New and Improved MBSA Belongs in Your Security Toolkit

IT pros and ordinary computer users face basic security concerns every day. For the small business IT pro, protecting the systems they support is a major part of the job and can be quite time consuming. That's why tools such as the Microsoft Baseline Security Analyzer (MBSA) can be an integral part of the IT security toolkit.

When I first recommended the MBSA tool, I received a lot of responses from readers who found it clumsy to use, inaccurate in its reporting (because of problems with the way it handled Microsoft Office application configurations), and useful only if the user was able to read between the lines (i.e., fully understand the security concerns and the way that MBSA reports on them.)

Last month, Microsoft released MBSA 2.0 ( http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx ), which addresses all the common complaints about the first-generation tool. MBSA 2.0 is much easier to use and has a better Help system than the first version did. It also provides better explanations of problems (or potential problems) that it finds and is more aware of the operating environment (e.g., workgroup or domain) of the computers you're testing.

To scan all or some of the computers in your network, you simply give the tool the IP address range of your target computers (ensure that you have local administrator rights on all the target computers) and let it run. MBSA produces a report for each specified computer, detailing any problems found and providing the status for each of the items it checks. For security checks that aren't appropriate for the target computers (e.g., checking domain-related items in a workgroup environment), the tool simply reports that it didn't perform the check.

MBSA checks the security status of Office 2003, Office XP, and Office 2000 and any version of the 32-bit Windows OS later than Windows 2000 Service Pack 3 (SP3). The tool checks for security updates rated moderate, important, or critical and reports not only whether security updates are needed, but will confirm that no security updates are missing.

For users in larger environments, Microsoft has released the Microsoft Office Visio 2003 Connector for MBSA 2.0. This tool lets MBSA users generate a color-coded report as a Visio 2003 network diagram that provides an at-a-glance view of the status of their network computers. The process isn't totally automated: The user must create the initial network diagram in Visio, either manually or by using a network auto-discovery tool that reports data back to Visio. After you create the diagram, Visio Connector for MBSA creates a smart-tag that lets you launch MBSA from the diagram. Then you can drill down from the diagram directly into MBSA reports. You can read more about the tool and download it at http://www.microsoft.com/technet/security/tools/mbsavisio.mspx .

Users who want to automate the operation of MBSA can use a command-line version that's installed when the GUI version is installed. By using the command-line tool, users can automate the scanning process, either through batch files or more complex scripting tools. If you've been steering clear of MBSA because of its earlier shortcomings, it might be time to reevaluate this handy tool.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish