Verifying Security Using the Microsoft Baseline Security Analyzer (MBSA)

Like Microsoft SharePoint Portal Server 2003, Windows Server 2003 and Microsoft SQL Server 2000 also require the latest service packs and updates to reduce known security vulnerabilities. Microsoft offers an intuitive free downloadable tool, Microsoft Baseline Security Analyzer (MBSA) to streamline this procedure. This tool identifies common security vulnerabilities on SharePoint Servers by identifying incorrect configurations and missing security patches for Windows Server 2003, IIS, and Microsoft SQL Server 2000.

MBSA not only has the potential to scan a single SharePoint server, but it can also scan multiple instances of SQL Server if multiple instances are installed. The MBSA SQL Server scan detects and displays SQL Server vulnerabilities such as the following: Members of the Sysadmin Role, weak or blank SQL Server local accounts and SA passwords, SQL Server Authentication Mode, SQL Server on a domain controller, and missing service packs and updates.

Microsoft's system requirements for installing MSBA are as follows:

• Operating system must be Windows Server 2003, Windows XP, or Windows 2000.

• Internet Explorer must be version 5.01 or higher.

• An XML parser such as the one available with IE 5.01 or MSXML version 3.0 SP2 must be available.

Installing MBSA

Installation of MBSA is straightforward, and it can be installed on any workstation in the network. To install, complete the following steps:

Scanning for Security Vulnerabilities with MBSA

MBSA has the capability to scan a single computer or a range of computers based on an IP address, range of IP addresses, computer name, or all computers in a domain. The security scanner can identify known security vulnerabilities on several Microsoft technologies such as Windows, Internet Information Services (IIS), or SQL Server. In addition, MBSA can also identify weak passwords and missing service packs and updates.

To scan a SharePoint server for known SQL or Windows vulnerabilities, weak passwords, and security updates, follow these steps:

1.	Choose Start, All Programs, Microsoft Baseline Security Analyzer 1.2.
2.	Click on Scan a Computer to pick the system to scan. An administrator also has the opportunity to scan more than one computer by either entering a valid IP address range or a domain name.
3.	On the next screen, enter the Computer name or IP address of the desired SharePoint Server. Select all options desired and click Start Scan as shown in Figure 15.22. Figure 15.22. MBSA computer scan and options screen.

Viewing MBSA Security Reports

A separate security report is generated for the desired SQL Server when the computer scan is completed. A report is generated regardless of a local or remote scan. Scan reports also are stored for future viewing on the same computer the Microsoft Baseline Security Analyzer tool was installed.

The MBSA security reports are intuitive and address each vulnerability detected. If MBSA detects a missing SQL Server service pack, Windows patch, or hot fix it displays the vulnerability in the Security Update Scan section and provides the location that will focus on the fix.

Review the security report generated from the scan conducted in the example, as shown in Figure 15.23. Each section scanned has a score associated with it. An end-user or an administrator can easily browse each section identifying known security vulnerabilities, verifying what was scanned, checking the results, and analyzing how to correct any anomalies that MBSA detected.

Figure 15.23. MBSA security report.