La lecture en ligne est gratuite
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Télécharger Lire

Microsoft Baseline Security Analyzer Tutorial Handout

De
8 pages
Using Microsoft Baseline Security Analyzer (MBSA)    Microsoft Baseline Security Analyzer Tutorial  This information was adapted from the following website: http://www.malwarehelp.org/using‐microsoft‐baseline‐security.html   MBSA is a free security scanner for Microsoft products which analyzes a computer or a group of computers for missing patches/updates and common security mis‐configurations. When run MBSA provides a checklist of configuration problems and missing updates/patches. The most important part of the security report provided by the Microsoft Baseline Security Analyzer (MBSA) is the way information given on the lines of "What was scanned", Result details" and "How to correct this".  Some of the checks that MBSA performs:  • Check for missing Windows security updates  • Check for missing IE security updates  • Check for missing Windows Media Player security updates  • Check for missing Office security updates  • Check for file system type on hard drives  • Check if Auto Logon feature is enabled  • Check if Guest account is enabled  • Check the number of local Administrator accounts  • Check for blank or simple local user account passwords  • Check if unnecessary services are running  • Check if Internet Connection Firewall is enabled  • Check if Automatic Updates is enabled  • List the Internet Explorer security zone settings for each local user  • ...
Voir plus Voir moins
UsingMicrosoftBaselineSecurityAnalyzer(MBSA)
MicrosoftBaselineSecurityAnalyzerTutorialThisinformationwasadaptedfromthefollowingwebsite:http://www.malwarehelp.org/usingmicrosoftbaselinesecurity.htmlMBSAisafreesecurityscannerforMicrosoftproductswhichanalyzesacomputeroragroupofcomputersformissingpatches/updatesandcommonsecuritymisconfigurations.WhenrunMBSAprovidesachecklistofconfigurationproblemsandmissingupdates/patches.ThemostimportantpartofthesecurityreportprovidedbytheMicrosoftBaselineSecurityAnalyzer(MBSA)isthewayinformationgivenonthelinesof"Whatwasscanned",Resultdetails"and"Howtocorrectthis".SomeofthechecksthatMBSAperforms:CheckformissingWindowssecurityupdatesCheckformissingIEsecurityupdatesCheckformissingWindowsMediaPlayersecurityupdatesCheckformissingOfficesecurityupdatesCheckforfilesystemtypeonharddrivesCheckifAutoLogonfeatureisenabledCheckifGuestaccountisenabledCheckthenumberoflocalAdministratoraccountsCheckforblankorsimplelocaluseraccountpasswordsCheckifunnecessaryservicesarerunningCheckifInternetConnectionFirewallisenabledCheckifAutomaticUpdatesisenabled
ListtheInternetExplorersecurityzonesettingsforeachlocaluserCheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministratorsCheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornonAdministratorsListtheOfficeproductssecurityzonesettingsforeachlocaluserNote:1. ThecomputermustberunningMicrosoftWindowsServer2003,Windows2000ServicePack3orlater,orWindowsXP.RunningMBSAonWindowsNT,95,98orMesystemsisnotsupported.2. The"Workstation"and"Server"servicesmustbeenabledwhenscanningalocalcomputer.3. TheinitialscanrequiresinternetconnectionasMBSAdownloadsthesecurityupdatecatalogfromtheMicrosoftWebsiteintheformofacabinetfilecalledwsusscan.cab.4. Youmusthavelocaladministrativeprivilegesonthecomputerbeingscanned.ScanningyourSystemDownloadandInstallMicrosoftBaselineAnalyzer(MBSA)fromMicrosoft.DoubleclicktoopenMBSA.Click"Scanacomputer".
Ifyouarescanningthelocalcomputer,itwillbepreselectedforscanning.YoucanalsochoosetoscananothercomputerifyouareinanetworkbyselectingitsnameoritsIPaddress.Makesuretheoptions"CheckforWindowsAdministrativevulnerabilities","Checkforweakpasswords"and"Checkforsecurityupdates"arechecked.Youcanunchecktheoptions"CheckforIISvulnerabilities"and"CheckforSQLvulnerabilities",ifyoudon'thavetheminstalled.
MBSAisdownloadingthelistoflatestsecuritycatalogueintheformofaasigned.cabfilefromMicrosoft.
MBSAisscanningtheselectedcomputer.
Oncethescaniscomplete,theresultsareshowninanicelyorganizedreportthathasdetailsof"Whatwasscanned","Resultdetails"and"Howtocorrectthis".Noteifanyproductsarenotfoundtobeinstalledonscannedmachines,theassociatedproductcheckswillnotbeperformedandwillnotbereflectedthisreport.HowtointerprettheMBSAscanreports
MBSAdisplaysdifferenticonsinthereportscorecolumnsdependingonwhetheravulnerabilitywasfoundonthescannedmachine.Fortheadministrativevulnerabilitychecks,aredXisusedwhenacriticalcheckfailed(forexample,auserhasablankpassword).AyellowXisusedwhenanoncriticalcheckfailed(forexample,anaccounthasapasswordthatdoesnotexpire).Agreencheckmarkisusedwhenacheckpasses(thatis,noissuewasfoundforthatparticularcheck).Ablueasteriskisusedforbestpracticechecks(forexample,checkingifauditingisenabled),andablueasteriskinformationaliconisusedforchecksthatsimplyprovideinformationaboutthecomputerbeingscanned(forexample,theoperatingsystemversionofthescannedcomputer).Forthesecurityupdatechecks,aredXisusedwhenMBSAconfirmsthatasecurityupdateismissingfromthescannedcomputer.AyellowXisusedforwarningmessages(forexample,thecomputerdoesnothavethelatestservicepackorupdaterollup),andabluestarisusedforinformationalmessagesindicatingthatanupdateisnotavailabletothecomputerbecauseithasnotbeenapprovedontheUpdateServicesserver.Scorescannotbechangedorreassignedforsystemconfigurationchecks.MBSA2.0FrequentlyAskedQuestionsSecurityUpdateChecks
ThischeckdetermineswhichavailableservicepacksandsecurityupdatesforpredeterminedMSproductsarenotinstalledonthescannedcomputer.MBSAwillreportmissingupdatesmarkedascriticalsecurityupdatesinMicrosoftUpdateforthefollowingproducts:MicrosoftWindowsNT4.0,Windows2000,WindowsXP,WindowsServer2003InternetInformationServer(IIS)4.0,IIS5.0,IIS6.0SQLServer7.0,SQLServer2000(includingMicrosoftDataEngine1.0and2000)InternetExplorer5.01andlaterWindowsMediaPlayer6.4andlater
ExchangeServer5.5,ExchangeServer2000,ExchangeServer2003(includingExchangeAdminTools)MicrosoftDataAccessComponents(MDAC)2.5,MDAC2.6,MDAC2.7,MDAC2.8MicrosoftVirtualMachine(VM)MSXML2.5,MSXML2.6,MSXML3.0,MSXML4.0ContentManagementServer2001,ContentManagementServer2002CommerceServer2000,CommerceServer2002BizTalk®Server2000,BizTalkServer2002,BizTalkServer2004SNAServer4.0,HostIntegrationServer2000,HostIntegrationServer2004MicrosoftOfficeWindowsChecks
ThefollowingchecksareperformedbyMBSA:
CheckforaccountpasswordexpirationCheckforfilesystemtypeonharddrivesCheckifAutoLogonfeatureisenabledCheckifGuestaccountisenabledChecktheRestrictAnonymousregistrykeysettingsCheckthenumberoflocalAdministratoraccountsCheckforblankorsimplelocaluseraccountpasswordsCheckifunnecessaryservicesarerunningListthesharespresentonthecomputerCheckifWindowsauditingisenabledChecktheWindowsversionrunningonthescannedcomputerCheckifInternetConnectionFirewallisenabledCheckifAutomaticUpdatesisenabledCheckifincompleteupdatesrequirethecomputertoberestartedTheMBSAalsoprovidesadditionalsysteminformationaboutunnecessaryservices,Windowsshares,Windowsversionetc.
DesktopApplicationChecks
MBSAperformsthefollowingchecks:ListtheInternetExplorersecurityzonesettingsforeachlocaluserCheckifInternetExplorerEnhancedSecurityConfigurationisenabledforAdministratorsCheckifInternetExplorerEnhancedSecurityConfigurationisenabledfornonAdministrators
ListtheOfficeproductssecurityzonesettingsforeachlocaluserWitheachvulnerabilityfound,MBSAwillalsotellyouhowtofixit.Clickonthe"Resultdetails"linkonthereport.
Inthisinstance,clickingonthe"resultdetails"popsupanotherwindowwithdetailsofvulnerabilitiesfoundforInternetExplorer.ClickingontheprovidedlinkopensanotherWindow,whichshowstheexactindividualoptionswhicharenotsettotherecommendedsettings.
ClickingonHowtocorrectthisopensanIEWindowwiththerecommendedsolutionwithstepbystepinstructions.
Onceyouhavegonethroughthereportandfixedallthevulnerabilities,rerunMBSAtocheckthattherearenomorevulnerabilitiesexistsinyoursystem.
Un pour Un
Permettre à tous d'accéder à la lecture
Pour chaque accès à la bibliothèque, YouScribe donne un accès à une personne dans le besoin