Microsoft Baseline Security Analyzer

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Microsoft Baseline Security Analyzer (MBSA)

Microsoft has provided a free tool for several versions of Windows that analyzes computers to identify insecure configurations. The MBSA is an easy-to-use legacy tool. However, MBSA isn’t the latest analysis tool available, and with each new version of Windows, it looks for fewer and fewer vulnerabilities. It evaluates part of the current security state of computers in accordance with Microsoft security recommendations. It not only identifies problems but also ranks them by severity and provides recommendations to fix each one. Although MBSA isn’t as comprehensive as it used to be, it does a good job of finding much of the “low hanging fruit.”

The latest version of MBSA, version 2.3, officially supports Windows Server 2012 R2 and Windows 8.1, as well as multiple previous Windows versions. (Note that MBSA version 2.3 is not supported on Windows 10.) If your environment includes computers running previous versions of Windows, you can consult the MBSA release notes or download page to ensure that your version of MBSA supports all your Windows computers. Since MBSA does not install with Windows, you must download and install it yourself. It is well worth the small amount of time and effort to acquire and install this tool. You can get it from Microsoft’s website.

Technical TIP

The SCA snap-in in the MMC profiles a Windows computer. To add the SCA snap-in:

Open the MMC. Choose the Windows Start button and enter mmc in the Run box.
From the MMC menu, select File, Add/Remove Snap-in.
Select SCA from the list of snap-ins on the left.
Choose Add, OK, to add the SCA snap-in.

The SCA snap-in compares your current computer’s settings with the baseline in an SCA database. The next step is either to load the baseline template into a database or to open an existing database. Follow these steps to open a database:

Select SCA and right-click to open the context menu.
Select Open Database.
Enter the name of a new database or navigate to an existing database and choose Open.
Select the template you want to use for the profiling session and choose Open.
Right-click to open the context menu for SCA.
Select Analyze Computer Now.
Enter the fully qualified pathname for the analysis error log file and choose OK.
To view the results of the analysis, select the desired policy element. Expand a parent node to see the desired policy elements. The SCA snap-in displays each policy setting along with the baseline setting and the current computer setting (FIGURE 7-3).

A screenshot of the console 1 page in the Security Configuration and Analysis MMC snap-in application is shown. — FIGURE 7-3
SCA snap-in analysis results.

Courtesy of Microsoft Corporation.

A screenshot of the Windows PowerShell command prompt shows the execution of the SCALog.log commands. Here, a complete scan of the computer is done. — FIGURE 7-4
SCA command-line tool.

Courtesy of Microsoft Corporation.

A screenshot shows a notepad displaying the execution results ofSCALog.log commands. — FIGURE 7-5
SCA command-line tool analysis results.

Courtesy of Microsoft Corporation.

MBSA Graphical User Interface

You can run the MBSA using the graphical user interface (GUI) or command-line interface. The GUI provides an intuitive way to select the types of resources MBSA will analyze. The GUI is the most common interface to use when learning about MBSA. To run MBSA, launch the program, select the scan scope and options, and then, start the scan. The scan report contains lots of information on what was found and what you should do about it. You choose to address or ignore each identified issue. It’s really that simple. The MBSA will scan your selected computers for just the types of vulnerabilities that interest you. In addition to looking for specific security vulnerabilities, MBSA will alert you if operating system or application updates exist that you haven’t installed.

Technical TIP

Follow these steps to use the MBSA GUI (FIGURE 7-6) to scan your computer for vulnerabilities:

Open MBSA. Choose the Windows Start button and then, select Microsoft Baseline Security Analyzer 2.3.
Select the desired operation mode:
1. Select Scan a Computer to scan a single computer.
2. Select Scan Multiple Computers to scan more than one computer in a single session.
3. Select View Existing Security Scan Reports to view the results of previous scans.
If you chose to scan one or more computers, enter the computer or domain name or IP address(es).
1. For single computer scans, enter either a computer name or IP address.
2. For multiple computer scans, enter a domain name or a range of IP addresses.
Select the checkboxes next to the desired scanning options (FIGURE 7-7). In many cases, leaving all options checked provides the most extensive analysis.
Choose Start Scan to begin the scanning process.
Whether you selected the scan option or selected an existing security scan report, MBSA presents the results (FIGURE 7-8) in a user-friendly report. Each report issue includes a description of what was scanned, details of the result, and in many cases, descriptive information on how to resolve the issue.
Choose OK to close the report viewer and return to the MBSA main window.

A screenshot shows Microsoft Baseline Security Analyzer window. From the list of options in the left pane, view security results option is selected. The right pane shows security information. — FIGURE 7-6
MBSA GUI.

Courtesy of Microsoft Corporation

A screenshot of the Microsoft baseline security analyzer application to choose the scan options. — FIGURE 7-7
MBSA scan options.

Courtesy of Microsoft Corporation.

A screenshot shows the results of a user-friendly report in the Microsoft baseline security analyzer. — FIGURE 7-8
MBSA scan results.

Courtesy of Microsoft Corporation.

MBSA Command-Line Interface

Microsoft also provides a command-line interface for MBSA (FIGURE 7-9). The mbsacli.exe command performs the same scan as the MBSA GUI (FIGURE 7-10) but with the added flexibility of starting the scan from the command line. Calling an MBSA scan from the command line gives you the ability to use batch files to scan computers for vulnerabilities. You can schedule batch files to run scans unattended at any time.

A screenshot of the Windows PowerShell shows the execution of the mbsacli.exe command. Here, a complete scan of the computer is done. — FIGURE 7-9
MBSA command-line interface.

Courtesy of Microsoft Corporation.

A screenshot shows the scan results in the Microsoft baseline security analyzer. — FIGURE 7-10
MBSA command-line interface scan results.

Courtesy of Microsoft Corporation.

Technical TIP

Follow these steps to use the MBSA GUI to scan your computer for vulnerabilities:

Open the PowerShell window. Choose the Windows Start button and select PowerShell.
Enter the following command to scan a single computer named “generic” for all vulnerabilities and store the results in a file named mbsaout.txt:

mbsacli /target generic >mbsaout.txt
Enter the following command to scan a single computer named “generic” only for missing updates and store the results in a file named mbsaout.txt:

mbsacli /target generic /n os+iis+sql+password >mbsaout.txt

This command uses the /n option to “Not scan” for “OS,” “IIS,” “SQL,” and “Password” vulnerabilities.
Enter the following command to scan a range of computers using IP addresses only for missing updates and store the results in a file named mbsaout.txt:

mbsacli /r 192.168.141.130-192.168.141.254 /n os+iis+sql+password >mbsaout.txt

This command uses the /n option to “Not scan” for “OS,” “IIS,” “SQL,” and “Password” vulnerabilities.

The results for each scan are reported in two locations. The mbsacli command produces text output and also creates a descriptive results report in the C:usersusernameSecurityScans folder. This is the same folder that the MBSA GUI uses and the report is in the same format. You can use the MBSA GUI to view and analyze the output of the command-line MBSA just as if the output were generated from the GUI.

The MBSA command-line interface supports the same functions as the GUI. In fact, there are advanced options that give you more flexibility than the GUI. TABLE 7-1 shows the most common MBSA command-line interface options.

TABLE 7-1 Common MBSA Command-Line Interface (mbsacli.exe) Options
OPTION	DESCRIPTION
/target	Computer to scan. Target can be a domain or computer name or an IP address.
/d	Domain to scan. Use NetBIOS-compatible domain names instead of fully qualified domain names. For example, use “CorpDomain” instead of “CorpDomain.com.”
/r	Range of IP addresses of computers to scan. Beginning and ending IP addresses should be separated by a hyphen. For example, use “192.168.141.130-192.168.141.254.”
/listfile	Filename of a text file that contains computer names or IP addresses of computers to scan. Each computer name or IP address should be on a separate line.
/n	Scan options that MBSA should not perform. Excluded options may consist of:OS—Windows administrative vulnerabilitiesIIS—Internet Information Services administrative vulnerabilitiesSQL—SQL Server administrative vulnerabilitiesUpdates—Missing security updatesPassword—Check for weak passwords. You can combine options with the “+” operator. For example, “/n os+iis+sql+password” would scan only for missing updates. MBSA excludes all options you supply.
© Jones & Bartlett Learning.

Microsoft SCA and MBSA aren’t the only profilers. Other products can help you identify security vulnerabilities and keep your computers as secure as possible. You’ll learn about other products that extend and complement SCA and MBSA in the next sections.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Microsoft Baseline Security Analyzer

Create new playlist

Sign In

Sign Up

Table of Contents for
Microsoft Baseline Security Analyzer