Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium enterprises determine their Security status based on Microsoft's Security recommendations, provide specific correction guide based on the results. Use MBSA to detect common security error configurations and missing security updates in computer systems to improve the security management process.
MBSA is built on the Windows Update agent and Microsoft Update infrastructure, so it can be consistent with other Microsoft management products, including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS ). MBSA is widely used by leading third-party security vendors and Security Auditors. This tool scans more than 3 million computers per week on average. Currently, MBSA versions earlier than 2.01 are stopped. For more information about the latest version 2.0, visit the following addresses:Http://technet.microsoft.com/zh-cn/security/cc184923.aspx. Using MBSA has three advantages:
First, the security of the system can be evaluated by scanning the system. Microsoft's own products are used to detect the security of home products, and integration should be the best.
Second, bypass Microsoft's verification issues related to patch downloads. The patch is provided directly after the MBSA scan is complete.
Third, use it to correct security management errors or vulnerabilities of applications such as IIS running in the system. The MBSA scan results show detailed rectification measures, which can be easily corrected to make the system more secure.
Fourth, patch updates can be made to Windows 2000 and NT operating systems. Currently, there are very few direct updates to Windows 2000 and NT operating systems.
In short, using MBSA is safer, more convenient, and more efficient than using third-party vulnerability detection tools. The following describes how to apply MBSA to detect and reinforce the personal computer system.
I. Experiment Preparation and Environment
1. Download MBSA
The latest version of MBSA is 2.1. It is divided into X64 and X86 software versions, which are divided into four languages: German, Japanese, English, and French, when downloading pay attention to, for X86 corresponding download "MBSASetup-x86-EN.msi.
2. Install MBSA
The installation of MBSA is very simple, just like the installation of normal software, follow the prompts.
3. experiment environment
In this experiment, Windows XP is used, some common application tools are installed, some simple reinforcement is performed, and the system security vulnerabilities are repaired using third-party tools such as 360.
2. Use MBSA to detect and reinforce the system
1. Run MBSA
Click Start-Program-Microsoft Baseline Security Analyzer 2.1 to open the main interface of the Microsoft Baseline Security Analyzer 2.1 program, as shown in 1.
498) this. style. width = 498; "border = 0> |
Figure 1 |
Figure 1 main program running interface of Microsoft Baseline Security Analyzer 2.1
Note:
There are three main functions in the MBSA main program:
(1) Scan a computer: a computer name or IP address is used to detect a single computer. It is suitable for detecting a single computer on this computer or on the network.
(2) Scan multiple computers: Use the domain name or IP address range to detect multiple computers.
(3) View existing security scan reports: View security reports that have been detected.
2. Set the single-host MBSA scan Option
Click "Scan a computer", and a Scan setting window appears, as shown in Figure 2. If you only set "Computer name" and "IP address" for the local machine ", MNSA automatically obtains the computer name of the Local Machine. For example, if the computer name scanned in this example is "WORKGROUPSIMEON, enter the IP address to be scanned in "IP address. In the MBSA scan option, a Security scan report name (% D %-% C % (% T %) is automatically named by default, that is, "Security report name ", this name is named according to "Domain Name-computer name (scan time)". You can also enter a custom name to save the scan security report. Select the first four security detection Options in Options.
498) this. style. width = 498; "border = 0> |
Figure 2 |
Figure 2 set MBSA scan options
Note: (1) there are five Options in "Options": Allow
Check for Windows administrative vulnerabilities: detects Windows Management vulnerabilities. Bytes
Check for weak passwords: detects weak passwords. Bytes
Check for IIS administrative vulnerabilities: detects IIS management vulnerabilities. If a computer provides Web services, you can choose to. In this example, IIS is not installed because it is a Windows XP system, therefore, you can choose not. Bytes
Check for SQL administrative vulnerabilities detects SQL program settings and other vulnerabilities, such as whether the latest patches and password settings are updated. Bytes
Check for security updates: detects security updates. It is mainly used to Check whether the system has installed Microsoft patches and does not need to pass Microsoft's genuine authentication.
The first four items are security detection options, which can be selected based on the actual situation. The last item is to update the latest information such as security policies and security patches on the Microsoft site. If you do not have a networking environment, you can choose not.
(2) clicking the "Cancel" button will return to the previous window.
(3) Click "Scanning Options" to view detailed descriptions of scan Options.
(4) If "Check for security updates" is selected, the program will update automatically. As shown in figure 3, the program will wait for a period of time during the scan, depending on the network connection and update volume, sometimes it takes a long time to wait until the updated information is downloaded and automatically performs a security scan. During the download process, the CPU usage may be high, which is normal, MBSA needs to update programs and policies after downloading updates to the local device. All the shares will be relatively high.
498) this. style. width = 498; "border = 0> |
Figure 3 |
Figure 3 program download policy updates
3. Scan for vulnerabilities
In Figure 2, click Start Scan to Start scanning. After the Scan is completed, the program automatically jumps to the Scan result window, as shown in Figure 4. You can view the details of this Scan. In the scan report, scan results can be sorted by Score (worst first) and Score (worst first. The Scan Results mainly include "Security Update Scan Results", "Windows Scan Results", and "Internet Information Services (IIS) scan Results, SQL Server Scan Results, and Desktop Application Scan Results.
498) this. style. width = 498; "border = 0> |