MS Baseline Security Analyzer
Results 1 to 7 of 7

Thread: MS Baseline Security Analyzer

  1. #1
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164

    Post MS Baseline Security Analyzer

    Greetings,

    Not sure how many use Automatic Updates, but I noticed (as many probably have) that if you have the service "Automatic Updates" turned off, you can't update through Windows Update. Looking for a better alternative as I like to keep my services streamlined, I found a rather nifty tool called "Microsoft Baseline Security Analyzer". It does scanning of local machines, workgroup machines, and remote PCs based on IP. I included some screenshots for those who haven't seen it. It does download information from the MS site, so it keeps up with some sort of database there for what's relevant at the time.

    Main page can be found here.

    Opening page

    Scan page

    Scanning a machine

    Results page

    It does have a "Copy" function, as you can tell from the Results page and that basically puts the non-graphical results into text-only, as follows.

    Security Updates Vulnerabilities Check passed Windows Security Updates No critical security updates are missing.
    Security Updates Vulnerabilities Check passed Windows Media Player Security Updates No critical security updates are missing.
    Security Updates Vulnerabilities Check passed MDAC Security Updates No critical security updates are missing.
    Security Updates Vulnerabilities Check passed MSXML Security Updates No critical security updates are missing.
    Security Updates Vulnerabilities Check passed Office Updates No critical security updates are missing.
    Windows Scan Results Vulnerabilities Best practice Windows Firewall Windows Firewall is disabled and has exceptions configured.
    Windows Scan Results Vulnerabilities Check passed Local Account Password Test No user accounts have simple passwords.
    Windows Scan Results Vulnerabilities Check passed File System All hard drives (1) are using the NTFS file system.
    Windows Scan Results Vulnerabilities Check passed Guest Account The Guest account is not disabled on this computer.
    Windows Scan Results Vulnerabilities Check passed Restrict Anonymous Computer is properly restricting anonymous access.
    Windows Scan Results Vulnerabilities Check passed Administrators No more than 2 Administrators were found on this computer.
    Windows Scan Results Vulnerabilities Check passed Automatic Updates Updates are automatically downloaded and installed on this computer.
    Windows Scan Results Vulnerabilities Check not performed Password Expiration This check was skipped because the computer is not joined to a domain.
    Windows Scan Results Vulnerabilities Check not performed Autologon This check was skipped because the computer is not joined to a domain.
    Windows Scan Results Additional System Information Additional information Windows Version Computer is running Windows 2000 or greater.
    Windows Scan Results Additional System Information Best practice Auditing This check was skipped because the computer is not joined to a domain.
    Windows Scan Results Additional System Information Additional information Shares 2 share(s) are present on your computer.
    Windows Scan Results Additional System Information Best practice Services Some potentially unnecessary services are installed.
    Internet Information Services (IIS) Scan Results Additional System Information Best practice IIS Status IIS is not running on this computer.
    SQL Server Scan Results Product Status Best practice SQL Server/MSDE Status SQL Server and/or MSDE is not installed on this computer.
    Desktop Application Scan Results Vulnerabilities Check passed IE Zones Internet Explorer zones have secure settings for all users.
    Desktop Application Scan Results Vulnerabilities Check not performed Macro Security No Microsoft Office products are installed
    There's quite a bit of info, as you can tell, and for those who're more savvy with updating and MS tools, this is a lot better tool I think in providing more information and where to go than just what AU provides.

    Anyone else have comments on this utility?

    EDIT: I just realized how many other threads were out there concerning this tool. Don't I feel like a tool for not using the search button prior to posting, hah! At least there are some screenshots...please don't shoot me!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm a slacktard...
    ROFLMAO....

    I like MBSA. I use it against all servers I have just installed and locked down and whenever I make major changes to others.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    thanks for the info, i will study it when i have the time

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    MSBA is very powerfull tool for Windows User! It should be in all Windows Admin ToolBox just after SUS.
    -Simon \"SDK\"

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    I prefer the CIS tool. (Center for Internet Security). It goes above and beyond what the MS tool does, including the ability to apply NSA baseline security policies to your box. It also has the same stuff available for Unix systems.

    http://www.cisecurity.org/

    I recommend this one.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Originally posted here by thehorse13
    I prefer the CIS tool. (Center for Internet Security). It goes above and beyond what the MS tool does, including the ability to apply NSA baseline security policies to your box. It also has the same stuff available for Unix systems.

    http://www.cisecurity.org/

    I recommend this one.
    How does the scoring work? I was unable to find in the docs the scale and what the scoring means. I just did a quick browse through it though. All I saw is that a default install should have a 1.5 score on 2K.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    I'll have to check out the CIS tool...from what I saw, it looks to be a benchmark utility but that was the 10 second run-down before I had to leave. Will check it out though!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •