Lab 8.4.3 Performing a Vulnerability Analysis
Step 1: Download and install MBSA
a. Open a browser and go to the MBSA web page at:http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx
b. What is the latest version of MBSA available
Jawaban : Currently 2.0.1
c. What are some of the features MBSA provides? Answers will vary – From website: “detect common security misconfigurations and missing security updates on your computer systems”
d. Scroll down the page and select the desired language to begin the download process.
e. Click Continue to validate the copy of Microsoft Windows you are running.
f. Click Download Files below and select the file you want to download. (The English setup file is MBSASetup-EN.msi). Click the Download button on the right of this file. How many megabytes is the file to download? Jawaban : 11,5 MB
g. When the File Download – Security Warning dialog box displays, click Save and download the file to a specified folder or the desktop. You can also run it from the download website.
h. Once the download is complete, make sure all other applications are closed. Double-click the downloaded file. Click Run to start the Setup program, and then click Run if you are prompted with a Security Warning. ClickNext on the MBSA Setup screen.
i. Select the radio button to accept the license agreement and click Next. Accept the defaults as the install progresses, and then click Finish. Click OK on the final MBSA Setup screen, and close the folder to return to the Windows desktop.
Step 2: Build the network and configure the hosts
a. Connect the host computer(s) to the integrated router, a hub, or a switch as shown in the topology diagram. Host-A is the test station where MBSA will be installed. The server is optional.
b. Set the IP configuration for the host(s) using Windows XP Network Connections and TCP/IP properties. If the host is connected to the integrated router, configure it as a DHCP client; otherwise go to Step 1d.
c. If the host is connected to a hub or switch and a DHCP server is not available, configure it manually by assigning a static IP address. Which IP address and subnet mask does Host-A and the server (optional) have?
Jawaban : 192.168.1.X and 255.255.255.0. Default gateway is not required but could be set to 192.168.1.1 (the default IP address of the integrated router, if present).
IP Address : 192.168.24.09
Subnet Mask : 255.255.255.0
Step 3: Run MBSA on a host
a. Double-click the desktop icon for MBSA or run it from Start > All Programs. When the main screen displays, which options are available?
Jawaban : Scan a computer, Scan more than one computer, and View existing security reports.
- Pick a computer to scan
- Pick multiple computer to scan
- Pick a security report to view
- Microsoft Security Web Site
Step 4: Select a computer to scan
a. On the left side of the screen, click Pick a computer to scan. The computer shown as the default is the one on which MBSA is installed.
b. What are the two ways to specify a computer to be scanned?
Jawaban : By name and by IP address.
c. Accept the default computer to be scanned. De-select Check for IIS and SQL administrative vulnerabilities, since these services are not likely to be installed on the computer being scanned. Click Start Scan.
Step 5: View security update scan results
a. View the security report. What are the results of the security update scan?
Jawaban : See screen below for possibilities. Missing Security Updates are indicated by a red X in the Scorecolumn. Missing Update Rollups and Service Packs are indicated by a yellow X
b. If there are any red or yellow Xs, click How to correct this. Which solution is recommended?
Jawaban : Most often to download updates and service packs from Microsoft Update website
Step 6: View Windows scan results in the security report
a. Scroll down to view the second section of the report that shows Windows Scan Results. Were there any administrative vulnerabilities identified?
Jawaban : See screen below for some possibilities
b. On the Additional System Information section of the screen (below), in the Issue column for Services, clickWhat was scanned, and click Result details under the Result column to get a description of the check that was run. What did you find? When finished, close both popup windows to return to the security report.
Jawaban : Telnet and some other services may be installed and running. Port numbers will be listed
Step 7: View Desktop Application Scan Results in the Security report
a. Scroll down to view the last section of the report that shows Desktop Applications Scan Results. Were there any administrative vulnerabilities identified?
Jawaban : See screen below for some possibilities.
b. How many Microsoft Office products are installed?
Jawaban : Too many, more than 10
c. Were there any security issues with Macro Security for any of them?
Step 8: Scan a server, if available
a. If a server with various services is available, click Pick a computer to scan from the main MBSA screen and enter the IP address of the server, and then click Start Scan. Which security vulnerabilities were identified?
Jawaban : This can be a live server if the host has physical and logical access to it and organizational policies permit scanning the live network
b. Were there any potentially unnecessary services installed? Which port numbers were they on?
Jawaban : Could include Telnet, HTTP, FTP, and so on, with corresponding port numbers
Step 9: Uninstall MBSA using Control Panel Add/Remove Programs
a. This step is optional, depending on whether the host will be automatically restored later by a network process.
b. To uninstall MBSA, click Start > Control Panel > Add/Remove Programs. Locate the MBSA application and uninstall it. It should be listed as Microsoft Baseline Security Analyzer 2.0.1. Click Remove, and then clickYes to confirm removal of the MBSA application. When finished, close all windows to return to the desktop.
Step 10: Reflection
a. The MBSA tool is designed to identify vulnerabilities for Windows-based computers. Search the Internet for other tools that might exist. List some of the tools discovered. Answers will vary.
- Client versions of Windows, including Windows
- Windows Server, including Windows Server 2008
- SQL Server
- Internet Information Server (IIS)
- Internet Explorer
- Microsoft Office
b. Which tools might there be for non-Windows computers? Search the Internet for other tools that might exist and list some of them here.
c. Which other steps could you take to help secure a computer against Internet attacks?