Security Analyzer
INLS 187
Security Software Presentation
http://www.microsoft.com
Outline
• What is MBSA?
• How to get it?
• Installation
• Features
• How to use it?
• Evaluation
• Additional
Resources
• Links
• Installation Demonstration
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Features
MBSA runs on
Windows 2000, Windows XP and
Windows Server 2003 systems
and will scan
Windows NT 4.0, Windows 2000,
Windows XP, Windows Server 2003,
Internet Information Server (IIS), SQL
Server, Internet Explorer, MS Office
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Features
MBSA checks:
• OS: account status, file system type,
available file shares, members of the
Administrators group, critical security
patches
• IIS: sample applications and certain virtual
directories present on the machine, if the
IIS Lockdown tool has been run on the
machine
• SQL: type of authentication mode, sa
account password status and SQL service
account memberships
http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
MBSA Scans:
• Internet Explorer 5.01+ zone settings
for each local user account and macro
settings for Office 2000,Office XP, and
Office System 2003.
Supports:
• Software Update Services (SUS)
• Systems Management Server (SMS)
http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
Scanning Computer(s):
• Single computer check
local or remote
• Multiple computers:
– all computers in a domain (by domain name)
– specific range of IP addresses
– scan all of the Windows-based machines found
within the range
– up to 10,000 machines
• These scans require Administrator access!
http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
Types of Scans:
• MBSA-Style Scan
An MBSA-style scan will scan and store
results in an individual XML file to then be
viewed in the MBSA UI (GUI-interface)
• HFNetChk-Style Scan:
HFNetChk-style scan will check for missing
security updates only and will display scan
results as text in the command line window
http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
• Previous security reports are saved in
XML format and can be reviewed later
• Items Checked for Vulnerabilities:
Administrators Group Membership, Auditing,
Auto Logon, Automatic Updates,
Unnecessary Services, File System, Guest
Account, Internet Connection Firewall,
Account Passwords and Policies,
Anonymous User, Shares…
http://www.microsoft.com/technet/security/tools/mbsawp.mspx
Features
• MBSA checks for installed Security
Updates by
– system file versions
– registry settings
– sometimes does not recognize
installed updates
For more information read
Microsoft MBSA White Paper
Sample Scripts are also available
http://www.microsoft.com/technet/security/tools/mbsawp.mspx
How to use it?
MBSA Demonstration
Evaluation
• http://www.microsoft.com/downloads/
• http://www.microsoft.com/downloads/details.aspx?FamilyID=b13ebd6b-
e258-4625-b0a3-64a4879f7798&DisplayLang=en
• http://www.microsoft.com/technet/security/tools/mbsawp.mspx
• http://www.microsoft.com/security/default.mspx
• http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0-
bb30-47eb-9a61-fd755d23cdec&DisplayLang=en
• http://www.microsoft.com/downloads/details.aspx?FamilyID=42661e18-
93c2-4ce2-85d6-3679defe1a3e&DisplayLang=en
• http://www.microsoft.com/downloads/details.aspx?FamilyID=12244f33-
a5da-4203-a3a8-83f4388bb71f&DisplayLang=en