Microsoft Baseline Security Analyzer - Essay Example

1. Focus on the overall “security assessment” risk rating that appears at the top of your report. Considering what security measures you (or the computer owner) have undertaken for your computer, does the assessment surprise you? Why or why not? What measures should you plan to undertake if the green checkmark did not appear? I didn’t receive a complete security assessment for my personal computer because the MBSA could not complete one or more requested checks. Windows Firewall tests cannot be completed due to an error. All user accounts have non expiring passwords. So my plans are to find out what error is preventing my firewall form being able to be scanned. I will also take protective measures in establishing password expirations for my user accounts. Overall, I’m not surprised at the results of my security assessment due to the fact that I’m the only user of this computer, and I exercise safe practices while using it, and I only use it on an as needed basis. 2a. what does MBSA do to check for weak local account passwords? MBSA is multi-threaded and has the capacity to scan a whole domain and extensive address range within a short time frame. One MBSA system can operate a scanning process in a few seconds to several minutes; however, this depends on the number of user machines. A lot of time is usually taken in scanning for weak passwords when utilizing MBSA machines. Such tests involve checking empty passwords together with common password dimensions such as: The name of the machine, user name, and administrator. In order to avoid frequent checking of passwords, it is pertinent to scan a person’s premises more often. When the weak passwords are not tested or checked, the option for testing (Checking) passwords for Windows accounts as well as SQL accounts are disabled (Fahland and Schultze, 2010). b. Why is it important to have a strong password on local user accounts especially in a corporate environment? Majority of users log on to computers or in to remote computers through utilization of a combined user name and a password keyed into the keyboard. In spite the fact that there exist various alternative technologies meant for authentication ranging from; smartcards, biometrics as well as instant passwords, a good number of organizations to some extent continue to rely on traditional passwords; this is projected to continue for sometime. It is therefore imperative that organizations formulate and implement password policies to guide the use of their computers such as the use stronger passwords. Such passwords possess the required level of complexity characterized by the character facets and the length dimensions. This feature makes it hard to hard such passwords. The aspect of developing strong password guidelines organization may assist in preventing hackers from accessing confidential information hence preventing losses ascribed to it (Micosoft, 2012). c. Explain why it is important to have a password expiration policy set: All organizations aspiring to succeed in their operations, must formulate and implement password policies that has to be adhered to by all the workers. Such policies inform all the users and the administrators of all the internal networks of the guidelines and directions in managing their user accounts passwords within the company. These policies are usually formulated in a manner that the are part of the company security guidelines (Samuelle, 2011, p.40) 3. Malware can affect a computer in multiple ways. Having automatic updates turned off, not allowing Windows to update, and disabling the Windows firewall and setting exceptions in the Windows firewall are all tell-tale signs of this. Explain: a. How malware is able to accomplish this? Companies that operate mostly through the internet are usually the most affected by malware due to the fact that some malicious individuals may hack their systems and alternate their functionality hence increasing their vulnerability to malwares. It is therefore important that system operators conduct frequent checks of software attacks and carry out preventive measures (Samuelle, 2011, p.313). b. What type of malware could be used? Malwares can be conducted through the use malicious codes that perform negative functions opposite to that of the user. Such codes are inclusive of: Trojan horses, spyware and computer viruses et cetera (Stewart, 2011, p. 126). 4. On local machines (home) computers, it is traditionally acceptable to have Windows automatically update the system with patches. In a corporate environment, typically system administrators will set domain computers to manually install updates. Through this process, the administrators will decide if a patch is necessary for their environment’s standard operation expectancy (SOE). Typically they would use Windows Server Update Services (WSUS) to push out the updates to the computers, which is a highly time consuming process. Conficker is one of the most recent examples of an infection that leveraged a vulnerability that could have been avoided through a patch that had already been released. Yet, it spread like wildfire, infecting millions of corporate environments. a. Explain what Conficker is, which systems were vulnerable, which vulnerability it exploited, which Microsoft patch fixed the vulnerability, and the reason(s) that it is necessary to test new patches as they are released. Please be as specific and fact-based as possible regarding types of malware using credible references to support your answer. (Answer must be APA compliant) Confickers encompasses networks the functionality of unprotected (Vulnerable) computer windows. In the case above, the vulnerable windows were inclusive of: Microsoft Windows RPC and Windows Server. Such vulnerability enables cybercriminals to key in malicious codes onto other user’s machine. Since the introduction of confickers, a myriad malicious uses have occurred among network hackers who use worms like the autorun and spread it to the computer users through USB portals hence affecting the drives and the computer media. This has also led to the negative effect on the Microsoft Windows Update which may hinder users from accessing blocks the manual or automatic security updates (Bitdefender, 2009). Additionally, confickers as well as other variety of worms have become a major concern to most businesses do not conduct frequent updates on their computer networks. Affected computers can be easily accessed by malicious internet or other computer users. Confickers work in a manner that they attack a vulnerable Windows Server. It is also pertinent to note that computers that do not possess Microsoft patch of October 2008 have the highest probability of undergoing an attack. On the other hand, home computers are mostly protected by the use of firewall system hence are less attacked by confickers. In some cases, home networks can also be affected when they pick worms from their manufacturing or software companies. In order to prevent such attacks, it is pertinent that users appropriately apply the use of Microsoft patches. Internet network users can alternatively apply the use of F-Secure’s Blocklists to prevent the worms from connecting to their websites. Consequently, autoruns can also be disables to protect computer PC’s from the viral attacks especially from USB storage lines (Larkin, 2009). In the year 2008, Microsoft implemented an important security update, the MS08-067, which was geared towards resolving vulnerability in aspect of using the Server service. This computer vulnerability could enable any anonymous malicious user to manipulate functionality of an affected system System through the use of a network-based attack. From the time of the release of the MS08-067, the (MMPC) has conducted various researches and identified a number of variants listed below of as members of the Win32/Conficker (Microsoft, 2009). Worm:Win32/Conficker.A: identified by the MMPC on November 21, 2008 Worm: Win32/Conficker.B: identified by the MMPC on December 29, 2008 Worm: Win32/Conficker.C: identified by the MMPC on February 20, 2009 Worm: Win32/Conficker.D: identified by the MMPC on March 4, 2009 Worm: Win32/Conficker.E: identified by the MMPC on April 8, 2009 The testing of the effects of a patch on the functionality of an operational system before utilization is an important step in any given effective patches control methodology. Services may be negatively affected in case this stage is not taken into consideration hence may lead to consumption of a lot of time to conduct repairs in the machines. It is imperative that the entire security patches undergo this major step and tested to ensure that compatibility with other systems is achieved at the required time frame. Most organizations tend to install security patches to their newly purchase systems without properly testing. This may turn to be fatal since most Windows OS have the capacity to manipulate their run time variances. Any given case of incompatible in the patching system may cause several application failures hence impairing the efficiency of an organizational IT operation (Micro vision, 2005). b. How would MBSA be used to detect the missing patch in a corporate environment? Systems such as firewalls and anti-virus detection have proved to be critical in the provision of securities to machines. They do not negate the aspect of a patch management system. In July 24, 2002 news concerning the development of a patch that was meant to SQL Slammer worm spread every where. However, the worm turned out to be the one of the rapidly growing in the history of computers. The Microsoft team got this news and directed their focus in proper testing of patches before releasing the, to their users. This action paid off positively and users were happy with efforts of the Microsoft team which saw an enhanced protection to their machines (Pasini 2003). Consequently, the Trustworthy Computing Company developed an alternative new group within the Microsoft. This action led to a decentralization scenario where new packages and new findings were developed to enhance the efficiency and quality production of services within the company. Another Group known as the PMWG- Patch Management Working Group- was also formed to develop new methodologies in and techniques that would enable the company to develop proper effective software management systems. Machine operators are advised to ensure that they should be well acquainted with the type of patching they are using before their operation and should also list their inventories such as: The level of the current patch, operating system, the functionality of the system, the contacts of the persons responsible for their system management as well as the applications installed on their devices. 5. If you were preparing the next version of MBSA, what new feature would you add? Why? A new feature that I would add to the next version of MBSA would be a defaulted icon that populates at the problem(s) on the security assessment report in MBSA once the initial scan is complete, and that will allow the pc user to go directly to the problem and fix it rather than having to exit out of MBSA completely to fix the problem(s) and then later come back into the program to re-run another scan. Once the problem(s) are fixed or resolved, MBSA will automatically complete scanning or rescan and give an immediate update. Also, if feasible, MBSA could be programmed to automatically fix problem(s) that don’t require or rely on user input. References Graham-Smith, D. (2012, October 31). Blocking Attacks with a Firewall. The Ultimate Guide to Internet Security, 58. Samuelle, T. J. (2011). Mike Meyers CompTIA Security+ Certification Passport (3rd ed., pp. 40, 68). New York, NY: McGraw-Hill Companies. Stewart, J. M. (2011). CompTIA Security+ Review Guide (2nd ed., pp.126, 227). Indianapolis, IN: Wiley Publishing, Inc. Microsoft. (2012). Enforcing Strong Password Usage Throughout Your Organization, Retrieved October 06, 2012 from http://technet.microsoft.com/en-us/library/cc875814.aspx Symantec Corporation. (2012, August 08).W32.Downadup. Retrieved October 07, 2012 from, http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=2 Fahland, Mike and Schultze, Eric (2010, Novemver 02). Microsoft Baseline Security Analyzer V1.1. Retrieved October 06, 2012, from http://www.symantec.com/connect/articles/microsoft-baseline- security-analyzer-v11 Bitdefender. (2009). Bitdefender Releases White Paper: Conficker One Year After. Retrieved October 06, 2012, from http://www.bitdefender.com/news/bitdefender-releases-whitepaper:- %E2%96%92conficker-%E2%88%9A-one-year-after%E2%96%93-1262.html Larkin, Erik. PCWorld, (2009, January 16). Protecting Against the Rampant Conficker Worm, Retrieved October 06, 2012, from http://www.pcworld.com/article/157876/conficker.html Leder, Felix and Werner, Tillmann. 2009 April, 07. Know Your Enemy: Containing Conficker To Tame A Malware retrieved October 06, 2012, from http://www.honeynet.org/files/KYE-Conficker.pdf Microsoft, (2009, April 10). Conficker Worm: Help Protect Windows from Conficker, Retrieved October 06, 2012, from http://technet.microsoft.com/en-us/security/dd452420.aspx Microvision. (2005, September). How to Make Microsoft Security Patch Testing More Efficient. Schaumburg, IL: Microvision Europe Ltd. And/or Microvision Corporation. Retrieved October 06, 2012, from http://www.softsummit.com/library/white_papers/adminstudio_microsoftsecuritypatch.pdf Pasini, Harold. (2003, April 07). Global Information Assurance Certification Paper. Sans Institute. Retrieved Oct 07, 2012, from http://www.giac.org/paper/gsec/2830/effective-patch-management-microsoft-environment/104796 Read More