Scribd
Upload
180 views18 pages

MBSA Guide for IT Professionals

The Microsoft Baseline Security Analyzer (MBSA) is a free security assessment tool that scans Windows systems for vulnerabilities. It checks for missing security updates, weak passwords, unnecessary services and shares, and other misconfigurations. MBSA produces reports that identify security issues and recommend solutions. It can scan individual systems or multiple computers across a network. The tool helps IT professionals securely harden Windows environments.

Uploaded by

Girish Premchandran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
180 views18 pages

MBSA Guide for IT Professionals

The Microsoft Baseline Security Analyzer (MBSA) is a free security assessment tool that scans Windows systems for vulnerabilities. It checks for missing security updates, weak passwords, unnecessary services and shares, and other misconfigurations. MBSA produces reports that identify security issues and recommend solutions. It can scan individual systems or multiple computers across a network. The tool helps IT professionals securely harden Windows environments.

Uploaded by

Girish Premchandran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 18

Microsoft Baseline

Security Analyzer

INLS 187
Security Software Presentation

by Hinár György Polczer

http://www.microsoft.com
Outline

• What is MBSA?
• How to get it?
• Installation
• Features
• How to use it?
• Evaluation
• Additional
Resources
• Links

Microsoft Baseline Security Analyzer


What is MBSA?

• Microsoft Baseline Security Analyzer is a tool to


make Windows based systems and server
applications more secure.
• MBSA points out known flaws which are not fixed
on the tested system
• Shows ways to patch security holes
• Explains correct security guidelines
• New version v1.2.1 is needed for SP2

Microsoft Baseline Security Analyzer


How to get it?

• Easiest to find it with a search on


Microsoft’s download center:
http://www.microsoft.com/downloads/

• The exact address to the MBSA page:


http://www.microsoft.com/downloads/details.aspx
?FamilyID=b13ebd6b-e258-4625-b0a3-
64a4879f7798&DisplayLang=en

Microsoft Baseline Security Analyzer


Installation

• Installation Demonstration

Microsoft Baseline Security Analyzer


Features
• MBSA is the free, best practices vulnerability
assessment tool for the Microsoft platform.
• It is a tool designed for the IT Professional
that helps with the assessment phase of an
overall security management strategy.
• MBSA Version 1.2.1 includes a graphical and
command line interface that can perform
local or remote scans of Windows systems.
• MBSA scans for common system security
misconfigurations

http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Features
MBSA runs on
Windows 2000, Windows XP and
Windows Server 2003 systems
and will scan
Windows NT 4.0, Windows 2000,
Windows XP, Windows Server 2003,
Internet Information Server (IIS), SQL
Server, Internet Explorer, MS Office

http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Features
MBSA checks:
• OS: account status, file system type,
available file shares, members of the
Administrators group, critical security
patches
• IIS: sample applications and certain virtual
directories present on the machine, if the
IIS Lockdown tool has been run on the
machine
• SQL: type of authentication mode, sa
account password status and SQL service
account memberships

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
MBSA Scans:
• Internet Explorer 5.01+ zone settings
for each local user account and macro
settings for Office 2000,Office XP, and
Office System 2003.
Supports:
• Software Update Services (SUS)
• Systems Management Server (SMS)

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
Scanning Computer(s):
• Single computer check
local or remote
• Multiple computers:
– all computers in a domain (by domain name)
– specific range of IP addresses
– scan all of the Windows-based machines found
within the range
– up to 10,000 machines
• These scans require Administrator access!

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
Types of Scans:
• MBSA-Style Scan
An MBSA-style scan will scan and store
results in an individual XML file to then be
viewed in the MBSA UI (GUI-interface)
• HFNetChk-Style Scan:
HFNetChk-style scan will check for missing
security updates only and will display scan
results as text in the command line window

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
• Previous security reports are saved in
XML format and can be reviewed later
• Items Checked for Vulnerabilities:
Administrators Group Membership, Auditing,
Auto Logon, Automatic Updates,
Unnecessary Services, File System, Guest
Account, Internet Connection Firewall,
Account Passwords and Policies,
Anonymous User, Shares…

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
• MBSA checks for installed Security
Updates by
– system file versions
– registry settings
– sometimes does not recognize
installed updates
For more information read
Microsoft MBSA White Paper
Sample Scripts are also available

http://www.microsoft.com/technet/security/tools/mbsawp.mspx
How to use it?

MBSA Demonstration
Evaluation

 MBSA is a tool created for


Microsoft Systems specifically
 Cannot be used as widely as
other tools
 Presents a security snapshot of
the system with the expectations
of a Microsoft security expert
 Allows a safe scan of multiple
Windows systems
Additional Resources
• The Microsoft Security Home Page is a good
resource for Microsoft product security:
http://www.microsoft.com/security/default.mspx

• Windows 2000 & NT 4.0 Tool:


Baseline Urlscan
• Internet Information Services (IIS)
Lockdown Tool 2.1
Questions

• Please ask if you have any


questions, and I will try to answer
them!

• Thank you for your attention!


Links

• http://www.microsoft.com/downloads/
• http://www.microsoft.com/downloads/details.aspx?FamilyID=b13ebd6b-
e258-4625-b0a3-64a4879f7798&DisplayLang=en
• http://www.microsoft.com/technet/security/tools/mbsawp.mspx
• http://www.microsoft.com/security/default.mspx
• http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0-
bb30-47eb-9a61-fd755d23cdec&DisplayLang=en
• http://www.microsoft.com/downloads/details.aspx?FamilyID=42661e18-
93c2-4ce2-85d6-3679defe1a3e&DisplayLang=en
• http://www.microsoft.com/downloads/details.aspx?FamilyID=12244f33-
a5da-4203-a3a8-83f4388bb71f&DisplayLang=en

You might also like