|
|
|
Tips and tricks: Dealing with threats
As a system administrator, a server operator or even a novice computer user, you must be aware of the complexities of configuring all security options present in the operating system. It’s easy to misconfigure, overlook or forget a setting or a default behaviour could continue to function in a system, posing a security threat.
In such a scenario, the Microsoft Baseline Security Analyzer (MBSA) is helpful. Since it accesses sensitive areas pertaining to security, a user must be logged in with administrative privileges.
Scanning options
Scanning can be performed on a stand-alone personal computer or on multiple computers at the same time by using the domain or IP range. Once the PC is selected, a user can optionally turn on or off specific checks, which include Windows, SQL, IIS vulnerabilities, weak passwords, security updates and using a Security Update Server (SUS). After scanning, a detailed report is displayed showing what was scanned, the results and how to fix problems if discovered. Here’s what MBSA can do for you.
Windows checks
Several administrative options are checked under this category. Some are domain-specific while the rest are applicable on machines without a domain. Starting from the file system of the hard disk, everything from passwords, logons and services are checked. For secure access to the system, the presence of a guest account and anonymous access is flagged as a problem, along with the presence of more than one administrator account. Password strength (blank or simple) is checked along with its expiration date and auto-logon (domain only).
MBSA lists potentially unnecessary services without marking them as immediate threats. For example, on a home PC, Telnet is listed as unnecessary. This is particularly helpful for the not-so-advanced users who would think a hundred times before turning a service off in Control Panel> Administrative Tools>Services.
For countering online threats, the Auto Updates feature and the status of the Internet Connection Firewall (ICF) are checked for every network connection. Shared folders, including system shares of Admin$, C$ etc., are also listed just in case an administrator has overlooked the presence of some important information being shared.
IIS
Internet Information Services (IIS) checks has been one of the favourite targets of the “black hat” community. There are several sites, which “specialize” in IIS hacks and provide tools and procedures to gain illegal access on various versions of IIS. As IIS hosts a company’s site and other services that interact directly with clients, any breach of security is hard to keep a secret. MBSA checks of IIS Lockdown tool’s execution, the presence of sample paths, parent paths enabling, the presence of MSADC (sample data access scripts) and scripts virtual directories, which may increase attack surface if left there without a purpose. The logging feature is also checked, a powerful IIS tool. With logs enabled, specific user activity on selected sites can be viewed such as files read, written, successful and unsuccessful access attempts, events, etc.
SQL server checks
With recent attacks on SQL servers, securing it should be one of the highest priorities of DBAs. Often, trivial settings, letting defaults go too far and not updating with security patches leads to an exploitable database on SQL server. MBSA checks if Administrators are there in SysAdmin role, proposes that the SQL server shouldn’t be running on a domain controller PC, etc.
Internet Explorer checks
Browser-based hacking techniques have enjoyed the status of being among the earliest and most written form of online malicious code. MBSA attempts to address the problem by detecting IE security zone settings for local users, checking the status of Internet Explorer Enhanced Security Configuration and MS Office macro level security settings.
Along with the above-mentioned checks, security update checks are also performed for Exchange Server, IE, Windows Media Player, Microsoft Virtual Machine (VM), Microsoft Data Access Components (MDAC), MSXML, etc.
This tool focuses on the Windows operating system’s setting to thwart possible attacks on a network. With the capability of scanning up to 10,000 machines at the same time, localized versions, XML based databases and command line switches, this tool can serve as the first line of defence for any security-conscious user — before or after concrete measures are taken to enforce stringent security. — NDA
The writer’s email is nizar.ali@gmail.com
|
|
|
|
