The Microsoft Baseline Security Analyzer

1
The Microsoft Baseline Security Analyzer

• A practical look.

2
Overview of Network Management

• Larger networks means
• More computers to manage.
• More computers to maintain.
• Bigger security management issues.
• More computers to check for security holes.
• IT Departments Must
• Continue to manage workstations even during
  growth.
• Effectively find solutions to remain efficient in
  network security management.

3
The Microsoft Baseline Security Analyzer

• The Tool
• Scans computers locally or remotely for any
  possible security hazards.
• Weak Passwords.
• Unnecessary services that are running.
• Firewall status.
• File Shares
• Scans Microsoft related products or technologies
  for any missing patches or updates.
• Microsoft Update Patches
• Microsoft Office Updates
• Microsoft Windows Vulnerabilities

4
The Microsoft Baseline Security Analyzer

• The Tool
• Has the ability to scan itself or multiple
  computers.
• Up to 10,000 computers can be scanned.

5
The Microsoft Baseline Security Analyzer

• Installation
• Download the msi file from
• http//www.microsoft.com/technet/security/tools/mb
  sahome.mspx
• System Requirements
• Windows NT 4.x
• Windows 2000
• Windows XP or
• Windows Server 2003
• For Scanning
• Locally Must be an administrator user.
• Remotely Must have domain administrator
  privileges (or administrator access to the remote
  computers).

6
The MSBA User Interface
7
Using The MSBA

• Local Scan
• Click on Scan a Computer
• Select your computer using the drop down box
• Click Start Scan

8
Using The MSBA

• Remote Scan
• Click on Scan a Computer or Scan Multiple
  Computers
• Enter the computer name or select the domain to
  scan or enter an IP range.
• Click Start Scan

9
Using The MSBA

• The Results
• Single Computer Scan
• Report of the single computer scanned shows.
• Multiple Computer Scan
• Select the report of the computer scanned.

10
Using The MSBA
11
The Security Report
12
The Security Report
13
Details of Report

• Most reports includes
• Microsoft Office Updates
• Critical Updates or Patches
• Weak Password Check
• File Systems
• Guest Accounts
• Administrator Accounts
• Recommended is two.
• Windows Version
• Recommended Settings in
• Windows
• Internet Explorer
• Services
• Firewall
• File Sharing

14
Details of Report
15
Details of Report
16
Details of Report
17
What is the Tool Doing?!

• The MSBA uses a product and update catalogue from
  the Microsoft web site.
• Or a local intranet website that stores the
  catalogue.
• The MSBA parses through the catalogue (XML file)
  and compares certain values in the registry as
  well as scan the OS internally.
• Both remote and local scans are very similar
  however,
• To do a complete scan remotely, the remote
  registry service must be enabled.

18
Some Opinions

• Pros
• Very flexible. Command line interface allows
  customized output.
• Very efficient. Can scan up to 10,000 computers
  in one scan.
• Scans transparently. No downtime required.
• General User Interface acts like a Wizard. (Step
  1, 2, 3)
• Cons
• Security scans do not take into account recently
  discovered vulnerabilities.
• Accuracy depends on Microsofts knowledge of
  vulnerabilities.
• Only scans Microsoft technologies.
• Microsofts control of vulnerability information.
• Ultimately, you will only know if Microsoft makes
  it known. At one point, Microsoft knew of a
  vulnerability for six months before information
  was released.
• Source CBC News Online Article
• http//www.cbc.ca/story/world/national/2004/02/10/
  microsoft_040210.html
• Can give false alarms if you have set your own
  settings.

19
Some Opinions

• The Bottom Line
• Very useful in enterprise style networks.
• A straightforward tool that allows any user to
  run it.
• Free.

20
Thank You!

• Kaleem Maxwell