Microsoft makes a big deal about security, but sometimes a few of the company's security resources slip under the radar. There aren't many, but there are a few obscure Microsoft security utilities that deserve a little more publicity. In this article, I will briefly describe several utilities that you may not have heard of.
Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer
One really neat security tool that you might not be aware of is the Visio 2003 Connector for the Microsoft Baseline Security Analyzer (MBSA). If you have ever used Visio, you probably know that it is an effective tool for creating network diagrams. However, you aren't limited to creating these diagrams manually. You can create an MBSA-suitable diagram manually, but it's a lot easier to use LANsurveyor. You can use the LANsurveyor for Visio tool (it's in the Visio 2003 Resource Kit) to automatically create a Visio diagram of your network.
Once this diagram has been created, you can add in the Visio connector for the Microsoft Baseline Security Analyzer, and that allows you to initiate MBSA scans directly from Visio by clicking on computers that appear on the diagram. You can also import existing scan results. The diagram is then color coded to reflect the scan results. You can even view the MBSA report for each machine directly through Visio.
Security Risk Assessment for Midsize Organizations
The Security Assessment Tool works differently from other vulnerability assessment tools such as the Microsoft Baseline Security Analyzer. Rather than performing vulnerability scans of your servers, the Security Assessment Tool is a detailed questioner that you fill out with information regarding your security practices. The questionnaire is very detailed and is intended for organizations with fewer than 1,000 employees.
Once you have filled out the questionnaire, you will receive a detailed report of where your security weaknesses are and some things that you can do to correct those weaknesses.
Cipher Security tool
You might be familiar with the CIPHER.EXE command that's built into the Windows operating system. Normally, the CIPHER.EXE command is used for encrypting or decrypting files on a computer's hard drive. Although the Cipher command is a part of the Windows operating system, Microsoft has created a new version that is available at TechNet.
The new version of CIPHER.EXE does all of the same things the old version does, but it has one noteworthy new feature. It has the ability to securely erase deleted files from the hard drive. As you probably know, when a file is deleted, it isn't actually gone. The reference to the file has been removed from the disk's directory, but the file itself still exists and is usually recoverable until it is overwritten by other files. The new version of CIPHER.EXE can be used to overwrite a deleted file so that it cannot be recovered.
Port Reporter is a port logging utility that was originally designed for Windows 2000, but it also runs on Windows Server 2003 and Windows XP. The basic idea is that Port Reporter runs as a service on the machine that's being monitored. As the monitored computer communicates with other computers, Port Reporter logs information such as the ports that are being used, which processes are using which ports, whether or not a detected process is related to a service, the modules loaded by a process and the user account that is running the process.
PortQry was originally intended as a diagnostic tool, but it also acts as an effective security tool. PortQry is a command line utility designed for troubleshooting TCP/IP connectivity issues. The Windows Server 2003 Support Tools originally included PortQry, but there is a newer version available for download.
Malicious Software Removal Tool
A lot of people don't realize it, but Microsoft automatically performs a virus scan on computers running Windows through the Malicious Software Removal Tool. The Malicious Software Removal Tool is an antivirus application that is kept up to date by Windows Update and is set to run periodically on Windows 2000, XP or Server 2003 computers.
Before you let your existing antivirus licenses expire though, you should know that the Malicious Software Removal Tool is not a substitute for the antivirus software that you are running now. That's because this tool only checks for the most common viruses and only runs periodic scans. It does not constantly monitor your file system for malicious changes like a normal antivirus application would.
The Malicious Software Removal Tool Web page also contains for downloading the tool independently of Windows Update. In addition, there is a link to an online version of the tool that can scan your system via an Active X control.
If you would like to learn more about these and other Microsoft security tools, you can do so at TechNet Security tools.
ABOUT THE AUTHOR:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.
This was first published in March 2006