Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Microsoft Baseline Security Analyzer Tutorial Handout

    Hochgeladen von

    Alan Galeiro
    125 Ansichten8 Seiten
    MBSA is a free security scanner for Microsoft products. It scans a computer or a group of computers for missing patches / updates. MBSA provides a checklist of configuration problems and missing updates / patches.

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    MBSA is a free security scanner for Microsoft products. It scans a computer or a group of computers for missing patches / updates. MBSA provides a checklist of configuration problems and missing updates / patches.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    125 Ansichten8 Seiten

    Microsoft Baseline Security Analyzer Tutorial Handout

    Hochgeladen von

    Alan Galeiro
    MBSA is a free security scanner for Microsoft products. It scans a computer or a group of computers for missing patches / updates. MBSA provides a checklist of configuration problems and missing updates / patches.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 8

    UsingMicrosoftBaselineSecurityAnalyzer(MBSA)

    MicrosoftBaselineSecurityAnalyzerTutorial Thisinformationwasadaptedfromthefollowingwebsite: http://www.malwarehelp.org/usingmicrosoftbaselinesecurity.html MBSAisafreesecurityscannerforMicrosoftproductswhichanalyzesacomputeroragroupof computersformissingpatches/updatesandcommonsecuritymisconfigurations.Whenrun MBSAprovidesachecklistofconfigurationproblemsandmissingupdates/patches.Themost importantpartofthesecurityreportprovidedbytheMicrosoftBaselineSecurityAnalyzer (MBSA)isthewayinformationgivenonthelinesof"Whatwasscanned",Resultdetails"and "Howtocorrectthis". SomeofthechecksthatMBSAperforms: CheckformissingWindowssecurityupdates CheckformissingIEsecurityupdates CheckformissingWindowsMediaPlayersecurityupdates CheckformissingOfficesecurityupdates Checkforfilesystemtypeonharddrives CheckifAutoLogonfeatureisenabled CheckifGuestaccountisenabled CheckthenumberoflocalAdministratoraccounts Checkforblankorsimplelocaluseraccountpasswords Checkifunnecessaryservicesarerunning CheckifInternetConnectionFirewallisenabled CheckifAutomaticUpdatesisenabled

    ListtheInternetExplorersecurityzonesettingsforeachlocaluser CheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministrators CheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornon Administrators ListtheOfficeproductssecurityzonesettingsforeachlocaluser

    Note: 1. ThecomputermustberunningMicrosoftWindowsServer2003,Windows2000Service Pack3orlater,orWindowsXP.RunningMBSAonWindowsNT,95,98orMesystemsis notsupported. 2. The"Workstation"and"Server"servicesmustbeenabledwhenscanningalocal computer. 3. TheinitialscanrequiresinternetconnectionasMBSAdownloadsthesecurityupdate catalogfromtheMicrosoftWebsiteintheformofacabinetfilecalledwsusscan.cab. 4. Youmusthavelocaladministrativeprivilegesonthecomputerbeingscanned. ScanningyourSystem DownloadandInstallMicrosoftBaselineAnalyzer(MBSA)fromMicrosoft. DoubleclicktoopenMBSA.Click"Scanacomputer".

    Ifyouarescanningthelocalcomputer,itwillbepreselectedforscanning.Youcanalsochoose toscananothercomputerifyouareinanetworkbyselectingitsnameoritsIPaddress.Make suretheoptions"CheckforWindowsAdministrativevulnerabilities","Checkforweak passwords"and"Checkforsecurityupdates"arechecked.Youcanunchecktheoptions"Check forIISvulnerabilities"and"CheckforSQLvulnerabilities",ifyoudon'thavetheminstalled.

    MBSAisdownloadingthelistoflatestsecuritycatalogueintheformofaasigned.cabfilefrom Microsoft.

    MBSAisscanningtheselectedcomputer.

    Oncethescaniscomplete,theresultsareshowninanicelyorganizedreportthathasdetailsof "Whatwasscanned","Resultdetails"and"Howtocorrectthis".Noteifanyproductsarenot foundtobeinstalledonscannedmachines,theassociatedproductcheckswillnotbe performedandwillnotbereflectedthisreport. HowtointerprettheMBSAscanreports

    MBSAdisplaysdifferenticonsinthereportscorecolumnsdependingonwhetheravulnerability wasfoundonthescannedmachine. Fortheadministrativevulnerabilitychecks,aredXisusedwhenacriticalcheckfailed(for example,auserhasablankpassword).AyellowXisusedwhenanoncriticalcheckfailed(for example,anaccounthasapasswordthatdoesnotexpire).Agreencheckmarkisusedwhena checkpasses(thatis,noissuewasfoundforthatparticularcheck).Ablueasteriskisusedfor bestpracticechecks(forexample,checkingifauditingisenabled),andablueasterisk informationaliconisusedforchecksthatsimplyprovideinformationaboutthecomputerbeing scanned(forexample,theoperatingsystemversionofthescannedcomputer). Forthesecurityupdatechecks,aredXisusedwhenMBSAconfirmsthatasecurityupdateis missingfromthescannedcomputer.AyellowXisusedforwarningmessages(forexample,the computerdoesnothavethelatestservicepackorupdaterollup),andabluestarisusedfor informationalmessagesindicatingthatanupdateisnotavailabletothecomputerbecauseit hasnotbeenapprovedontheUpdateServicesserver.Scorescannotbechangedorreassigned forsystemconfigurationchecks.MBSA2.0FrequentlyAskedQuestions SecurityUpdateChecks

    Thischeckdetermineswhichavailableservicepacksandsecurityupdatesforpredetermined MSproductsarenotinstalledonthescannedcomputer.MBSAwillreportmissingupdates markedascriticalsecurityupdatesinMicrosoftUpdateforthefollowingproducts: MicrosoftWindowsNT4.0,Windows2000,WindowsXP,WindowsServer2003 InternetInformationServer(IIS)4.0,IIS5.0,IIS6.0 SQLServer7.0,SQLServer2000(includingMicrosoftDataEngine1.0and2000) InternetExplorer5.01andlater WindowsMediaPlayer6.4andlater

    ExchangeServer5.5,ExchangeServer2000,ExchangeServer2003(includingExchange AdminTools) MicrosoftDataAccessComponents(MDAC)2.5,MDAC2.6,MDAC2.7,MDAC2.8 MicrosoftVirtualMachine(VM) MSXML2.5,MSXML2.6,MSXML3.0,MSXML4.0 ContentManagementServer2001,ContentManagementServer2002 CommerceServer2000,CommerceServer2002 BizTalkServer2000,BizTalkServer2002,BizTalkServer2004 SNAServer4.0,HostIntegrationServer2000,HostIntegrationServer2004 MicrosoftOffice

    WindowsChecks

    ThefollowingchecksareperformedbyMBSA:

    Checkforaccountpasswordexpiration Checkforfilesystemtypeonharddrives CheckifAutoLogonfeatureisenabled CheckifGuestaccountisenabled ChecktheRestrictAnonymousregistrykeysettings CheckthenumberoflocalAdministratoraccounts Checkforblankorsimplelocaluseraccountpasswords CheckifunnecessaryservicesarerunningListthesharespresentonthe computer CheckifWindowsauditingisenabled ChecktheWindowsversionrunningonthescannedcomputer CheckifInternetConnectionFirewallisenabled CheckifAutomaticUpdatesisenabled Checkifincompleteupdatesrequirethecomputertoberestarted

    TheMBSAalsoprovidesadditionalsysteminformationaboutunnecessaryservices,Windows shares,Windowsversionetc.

    DesktopApplicationChecks

    MBSAperformsthefollowingchecks: ListtheInternetExplorersecurityzonesettingsforeachlocaluser CheckifInternetExplorerEnhancedSecurityConfigurationisenabledfor Administrators CheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornon Administrators

    ListtheOfficeproductssecurityzonesettingsforeachlocaluser

    Witheachvulnerabilityfound,MBSAwillalsotellyouhowtofixit.Clickonthe"Resultdetails" linkonthereport.

    Inthisinstance,clickingonthe"resultdetails"popsupanotherwindowwithdetailsof vulnerabilitiesfoundforInternetExplorer.ClickingontheprovidedlinkopensanotherWindow, whichshowstheexactindividualoptionswhicharenotsettotherecommendedsettings.

    ClickingonHowtocorrectthisopensanIEWindowwiththerecommendedsolutionwithstep bystepinstructions.

    Onceyouhavegonethroughthereportandfixedallthevulnerabilities,rerunMBSAtocheck thattherearenomorevulnerabilitiesexistsinyoursystem.

    Das könnte Ihnen auch gefallen