One of the hard tasks in the daily live of an IT administrator is to ensure that the network and the server are secure. The perfect security is not possible. There will always be some small leaks either provoked through the behavior of the user in version 1.0 or the administrator of the system. Not to mention design leaks in the software itself. Most environments are too large and too complex for a manual checkup of all security patches and service packs. One other factor is most users need some higher rights on their machine to do their work. This often results in disabling the windows firewall. These two scenarios are big the root of all evil.
A good tool to find security issues is the “Microsoft Baseline Security Analyzer” aka. MBSA. Which is released in version 2.1. The MBSA can be obtained for free from the Microsoft homepage. My recommendation is to install the tool on one centrally accessible client or server. Because it need’s full RPC access to all machines that are to be tested. Some heretic may say that a client that needs RPC ports through the whole network is a security problem in high secure environment, and maybe he is right, but this is another topic. After a short installation of the MBSA it’s ready to use. The tool is the solution for scanning whole networks and domain. Please keep in mind that the tool needs some performance on the scanned server or workstation
Let us start with a report for one server. A notice to my chef: “This is not a corporate server, it’s an special virtual machine for this blog, so relax when you see the report at the end J”. One of the nice features is the possibility to set the patch repository to a local WSUS. So if there is a problem with a windows patch you decide to not install it doesn’t show up as an error. I recommend in most cases to use the Microsoft update as repository. Maybe you’ll find out some dark secrets of the WSUS administrator
After a scan that runs approximately for 40 seconds a nice report is created by the tool.
Special remarkable is that Microsoft gives a short description how to correct the problem.
A small summary is that the tool can’t make wonders, but it’s an nice way to ensures that the big risk’s are closed even when you don’t have detail knowledge of the software like SQL Server. The tool is not perfect so checkup the recommended solution. “Some potentially unnecessary services are installed“ means in my test lab the “save service” which is a virus scanner. After all it’s a good tool. Read you soon !!
Cheers Konrad
postscript: thx to my ghostwriter 😉
