StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Microsoft Baseline Security Analyzer - Essay Example

Cite this document
Summary
"Microsoft Baseline Security Analyzer" paper identifies what MBSA does to check for weak local account passwords, explains why it is important to have a strong password on local user accounts especially in a corporate environment, and to have a password expiration policy set…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.3% of users find it useful
Microsoft Baseline Security Analyzer
Read Text Preview

Extract of sample "Microsoft Baseline Security Analyzer"

1. Focus on the overall “security assessment” risk rating that appears at the top of your report. Considering what security measures you (or the computer owner) have undertaken for your computer, does the assessment surprise you? Why or why not? What measures should you plan to undertake if the green checkmark did not appear? I didn’t receive a complete security assessment for my personal computer because the MBSA could not complete one or more requested checks. Windows Firewall tests cannot be completed due to an error. All user accounts have non expiring passwords. So my plans are to find out what error is preventing my firewall form being able to be scanned. I will also take protective measures in establishing password expirations for my user accounts. Overall, I’m not surprised at the results of my security assessment due to the fact that I’m the only user of this computer, and I exercise safe practices while using it, and I only use it on an as needed basis. 2a. what does MBSA do to check for weak local account passwords? MBSA is multi-threaded and has the capacity to scan a whole domain and extensive address range within a short time frame. One MBSA system can operate a scanning process in a few seconds to several minutes; however, this depends on the number of user machines. A lot of time is usually taken in scanning for weak passwords when utilizing MBSA machines. Such tests involve checking empty passwords together with common password dimensions such as: The name of the machine, user name, and administrator. In order to avoid frequent checking of passwords, it is pertinent to scan a person’s premises more often. When the weak passwords are not tested or checked, the option for testing (Checking) passwords for Windows accounts as well as SQL accounts are disabled (Fahland and Schultze, 2010). b. Why is it important to have a strong password on local user accounts especially in a corporate environment? Majority of users log on to computers or in to remote computers through utilization of a combined user name and a password keyed into the keyboard. In spite the fact that there exist various alternative technologies meant for authentication ranging from; smartcards, biometrics as well as instant passwords, a good number of organizations to some extent continue to rely on traditional passwords; this is projected to continue for sometime. It is therefore imperative that organizations formulate and implement password policies to guide the use of their computers such as the use stronger passwords. Such passwords possess the required level of complexity characterized by the character facets and the length dimensions. This feature makes it hard to hard such passwords. The aspect of developing strong password guidelines organization may assist in preventing hackers from accessing confidential information hence preventing losses ascribed to it (Micosoft, 2012). c. Explain why it is important to have a password expiration policy set: All organizations aspiring to succeed in their operations, must formulate and implement password policies that has to be adhered to by all the workers. Such policies inform all the users and the administrators of all the internal networks of the guidelines and directions in managing their user accounts passwords within the company. These policies are usually formulated in a manner that the are part of the company security guidelines (Samuelle, 2011, p.40) 3. Malware can affect a computer in multiple ways. Having automatic updates turned off, not allowing Windows to update, and disabling the Windows firewall and setting exceptions in the Windows firewall are all tell-tale signs of this. Explain: a. How malware is able to accomplish this? Companies that operate mostly through the internet are usually the most affected by malware due to the fact that some malicious individuals may hack their systems and alternate their functionality hence increasing their vulnerability to malwares. It is therefore important that system operators conduct frequent checks of software attacks and carry out preventive measures (Samuelle, 2011, p.313). b. What type of malware could be used? Malwares can be conducted through the use malicious codes that perform negative functions opposite to that of the user. Such codes are inclusive of: Trojan horses, spyware and computer viruses et cetera (Stewart, 2011, p. 126). 4. On local machines (home) computers, it is traditionally acceptable to have Windows automatically update the system with patches. In a corporate environment, typically system administrators will set domain computers to manually install updates. Through this process, the administrators will decide if a patch is necessary for their environment’s standard operation expectancy (SOE). Typically they would use Windows Server Update Services (WSUS) to push out the updates to the computers, which is a highly time consuming process. Conficker is one of the most recent examples of an infection that leveraged a vulnerability that could have been avoided through a patch that had already been released. Yet, it spread like wildfire, infecting millions of corporate environments. a. Explain what Conficker is, which systems were vulnerable, which vulnerability it exploited, which Microsoft patch fixed the vulnerability, and the reason(s) that it is necessary to test new patches as they are released. Please be as specific and fact-based as possible regarding types of malware using credible references to support your answer. (Answer must be APA compliant) Confickers encompasses networks the functionality of unprotected (Vulnerable) computer windows. In the case above, the vulnerable windows were inclusive of: Microsoft Windows RPC and Windows Server. Such vulnerability enables cybercriminals to key in malicious codes onto other user’s machine. Since the introduction of confickers, a myriad malicious uses have occurred among network hackers who use worms like the autorun and spread it to the computer users through USB portals hence affecting the drives and the computer media. This has also led to the negative effect on the Microsoft Windows Update which may hinder users from accessing blocks the manual or automatic security updates (Bitdefender, 2009). Additionally, confickers as well as other variety of worms have become a major concern to most businesses do not conduct frequent updates on their computer networks. Affected computers can be easily accessed by malicious internet or other computer users. Confickers work in a manner that they attack a vulnerable Windows Server. It is also pertinent to note that computers that do not possess Microsoft patch of October 2008 have the highest probability of undergoing an attack. On the other hand, home computers are mostly protected by the use of firewall system hence are less attacked by confickers. In some cases, home networks can also be affected when they pick worms from their manufacturing or software companies. In order to prevent such attacks, it is pertinent that users appropriately apply the use of Microsoft patches. Internet network users can alternatively apply the use of F-Secure’s Blocklists to prevent the worms from connecting to their websites. Consequently, autoruns can also be disables to protect computer PC’s from the viral attacks especially from USB storage lines (Larkin, 2009). In the year 2008, Microsoft implemented an important security update, the MS08-067, which was geared towards resolving vulnerability in aspect of using the Server service. This computer vulnerability could enable any anonymous malicious user to manipulate functionality of an affected system System through the use of a network-based attack. From the time of the release of the MS08-067, the (MMPC) has conducted various researches and identified a number of variants listed below of as members of the Win32/Conficker (Microsoft, 2009). Worm:Win32/Conficker.A: identified by the MMPC on November 21, 2008 Worm: Win32/Conficker.B: identified by the MMPC on December 29, 2008 Worm: Win32/Conficker.C: identified by the MMPC on February 20, 2009 Worm: Win32/Conficker.D: identified by the MMPC on March 4, 2009 Worm: Win32/Conficker.E: identified by the MMPC on April 8, 2009 The testing of the effects of a patch on the functionality of an operational system before utilization is an important step in any given effective patches control methodology. Services may be negatively affected in case this stage is not taken into consideration hence may lead to consumption of a lot of time to conduct repairs in the machines. It is imperative that the entire security patches undergo this major step and tested to ensure that compatibility with other systems is achieved at the required time frame. Most organizations tend to install security patches to their newly purchase systems without properly testing. This may turn to be fatal since most Windows OS have the capacity to manipulate their run time variances. Any given case of incompatible in the patching system may cause several application failures hence impairing the efficiency of an organizational IT operation (Micro vision, 2005). b. How would MBSA be used to detect the missing patch in a corporate environment? Systems such as firewalls and anti-virus detection have proved to be critical in the provision of securities to machines. They do not negate the aspect of a patch management system. In July 24, 2002 news concerning the development of a patch that was meant to SQL Slammer worm spread every where. However, the worm turned out to be the one of the rapidly growing in the history of computers. The Microsoft team got this news and directed their focus in proper testing of patches before releasing the, to their users. This action paid off positively and users were happy with efforts of the Microsoft team which saw an enhanced protection to their machines (Pasini 2003). Consequently, the Trustworthy Computing Company developed an alternative new group within the Microsoft. This action led to a decentralization scenario where new packages and new findings were developed to enhance the efficiency and quality production of services within the company. Another Group known as the PMWG- Patch Management Working Group- was also formed to develop new methodologies in and techniques that would enable the company to develop proper effective software management systems. Machine operators are advised to ensure that they should be well acquainted with the type of patching they are using before their operation and should also list their inventories such as: The level of the current patch, operating system, the functionality of the system, the contacts of the persons responsible for their system management as well as the applications installed on their devices. 5. If you were preparing the next version of MBSA, what new feature would you add? Why? A new feature that I would add to the next version of MBSA would be a defaulted icon that populates at the problem(s) on the security assessment report in MBSA once the initial scan is complete, and that will allow the pc user to go directly to the problem and fix it rather than having to exit out of MBSA completely to fix the problem(s) and then later come back into the program to re-run another scan. Once the problem(s) are fixed or resolved, MBSA will automatically complete scanning or rescan and give an immediate update. Also, if feasible, MBSA could be programmed to automatically fix problem(s) that don’t require or rely on user input. References Graham-Smith, D. (2012, October 31). Blocking Attacks with a Firewall. The Ultimate Guide to Internet Security, 58. Samuelle, T. J. (2011). Mike Meyers CompTIA Security+ Certification Passport (3rd ed., pp. 40, 68). New York, NY: McGraw-Hill Companies. Stewart, J. M. (2011). CompTIA Security+ Review Guide (2nd ed., pp.126, 227). Indianapolis, IN: Wiley Publishing, Inc. Microsoft. (2012). Enforcing Strong Password Usage Throughout Your Organization, Retrieved October 06, 2012 from http://technet.microsoft.com/en-us/library/cc875814.aspx Symantec Corporation. (2012, August 08).W32.Downadup. Retrieved October 07, 2012 from, http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=2 Fahland, Mike and Schultze, Eric (2010, Novemver 02). Microsoft Baseline Security Analyzer V1.1. Retrieved October 06, 2012, from http://www.symantec.com/connect/articles/microsoft-baseline- security-analyzer-v11 Bitdefender. (2009). Bitdefender Releases White Paper: Conficker One Year After. Retrieved October 06, 2012, from http://www.bitdefender.com/news/bitdefender-releases-whitepaper:- %E2%96%92conficker-%E2%88%9A-one-year-after%E2%96%93-1262.html Larkin, Erik. PCWorld, (2009, January 16). Protecting Against the Rampant Conficker Worm, Retrieved October 06, 2012, from http://www.pcworld.com/article/157876/conficker.html Leder, Felix and Werner, Tillmann. 2009 April, 07. Know Your Enemy: Containing Conficker To Tame A Malware retrieved October 06, 2012, from http://www.honeynet.org/files/KYE-Conficker.pdf Microsoft, (2009, April 10). Conficker Worm: Help Protect Windows from Conficker, Retrieved October 06, 2012, from http://technet.microsoft.com/en-us/security/dd452420.aspx Microvision. (2005, September). How to Make Microsoft Security Patch Testing More Efficient. Schaumburg, IL: Microvision Europe Ltd. And/or Microvision Corporation. Retrieved October 06, 2012, from http://www.softsummit.com/library/white_papers/adminstudio_microsoftsecuritypatch.pdf Pasini, Harold. (2003, April 07). Global Information Assurance Certification Paper. Sans Institute. Retrieved Oct 07, 2012, from http://www.giac.org/paper/gsec/2830/effective-patch-management-microsoft-environment/104796 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Microsoft Baseline Security Analyzer Essay Example | Topics and Well Written Essays - 1000 words”, n.d.)
Microsoft Baseline Security Analyzer Essay Example | Topics and Well Written Essays - 1000 words. Retrieved from https://studentshare.org/information-technology/1604828-microsoft-baseline-security-analyzer
(Microsoft Baseline Security Analyzer Essay Example | Topics and Well Written Essays - 1000 Words)
Microsoft Baseline Security Analyzer Essay Example | Topics and Well Written Essays - 1000 Words. https://studentshare.org/information-technology/1604828-microsoft-baseline-security-analyzer.
“Microsoft Baseline Security Analyzer Essay Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1604828-microsoft-baseline-security-analyzer.
  • Cited: 0 times

CHECK THESE SAMPLES OF Microsoft Baseline Security Analyzer

Professional Profile of the Program Analyst and System Engineer

The person described in this paper as highly qualified and accomplished Program Analyst and System Engineer.... Has an extensive experience and progressive growth in directing various aspects of program/project operations while demonstrating attuned communication and diplomacy qualities.... … He's also seeking an IT Management, Project Management, Program Analyst, or Contract Specialist position in an operational environment that will effectively utilize acquired technical skills and abilities while demonstrating extensive education in Software Engineering and Project Management....
4 Pages (1000 words) Essay

The Use of a Business Intelligence Application

In recent years business intelligence has been able to acquire its place among one of the most required Several global companies around the world like that of microsoft and Oracle have recognized the need and the value of using business intelligence.... It can help to take decision by using analytical application....
10 Pages (2500 words) Research Paper

Incident response policy

Proper incident response should be an integral part of your overall security policy and risk mitigation… This document will provide you with a recommended process and procedures to use when responding to incidents identified in a small- to medium-based network environment such as Gem Infosys.... The value of forming a security incident response team with explicit team member Incident response policy for Gem Infosys Incident response policy for Gem Infosys Introduction In the existing IT environment, incidents are common and appropriate measures should be taken to tackle them....
2 Pages (500 words) Essay

IT Database Research

Windows Update website must be visited regularly, and tools like Microsoft Baseline Security Analyzer (MBSA) must be used to scan and identify vulnerabilities.... Physical security involves measures taken to ensure security of workforce, system devices and equipment, resources, documents and sensitive information stored on physical media (like hardware programs and networks) from damaging proceedings like unauthorized access, fire,… 2....
4 Pages (1000 words) Research Paper

The Microsoft Baseline Security Analyzer

The MBSA checks the passwords keeping in view the characteristics of the weak passwords include: the blank passwords, simple or easy to crack… One of the main reasons for emphasizing the strong passwords is that despite the development and implementation of latest technologies to protect secured information, the information can easily have Question # 2 – Part a The Microsoft Baseline Security Analyzer (MBSA) tool provides multiple scan facilities to assess the weak local account passwords....
2 Pages (500 words) Assignment

Securing Exploits and Vulnerabilities: Ethical Hacking

Metasploit Pro is an advanced penetration analyzer that aid testers in conducting security assessments by leveraging discovery, exploitation, brute-forcing, and reporting tools.... This essay will investigate security testing software that, if adopted, will benefit the organization's corporate information systems.... The subject of this analysis is the Metasploit security tool's penetration testing which includes password attacks, authentication bypass, and operating system security among others....
5 Pages (1250 words) Essay

The Idea of Sandboxing and Its Techniques

In the security model of Windows, a modified sandbox is built-in that automatically blocks any malicious content.... This coursework "The Idea of Sandboxing and Its Techniques" focuses on the main function of the sandbox that generates a remote atmosphere in which the applications run to block malware attacks....
14 Pages (3500 words) Coursework

Security Analyzer (MBSA)

This is the "security analyzer (MBSA)" essay.... nbsp; This security analyzer (MBSA) essay is aimed to display and justify the minimum relevant requirements for Windows password security to prevent it from the unauthorized change.... nbsp;… The primary target is to protect the password from change by unauthorized third parties with the help of the MBSA (Microsoft Security Baseline analyzer) tool.... In this relation, the analyzer is focused on the complexity of tasks and their solutions in the frameworks of the concrete problems....
1 Pages (250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us