Recently I was asked for my thoughts on a free tool available by Microsoft called Microsoft Baseline Security Analyze (MBSA), I was only familiar with this product from small mentions of it on various websites and throguh security articles so I decided to try it out for myself. MBSA provides the ability for businesses and home users to determine their PC’s curren
Recently I was asked for my thoughts on a free tool available by Microsoft called Microsoft Baseline Security Analyze (MBSA), I was only familiar with this product from small mentions of it on various websites and throguh security articles so I decided to try it out for myself. MBSA provides the ability for businesses and home users to determine their PC’s current state of security based upon Microsoft’s security recommendations. MBSA will then offer specific guidance for remediation on any issues it identifies. MBSA will scan for administrative vulnerabilities as well as missing security updates for a variety of Microsoft products. In addition to checking for Microsoft’s recommended security patches for the Windows OS and scanned products, the tool does several basic security checks:
– Presence and strength of passwords
– Accounts with admin privileges
– NTFS file system
– Auditing being active
– Several key registry settings
– Shares present on the machine
– Services that may be unnecessary
– Presence of applications on domain controllers
– Internet Explorer security
Platform Support:
– Windows 2000 SP3 or later
– Windows XP Home (not remote scan support however)
– Windows XP Pro (remote scan available only if joined to a domain)
– Windows Server 2003
– Windows Vista
– Windows Server 2008
It will not run on Windows XP Embedded and Windows IA64 platforms; however you can remotely scan these systems.
Application Scan Support for Vulnerabilities:
– Windows 2000
– Windows XP
– Windows Server 2003
– IIS 5.0/5.1/6.0
– IE 5.01/5.5/6.0
– SQL Server 7.0/2000/2005
– Microsoft Office 2000/XP/2003
|
Pros |
Cons |
|
– Free – Quick scan and report generation – Reports are viewable in web browser – Provides links to detailed information to allow you to fix any weaknesses – Simple and easy to use – Allows organizations to conform to predefined Microsoft security standards – Ability to scan machines/networks that are not connected to the Internet |
– Some people have reported conflictions with Windows Update info – The potential to not detect valuable workarounds – Firewalls have to specifically configured for remote scans from outside networks – Third party tool integration is prevented by the user having to accept a EULA |
Conclusion:
MBSA is a useful tool for providing a first level security analysis of a Windows based machine running one of a number of Microsoft products. It will allow for compliance with basic Microsoft security standards within a corporate or personal environment. I would recommend this software for individuals maintaining small business or personal home networks, and individual PCs, whom have limited technical knowledge and budget.
This however should not be confused with a true security audit and you should remember to have your firewall or filtering software only allow inbound and outbound connections to those required services. A proper software inventory with versioning information is also a must, as this would allow for tracking of outdated software and proper patch application when needed.
Informational URLs:
Microsoft Baseline Security Analyzer 2.1
http://technet.microsoft.com/en-us/security/cc184923.aspx
MBSA 2.1 Frequently Asked Questions