogonfeatureisenabledCheckifGuestaccountisenabledChecktheRestrictAnonymousregistrykeysettingsCheckthenumberoflocalAdministratoraccountsCheckforblankorsimplelocaluseraccountpasswordsCheckifunnecessaryservicesarerunningListthesharespresentonthecomputerCheckifWindowsauditingisenabledChecktheWindowsversionrunningonthescannedcomputerCheckifInternetConnectionFirewallisenabledCheckifAutomaticUpdatesisenabledCheckifincompleteupdatesrequirethecomputertoberestartedTheMBSAalsoprovidesadditionalsysteminformationaboutunnecessaryservices,Windowsshares,Windowsversionetc.
DesktopApplicationChecks
MBSAperformsthefollowingchecks:ListtheInternetExplorersecurityzonesettingsforeachlocaluserCheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministratorsCheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornonAdministrators
ListtheOfficeproductssecurityzonesettingsforeachlocaluserWitheachvulnerabilityfound,MBSAwillalsotellyouhowtofixit.Clickonthe"Resultdetails"linkonthereport.
Inthisinstance,clickingonthe"resultdetails"popsupanotherwindowwithdetailsofvulnerabilitiesfoundforInternetExplorer.ClickingontheprovidedlinkopensanotherWindow,whichshowstheexactindividualoptionswhicharenotsettotherecommendedsettings.
ClickingonHowtocorrectthisopensanIEWindowwiththerecommendedsolutionwithstepbystepinstructions.
Onceyouhavegonethroughthereportandfixedallthevulnerabilities,rerunMBSAtocheckthattherearenomorevulnerabilitiesexistsinyoursystem.
¡Sé el primero en escribir un comentario!

13/1000 caracteres como máximo.

Difunda esta publicación