Microsoft Baseline Security Analyzer


Microsoft Baseline Security Analyzer




The Microsoft Baseline Security Analyzer is used to identify security misconfigurations and common missing security updates. The current version of MBSA(Microsoft Baseline Security Analyzer) is 2.3, which supports Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012. Windows 2000 is no longer supported with this version of 2.3. Basically MBSA is a scanning tool which scans for security updates for the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA uses Windows Server Update Services(WSUS) technologies to determine which update is needed. The Microsoft Update data source is obtained from Microsoft website or an offline catalog file named as Wsusscn2.cab. We can use MBSA for graphical user interface(GUI) which is an executable file, Mbsa.exe or by command line executable file, Mbsacli.exe. MBSA uses port no 138 and 139 for performing the vulnerability scanning. It uses DCOM for secure connection through windows firewall to perform security update scans. MBSA requires administrator privileges with MBSA installed on your computer for scanning or for the computers you want to scan. While using the command line interface, we have to use the options /u for username and /p for password to run scan. The username and passwords should not be stored in text files such as command files or scripts. Click MBSA and then click Run As for scanning if you are using GUI.
MBSA requires the following softwares to be installed:
·        Windows 2000 SP3 or later, Windows XP, Windows Server 2003, Windows Vista, or Windows Server 2008.
·        The latest Windows Update Agent (WUA) client.
·        IIS 5.0, 5.1 or 6.0.
·        SQL Server 2000 or MSDE 2.0.
·        Microsoft Office 2000, Office XP, or Office 2003.
·        Workstation service, Remote Registry service, File & Print Sharing, and the DCOM updates and firewall exceptions.
The scan will result errors if any of the services are unavailable or disabled , administrative shares are not accessible.

Comments

Post a Comment

Popular posts from this blog

Snort (Intrusion Detection System)

Snort is a rule based IDS. Snort works in three different modes which is as follows:     1) Sniffer Mode     2) Packet Logger Mode     3) Network Intrusion Detection Mode 1)       Sniffer Mode : Sniffer Mode allows you to dump data in the header and body of each packet to the screen when you are running Snort. To start the snort for displaying all application data, enter the command as follows: ./snort –d                     -> works in most of the version of snort ./snort –dv                  -> for getting an error message 2)       Packet Logger Mode : Packet Logger Mode is different from Sniffer mode because the packet data and headers are written to the hard drive of host on which the ...
Read more

Web Security

Things which can protect your system from intruders          1.  Keep platform up-to-date : It is one of best things that you can do to protect your website from intruders, you just have to make sure that installed platforms scripts are up-to-date. It is found that many of these tools are created as open-source software programs, so their code is easily available to black hat hackers. This code can be used for both in good intention by developers as well as bad intention by hackers. Developers will resolve the bugs and hackers will look for any security loopholes which will allow them to exploit the platform or any script. For an example, if anyone is running a website on WordPress, then the WordPress installation and plugins which are installed may be potentially vulnerable to attacks. Just make sure that you are using the newest version of platform and scripts, which will help minimizing the risk.   ...
Read more

Wireshark(Network Protocol Analyzer)

Wireshark and components – what does it do and how? Wireshark is a network monitoring tool which also called as network protocol analyzer or sniffer. It is free and open source tool. It is used for network trouble shooting and analysis. Wireshark is a cross platform based, it runs on many operating systems like Linux, MacOS, BSD, Solaris, Microsoft Windows etc. There is also a terminal version of wireshark which is called as TShark. Wireshark uses pcap to capture packets form the network. It is used for examining the details of traffic in the network. The information of the packet which is captured can give its transmit time, source ip address, destination ip address, protocol type, header data etc. So this information can be use in security and troubleshooting issues. The wireshark will display the information in three types of panels which are Packet list panel, Packet details panel, Packet byte panel. The packet list panel are the colored lines which are displayed at the top. ...
Read more