How to perform Microsoft Baseline Security Analyzer (MBSA) scans

How to perform Microsoft Baseline Security Analyzer (MBSA) scans

How to perform Microsoft Baseline Security Analyzer (MBSA) scans

Date: Apr 27, 2009

This month, Peter Giannoulis of TheAcademyPro.com and TheAcademyHome.com offers an overview of the free Microsoft Baseline Security Analyzer and explains how MBSA scans can be used to not only find misconfigured Windows operating systems, but also to highlight easy ways to improve system security.


Read the full transcript from this video below:  

Please note the full transcript is for reference only and may include errors. To report an error, contact editor@searchsecurity.com.   

How to perform Microsoft Baseline Security Analyzer (MBSA) scans

Peter Giannoulis: Hey everybody. This is Peter Giannoulis from the Academy Pro and the
academyhome.com bringing you this month's SearchSecurity.com screencast.
This month we're going to look at Microsoft's Baseline Security Analyzer, a
little free tool provided by Microsoft to assist you guys in further
securing and patching your Microsoft systems. So let's get right into the
benefits of this tool and what this tool is exactly. Essentially, it's a
tool that finds security misconfigurations in Windows operating systems.
That's basically what it will do for you. It'll actually take Microsoft's
recommended security config for specific operating systems. It
will allow the tool to actually log on to the system and look at the actual
configuration and tell you what you can be doing to further secure your
system.

Nice part of it, obviously, is that it's 100% free, provided by Microsoft.
It's been around for quite a few years now. Another cool thing is it's GUI
version, right, as well as CLI. So if you're kind of on the geek
end of things and you like using the command line, you can use the CLI
version or you can use the GUI version as well. Another really, really cool
thing – and you don't get this in a lot of free tools – is that you can scan
not only your local system, but you can scan remote systems across your
network as well, so it makes it kind of a business utility as well. What
does, it actually scans for, besides security misconfigurations, is missing
service packs, patches, hotfixes, and all that good stuff. This tool is
more for small to medium business. Larger corporations probably
put in Microsoft Software Update Server. So,
just to show you again that this tool is not out of date, and it continues
to be updated, it does actually support Windows Server 2008, Vista, 2003
Server, XP, and Windows 2000 systems, and it continues to be supported.
There's actually a URL on the bottom there where this information is
available as well as the downloads.

So let's go ahead. Where are we going to find this tool? We're going to
double-click on the URL here and bring it into a browser and actually get
into the configuration of this. Like every video every month that we
do for you guys, we're going to actually show you where to download it, how
to download it, right, simple stuff - install it and so on. As you can see
here, we have the 64-bit or x86 architecture. So we have French, Japanese,
English. We're going to grab the x86 in the English side,
double-click on it and begin the install. The install's really easy, guys.
It's a .msi file. You pretty much run it, go next, next, next, and you're
installed and up-to-date. Go ahead, accept the license agreement, click on
next, click on install, this will take us a second or two and then we'll be
done. All right. So the install's actually done, and you'll see the first
time you actually run a scan, it will basically go ahead and update itself
with the latest service packs and notices. We're going to go ahead
and scan one computer, not multiples – as you can see, you can have
multiples. In here you have the computer name, just the single
workgroup/xps which is my system, or you can actually type in the IP
address there. You have options below for checking Windows admin
vulnerability, weak passwords, IIS if you want, SQL.
Check for security updates. Leave that alone as the
default. We'll go ahead and start the scan. This scan can take quite a bit
of time, depending on how slow your system is. But we
speed up the middle of it so you guys don't have to actually watch the
whole scan.

Going back as I mentioned before, it downloads latest security update
information. It's currently done that and scanning the system right now, and
after the scan's done, we'll actually go through the little report that you
get. All right, so now that are scans are done, you'll see on this system
alone, we've got the IP address, the scan date, the scan based on what
version of MBSA that we're looking at, the sort order so how do we want to
sort the vulnerabilities that it found. We can look at, show us the best
stuff first or the worst. We're going to look at the worst here, so under the
Security Update Scan Results, we have SQL server security updates, so one
security update's missing. You can click on that and actually see what
update is actually missing, and what idea it actually falls under. So, it's
pretty cool. Then within here, you can click on download to grab the latest
patch that will fix that specific error that we received. How do you
correct this? We'll actually bring you to a page as well to show you that
doing X, Y, and Zed will assist you in correcting this vulnerability. If
we scroll down a little bit, you'll also see the Windows scan results for
the administrative vulnerabilities, so you'll also incomplete updates. We
have two admins found on this computer that we may not need. We have
additional system information with regard to auditing. So neither logon
success or logon failure are audited, or auditing-enabled which is
obviously not a good thing. Being that this is a single system, it doesn't
really matter because we're running the scan to show you more info in the
report, but, you know, that's something that you don't want to see on your
domain controllers and whatever it may be. With regard to services, no
potential unnecessary services were found, three shares are present. So it
actually tells you what shares are found, how many of them.

You'll actually see the version of Windows as well. If we scroll down, IIS
results. We don't have any IIS installed, so we don't see anything there. If
we keep going down, you'll actually see as deep as the desktop application
scan results, so you'll see my Internet Explorer zone security settings are
on for all users, which is great. Macro security issue, four Microsoft
Office products were installed, and no issues were found. So you can see
when we see the little green shield with the checkmark on the left-hand
side, that's usually a good thing. So, like I said, when we actually chose
to view the worst things first, that's where you saw all the red shields
and the X's there. So we can actually print the report if we wanted to. Nice
and easy, right? We're not going to do that right now, because you can't
see that anyway but you'll see that it's easy to do it or we can copy it to
a clipboard.

So, in wrap-up, some of the points to remember with this tool:
it is a great tool, a strong tool, it was developed by Microsoft so they
know what they're looking for within their own operating system. That's why
I like this tool a lot, and it assists in discovering security
misconfigurations, sniffing out missed service packs, patches and hotfixes.
Two of the greatest things are obviously that it is 100% free, and the
ability to scan locally and remotely is definitely a big thing. So like I
said, for small and medium organizations, you can run this tool on one of
your scanning type systems and go out there and check out your entire
network of systems or your domain controllers, or whatever it may be.

Thanks very much for coming out guys. Again, this is Peter Giannoulis for
SearchSecurity.com, and we'll see you next month with the latest screencast.
Take it easy guys. Bye-bye.

Want more demos of free security tools? Check out the rest of our screencasts.

More on Security Testing and Ethical Hacking

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: