Why should Windows shops use Microsoft Baseline Security Analyzer?

MBSA, now in version 2.1 is actually pretty decent. It not only tests for missing patches (what it's well-known for) but also uncovers other weaknesses in your Windows-based systems such as:

• Users in the Administrator group
• Open file shares
• Null sessions enabled
• Automatic Update status
• IIS lockdown status
• Login auditing status
• Blank or weak Windows and SQL Server passwords
• Weak Internet Explorer zone and Microsoft Office macros security settings

MBSA is free and relatively painless to run. You can download and run it on your local computer or, if you have administrative rights and are currently connected, run it against a single networked system or your entire network for that matter. To show you how MSBA works, I ran it against my network (Figure 1). As it turns out, it found some missing updates on my test system that I assumed were up-to-date -- after all, Automatic Updates were enabled.

[IMAGE]
Figure 1 MBSA can highlight missing patches assumed to have been taken care of elsewhere. (Click on image for enlarged view.)

This is a perfect example of how assuming your patches are current simply because you use WSUS, Automatic Updates, or third-party tool can really com...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows desktop security tips Improvements to offline file synchronization in Windows 7 How to get -- and keep -- user support with security Structuring patch management in seven steps Underlying causes of inconsistent patch management Monitoring user activity with network analyzers Microsoft's Patch Tuesday brings a bumper crop of security fixes Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Top 5 registry keys for Windows XP Endpoint security management tools How to get -- and keep -- user support with security MDOP for Windows 7 available now Microsoft's Online Desktop Manager caters to small IT shops Monitoring user activity with network analyzers Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Top 5 registry keys for Windows XP Microsoft releases WSUS 3 SP2 with Win 7, R2 support Using System Center Essentials as a patch management tool Patches, alerts and critical updates Microsoft releases six patches for November Structuring patch management in seven steps Underlying causes of inconsistent patch management Microsoft's Online Desktop Manager caters to small IT shops Microsoft's Patch Tuesday brings a bumper crop of security fixes Act fast with five critical September patches Microsoft's August patches run the gamut Patching third-party browsers adds more work in Windows shops Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary system tray  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

e back to bite you.

Yet, even with all of MBSA's positive traits, I have found some downsides:

1. MBSA is not a full-fledged vulnerability scanner that you can rely on to detect everything (never assume that just because MBSA has checked for the basics that you're in the clear).
2. MBSA is not a vulnerability scanner that's going to check for third-party software weaknesses, Web application flaws, or really anything outside of the out-of-the-box Microsoft-delivered realm (the source of many vulnerabilities in Windows).
3. MBSA is not a penetration testing tool that's actually going to exploit the weaknesses it uncovers (this requires higher-end commercial tools and, in many cases, some hacking know-how).
4. MBSA is not a tool that's going to generate fancy and easily-customized security assessment reports (they may be good enough for you but probably not enough for your managers, auditors, and business partners).

Despite these downsides, MBSA does provide a general security snapshot of your Microsoft systems. It highlights the low-hanging fruit and shows you where you're not following sound security practice – at least in the eyes of Microsoft. But, again, it's still better than nothing and a good starting point that I highly recommend if you've yet to test your systems for security vulnerabilities.

ABOUT THE AUTHOR:   

[IMAGE]Kevin Beaver
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver /at/ principlelogic.com.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.