Tip

Why should Windows shops use Microsoft Baseline Security Analyzer?

We've all heard the adage, "something is better than nothing," and know how it holds true to information security. When I hear this saying, Microsoft's Baseline Security Analyzer (MBSA), a barebones security configuration scanner, comes to mind. Sure this tool may be best suited for small and medium-sized businesses, but it can help enterprises with necessary security scanning measures.

MBSA, now in version 2.1 is actually pretty decent. It not only tests for missing patches (what it's well-known for) but also uncovers other weaknesses in your Windows-based systems such as:

  • Users in the Administrator group
  • Open file shares
  • Null sessions enabled
  • Automatic Update status
  • IIS lockdown status
  • Login auditing status
  • Blank or weak Windows and SQL Server passwords
  • Weak Internet Explorer zone and Microsoft Office macros security settings

MBSA is free and relatively painless to run. You can download and run it on your local computer or, if you have administrative rights and are currently connected, run it against a single networked system or your entire network for that matter. To show you how MSBA works, I ran it against my network (Figure 1). As it turns out, it found some missing updates on my test system that I assumed were up-to-date -- after all, Automatic Updates were enabled.

Figure 1
Figure 1 MBSA can highlight missing patches assumed to have been taken care of elsewhere. (Click on image for enlarged view.)

This is a perfect example of how assuming your patches are current simply because you use WSUS, Automatic Updates, or third-party tool can really come back to bite you.

Yet, even with all of MBSA's positive traits, I have found some downsides:

  1. MBSA is not a full-fledged vulnerability scanner that you can rely on to detect everything (never assume that just because MBSA has checked for the basics that you're in the clear).
  2. MBSA is not a vulnerability scanner that's going to check for third-party software weaknesses, Web application flaws, or really anything outside of the out-of-the-box Microsoft-delivered realm (the source of many vulnerabilities in Windows).
  3. MBSA is not a penetration testing tool that's actually going to exploit the weaknesses it uncovers (this requires higher-end commercial tools and, in many cases, some hacking know-how).
  4. MBSA is not a tool that's going to generate fancy and easily-customized security assessment reports (they may be good enough for you but probably not enough for your managers, auditors, and business partners).

Despite these downsides, MBSA does provide a general security snapshot of your Microsoft systems. It highlights the low-hanging fruit and shows you where you're not following sound security practice – at least in the eyes of Microsoft. But, again, it's still better than nothing and a good starting point that I highly recommend if you've yet to test your systems for security vulnerabilities.

ABOUT THE AUTHOR:   
Kevin Beaver
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver /at/ principlelogic.com.

This was first published in March 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.