Task 8.3: Performing Assessments with MBSA
Microsoft Baseline Security Analyzer (MBSA) is a free tool provided by Microsoft to help security professionals determine their level of security. It provides guidance for improving the overall security of Microsoft systems. MBSA can also detect missing security patches and flag potential problems. Its strengths include the following:
Scenario
You need to examine several network servers to investigate their overall security level and make sure they are secure enough to withstand an attack.
Scope of Task
Duration
This task should take about 15 minutes.
Setup
For this task, you will need a Windows XP, Windows Vista, or Windows 7 computer; access to the Administrator account; and an Internet connection.
Caveat
MBSA may clash with some of the other common security workarounds, and it may not properly detect some of the Windows updated information.
Procedure
In this task, you will learn how to install and run MBSA.
Equipment Used
For this task, you must have:
Details
This task will show you how to install and run MBSA. This program will scan a system for security vulnerabilities and common misconfigurations.
1. Once you have accessed your Windows computer and logged in as Administrator, open your browser and go to www.microsoft.com/downloads/en/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78.
You can download the program from this page. Once the program has completed downloading, execute it from the folder to which it was saved. This will start the installation process.
2. After the installation has completed, you can start MBSA from the shortcut on the desktop or from the Start menu. The program will give you three options:
For this task, choose Scan Multiple Computers. This will allow you to put in a range of IP addresses and check a range of computers at once.
3. Once the scan has completed, you will be taken to the View Security Report screen. This page will describe the findings for each system that was scanned. The report is broken down into five areas:
Security Update Scan Results This area details which security scans are missing.
Windows Scan Results This area lists Windows vulnerabilities that were discovered.
Additional System Information This area lists details such as open shares and services.
Internet Information Services Scan This area lists information about IIS, such as version and patch level.
Desktop Application Scan This area lists details about vulnerable applications.
4. For each problem found, MBSA provides lists of what was scanned, the scan results, and instructions on how to correct the problem. Choosing How To Correct This provides details on the specific security concern and more information on solving the problem. In this example, we’ve chosen an item that indicates there was a problem with service packs. MBSA then provides details on service packs and updates so we can better address the deficiency.
Criteria for Completion
You have completed this task when you have downloaded and installed MBSA on a Windows system and scanned one or more systems for vulnerabilities.
18.223.158.21