Microsoft Baseline Security Analyzer Tutorial Handout

Fawyeng - Jgodfrey

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

8 pages

Español

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Using Microsoft Baseline Security Analyzer (MBSA) Microsoft Baseline Security Analyzer Tutorial This information was adapted from the following website: http://www.malwarehelp.org/using‐microsoft‐baseline‐security.html MBSA is a free security scanner for Microsoft products which analyzes a computer or a group of computers for missing patches/updates and common security mis‐configurations. When run MBSA provides a checklist of configuration problems and missing updates/patches. The most important part of the security report provided by the Microsoft Baseline Security Analyzer (MBSA) is the way information given on the lines of "What was scanned", Result details" and "How to correct this". Some of the checks that MBSA performs: • Check for missing Windows security updates • Check for missing IE security updates • Check for missing Windows Media Player security updates • Check for missing Office security updates • Check for file system type on hard drives • Check if Auto Logon feature is enabled • Check if Guest account is enabled • Check the number of local Administrator accounts • Check for blank or simple local user account passwords • Check if unnecessary services are running • Check if Internet Connection Firewall is enabled • Check if Automatic Updates is enabled • List the Internet Explorer security zone settings for each local user • ...

Informations

Publié par	Fawyeng
Nombre de lectures	44
Langue	Español

Extrait

UsingMicrosoftBaselineSecurityAnalyzer(MBSA)

MicrosoftBaselineSecurityAnalyzerTutorialThisinformationwasadaptedfromthefollowingwebsite:http://www.malwarehelp.org/using‐microsoft‐baseline‐security.htmlMBSAisafreesecurityscannerforMicrosoftproductswhichanalyzesacomputeroragroupofcomputersformissingpatches/updatesandcommonsecuritymis‐configurations.WhenrunMBSAprovidesachecklistofconfigurationproblemsandmissingupdates/patches.ThemostimportantpartofthesecurityreportprovidedbytheMicrosoftBaselineSecurityAnalyzer(MBSA)isthewayinformationgivenonthelinesof"Whatwasscanned",Resultdetails"and"Howtocorrectthis".SomeofthechecksthatMBSAperforms:CheckformissingWindowssecurityupdates•CheckformissingIEsecurityupdates•CheckformissingWindowsMediaPlayersecurityupdates•CheckformissingOfficesecurityupdates•Checkforfilesystemtypeonharddrives•CheckifAutoLogonfeatureisenabled•CheckifGuestaccountisenabled••CheckthenumberoflocalAdministratoraccountsCheckforblankorsimplelocaluseraccountpasswords••CheckifunnecessaryservicesarerunningCheckifInternetConnectionFirewallisenabled•CheckifAutomaticUpdatesisenabled•

ListtheInternetExplorersecurityzonesettingsforeachlocaluser•CheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministrators•CheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornon‐ •Administrators•ListtheOfficeproductssecurityzonesettingsforeachlocaluserNote:1. ThecomputermustberunningMicrosoftWindowsServer2003,Windows2000ServicePack3orlater,orWindowsXP.RunningMBSAonWindowsNT,95,98orMesystemsisnotsupported.2. The"Workstation"and"Server"servicesmustbeenabledwhenscanningalocalcomputer.3. TheinitialscanrequiresinternetconnectionasMBSAdownloadsthesecurityupdatecatalogfromtheMicrosoftWebsiteintheformofacabinetfilecalledwsusscan.cab.4. Youmusthavelocaladministrativeprivilegesonthecomputerbeingscanned.ScanningyourSystemDownloadandInstallMicrosoftBaselineAnalyzer(MBSA)fromMicrosoft.DoubleclicktoopenMBSA.Click"Scanacomputer".

Ifyouarescanningthelocalcomputer,itwillbepre‐selectedforscanning.YoucanalsochoosetoscananothercomputerifyouareinanetworkbyselectingitsnameoritsIPaddress.Makesuretheoptions"CheckforWindowsAdministrativevulnerabilities","Checkforweakpasswords"and"Checkforsecurityupdates"arechecked.Youcanunchecktheoptions"CheckforIISvulnerabilities"and"CheckforSQLvulnerabilities",ifyoudon'thavetheminstalled.

MBSAisdownloadingthelistoflatestsecuritycatalogueintheformofaasigned.cabfilefromMicrosoft.

MBSAisscanningtheselectedcomputer.

Oncethescaniscomplete,theresultsareshowninanicelyorganizedreportthathasdetailsof"Whatwasscanned","Resultdetails"and"Howtocorrectthis".Noteifanyproductsarenotfoundtobeinstalledonscannedmachines,theassociatedproductcheckswillnotbeperformedandwillnotbereflectedthisreport.HowtointerprettheMBSAscanreports

MBSAdisplaysdifferenticonsinthereportscorecolumnsdependingonwhetheravulnerabilitywasfoundonthescannedmachine.Fortheadministrativevulnerabilitychecks,aredXisusedwhenacriticalcheckfailed(forexample,auserhasablankpassword).AyellowXisusedwhenanon‐criticalcheckfailed(forexample,anaccounthasapasswordthatdoesnotexpire).Agreencheckmarkisusedwhenacheckpasses(thatis,noissuewasfoundforthatparticularcheck).Ablueasteriskisusedforbestpracticechecks(forexample,checkingifauditingisenabled),andablueasteriskinformationaliconisusedforchecksthatsimplyprovideinformationaboutthecomputerbeingscanned(forexample,theoperatingsystemversionofthescannedcomputer).Forthesecurityupdatechecks,aredXisusedwhenMBSAconfirmsthatasecurityupdateismissingfromthescannedcomputer.AyellowXisusedforwarningmessages(forexample,thecomputerdoesnothavethelatestservicepackorupdaterollup),andabluestarisusedforinformationalmessagesindicatingthatanupdateisnotavailabletothecomputerbecauseithasnotbeenapprovedontheUpdateServicesserver.Scorescannotbechangedorreassignedforsystemconfigurationchecks.MBSA2.0FrequentlyAskedQuestionsSecurityUpdateChecks

Thischeckdetermineswhichavailableservicepacksandsecurityupdatesforpre‐determinedMSproductsarenotinstalledonthescannedcomputer.MBSAwillreportmissingupdatesmarkedascriticalsecurityupdatesinMicrosoftUpdateforthefollowingproducts:MicrosoftWindowsNT4.0,Windows2000,WindowsXP,WindowsServer2003•InternetInformationServer(IIS)4.0,IIS5.0,IIS6.0•SQLServer7.0,SQLServer2000(includingMicrosoftDataEngine1.0and2000)•InternetExplorer5.01andlater••WindowsMediaPlayer6.4andlater

•ExchangeServer5.5,ExchangeServer2000,ExchangeServer2003(includingExchangeAdminTools)•MicrosoftDataAccessComponents(MDAC)2.5,MDAC2.6,MDAC2.7,MDAC2.8•MicrosoftVirtualMachine(VM)MSXML2.5,MSXML2.6,MSXML3.0,MSXML4.0•ContentManagementServer2001,ContentManagementServer2002•CommerceServer2000,CommerceServer2002••BizTalkÂ®Server2000,BizTalkServer2002,BizTalkServer2004•SNAServer4.0,HostIntegrationServer2000,HostIntegrationServer2004•MicrosoftOfficeWindowsChecks

ThefollowingchecksareperformedbyMBSA:

•CheckforaccountpasswordexpirationCheckforfilesystemtypeonharddrives••CheckifAutoLogonfeatureisenabledCheckifGuestaccountisenabled•ChecktheRestrictAnonymousregistrykeysettings••CheckthenumberoflocalAdministratoraccountsCheckforblankorsimplelocaluseraccountpasswords••CheckifunnecessaryservicesarerunningListthesharespresentonthecomputer•CheckifWindowsauditingisenabled•ChecktheWindowsversionrunningonthescannedcomputer•CheckifInternetConnectionFirewallisenabled•CheckifAutomaticUpdatesisenabledCheckifincompleteupdatesrequirethecomputertoberestarted•TheMBSAalsoprovidesadditionalsysteminformationaboutunnecessaryservices,Windowsshares,Windowsversionetc.

DesktopApplicationChecks

MBSAperformsthefollowingchecks:•ListtheInternetExplorersecurityzonesettingsforeachlocaluser•CheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministratorsCheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornon‐ •Administrators

•ListtheOfficeproductssecurityzonesettingsforeachlocaluserWitheachvulnerabilityfound,MBSAwillalsotellyouhowtofixit.Clickonthe"Resultdetails"linkonthereport.

Inthisinstance,clickingonthe"resultdetails"popsupanotherwindowwithdetailsofvulnerabilitiesfoundforInternetExplorer.ClickingontheprovidedlinkopensanotherWindow,whichshowstheexactindividualoptionswhicharenotsettotherecommendedsettings.

ClickingonHowtocorrectthisopensanIEWindowwiththerecommendedsolutionwithstep‐ by‐stepinstructions.

Onceyouhavegonethroughthereportandfixedallthevulnerabilities,rerunMBSAtocheckthattherearenomorevulnerabilitiesexistsinyoursystem.

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Microsoft Baseline Security Analyzer Tutorial Handout

YouScribe

Le catalogue

Le service

Les conditions