Vulnerability Scanning Using Microsoft Baseline Security Analyzer (MBSA)
Windows Security
The two computers demonstrate minimal differences afer the scanning process. One computer contains all its office security updates, whereas the other has seventy eight security updates missing. Seven of these are service packs or update rollups which are missing. Microsoft Baseline Security Analyzer (MBSA) finds no difference between the two compared with reference to SQL Server Security.
In both computers, no single security update is missing. Both computers are compliant to the current update. One computer has Skype installed, which has all the Skype security updates not missing. This computer is compliant with the current Skype security updates. Microsoft Baseline Security Updates Analyzer provides details about the Windows Security Updates of one computer. This report shows that this computer differs from the other because it is compliant with the current updates as all the security updates are present. Computer analysis using Microsoft baseline Security Updates reports that one of the computers operates on a SQL server. Analysis reports further show that there is no SQL Server security update missing in the computer.
Administrative Vulnerability
The two computers reflect differences using Microsoft Baseline Security Updates Analyzer. Some of the issues differentiating the two computers include automatic updates, password expiration, incomplete updates, local account password test, windows firewalls, and automatic updates.
Analysis findings report both similarities and differences between the two computers. An example of similarity between the two computers using Microsoft Baseline Security Updates Analyzer show that both computers have non-expiring passwords for their users. The two reports show that, in one computer, the administrator has not configure automatic updates feature. In the other report, update is through automatic downloading and installation in the computer.
MBSA reporter shows that one computer differs from the other by having extra drives in its file system. This computer has four drives, which is two more drives than the other computer. Report on one computer shows a slight difference in Windows Firewall. Both computers have Windows Firewalls enabled on all network connections, but report on one shows that it has exception configurations.
Additional System Information
MBSA report does not present any difference between the two computers. All issues in the additional system information from the report are the same. Some of the issue the MBSA report in both computers include Windows Operating System where both computers use the Windows 7 operating system, auditing, and services. The difference between the computers in the report is on the issue of Shares. One report shows three Shares in the computer, and the other has five Shares in the computer.
Internet Information Services and SQL Server Scan Result
The two reports do not present any difference between the two computers with regards to internet and SQL Server. In both computers, IIS is not running on the computers. With reference to the issue of SQL Server, SQL or MSDE is not on the computers.
Desktop Application
Administrative vulnerability in terms of desktop application is not different from the report. In both computer MBSA reports, the security settings for Internet Explorer is for all users. Macro security issues are the same on both computers. MBSA reports show that the two computers have no supported Microsoft Office products installed.
Discussion
Windows Firewall Support
With the continuous hostility increase in the computer environment, no individual can ignore the necessity to have one’s computer protected by a Windows Firewall. The main objective of a Windows Firewall entails the prevention of illegal entry to a network. It is necessary for individuals running a sophisticated firewall product to be aware of the basics in Windows Firewall, and using it. Many people do not value the significance of configuring Windows Firewall. This configuration is significant in its application, in every computer user regardless of the purpose of the computer. Windows not only keeps network hackers from access to confidential data, but assists in providing a shield against internal threats. Windows Firewall stops computer worms and viruses from accessing the computer system and modify or steal data. Computer system Windows Firewall protection is in five ways that comprise of a proxy server, circuit level, stateful inspection, packet filtering, and application filtering.
Windows Updates
Another item that is crucial for consideration as is in the report is Windows Updates. These Windows Update enables periodic patching of files in the system to address issues regarding Microsoft products. Windows Updates focus on Operating System Windows patches, and non-OS softwares like Microsoft office, and Internet explorer. Windows Updates are in several categories. Security Updates, patch security vulnerabilities that caused compromise a system. Critical Updates fix issues in the Microsoft products that can cause software errors. They form “High Priority” together with Security Updates. Software Updates address noncritical issues, and minor bugs. Service Packs contain all the rollup patches for softwares and Operating Systems. It is necessary for an individual to maintain Microsoft Updates in one’s computer. All the current Operating Systems contain the automatic update feature. This enables a person to define the time to download, and install these updates.
Auditing
Both MBSA reports show neither Logon Success nor Logon Failure auditing in the computers. Windows auditing is a method of tracking events in a computer system. Enabling this feature in a computer system is necessary because it permits the user to know when, and where in the system, an event occurs and the cause of that event. Auditing helps in detecting problems such as improper rights assignments in the computer system. By using the audit account management’, and audit account logon helps in determining where, and when a user accesses a computer system before a network infraction occurred. Auditing is crucial in producing significant forensic data. When debugging applications, audit process tracking’ offers useful assistance. Windows auditing enables monitoring of various aspects in a Windows network usage.
