The Microsoft Baseline Security Analyzer - PowerPoint PPT Presentation

About This Presentation
Title:

The Microsoft Baseline Security Analyzer

Description:

The Microsoft Baseline Security Analyzer A practical look . Overview of Network Management Larger networks means: More computers to manage. More computers to maintain. – PowerPoint PPT presentation

Number of Views:187
Avg rating:3.0/5.0
Slides: 21
Provided by: ccl88
Category:

less

Transcript and Presenter's Notes

Title: The Microsoft Baseline Security Analyzer


1
The Microsoft Baseline Security Analyzer
  • A practical look.

2
Overview of Network Management
  • Larger networks means
  • More computers to manage.
  • More computers to maintain.
  • Bigger security management issues.
  • More computers to check for security holes.
  • IT Departments Must
  • Continue to manage workstations even during
    growth.
  • Effectively find solutions to remain efficient in
    network security management.

3
The Microsoft Baseline Security Analyzer
  • The Tool
  • Scans computers locally or remotely for any
    possible security hazards.
  • Weak Passwords.
  • Unnecessary services that are running.
  • Firewall status.
  • File Shares
  • Scans Microsoft related products or technologies
    for any missing patches or updates.
  • Microsoft Update Patches
  • Microsoft Office Updates
  • Microsoft Windows Vulnerabilities

4
The Microsoft Baseline Security Analyzer
  • The Tool
  • Has the ability to scan itself or multiple
    computers.
  • Up to 10,000 computers can be scanned.

5
The Microsoft Baseline Security Analyzer
  • Installation
  • Download the msi file from
  • http//www.microsoft.com/technet/security/tools/mb
    sahome.mspx
  • System Requirements
  • Windows NT 4.x
  • Windows 2000
  • Windows XP or
  • Windows Server 2003
  • For Scanning
  • Locally Must be an administrator user.
  • Remotely Must have domain administrator
    privileges (or administrator access to the remote
    computers).

6
The MSBA User Interface
7
Using The MSBA
  • Local Scan
  • Click on Scan a Computer
  • Select your computer using the drop down box
  • Click Start Scan

8
Using The MSBA
  • Remote Scan
  • Click on Scan a Computer or Scan Multiple
    Computers
  • Enter the computer name or select the domain to
    scan or enter an IP range.
  • Click Start Scan

9
Using The MSBA
  • The Results
  • Single Computer Scan
  • Report of the single computer scanned shows.
  • Multiple Computer Scan
  • Select the report of the computer scanned.

10
Using The MSBA
11
The Security Report
12
The Security Report
13
Details of Report
  • Most reports includes
  • Microsoft Office Updates
  • Critical Updates or Patches
  • Weak Password Check
  • File Systems
  • Guest Accounts
  • Administrator Accounts
  • Recommended is two.
  • Windows Version
  • Recommended Settings in
  • Windows
  • Internet Explorer
  • Services
  • Firewall
  • File Sharing

14
Details of Report
15
Details of Report
16
Details of Report
17
What is the Tool Doing?!
  • The MSBA uses a product and update catalogue from
    the Microsoft web site.
  • Or a local intranet website that stores the
    catalogue.
  • The MSBA parses through the catalogue (XML file)
    and compares certain values in the registry as
    well as scan the OS internally.
  • Both remote and local scans are very similar
    however,
  • To do a complete scan remotely, the remote
    registry service must be enabled.

18
Some Opinions
  • Pros
  • Very flexible. Command line interface allows
    customized output.
  • Very efficient. Can scan up to 10,000 computers
    in one scan.
  • Scans transparently. No downtime required.
  • General User Interface acts like a Wizard. (Step
    1, 2, 3)
  • Cons
  • Security scans do not take into account recently
    discovered vulnerabilities.
  • Accuracy depends on Microsofts knowledge of
    vulnerabilities.
  • Only scans Microsoft technologies.
  • Microsofts control of vulnerability information.
  • Ultimately, you will only know if Microsoft makes
    it known. At one point, Microsoft knew of a
    vulnerability for six months before information
    was released.
  • Source CBC News Online Article
  • http//www.cbc.ca/story/world/national/2004/02/10/
    microsoft_040210.html
  • Can give false alarms if you have set your own
    settings.

19
Some Opinions
  • The Bottom Line
  • Very useful in enterprise style networks.
  • A straightforward tool that allows any user to
    run it.
  • Free.

20
Thank You!
  • Kaleem Maxwell
Write a Comment
User Comments (0)
About PowerShow.com