Security Assessment Tools

About This Presentation

Title:

Security Assessment Tools

Description:

Malicious Software Removal Tool. Windows AntiSpyware (in Beta) Application Threat ... Take advantage of the free security assessment tools from Microsoft ... – PowerPoint PPT presentation

Number of Views:193

Avg rating:3.0/5.0

Slides: 31

Provided by: downloadM

Category:

more less

Transcript and Presenter's Notes

Title: Security Assessment Tools

1
Security Assessment Tools

Paula Kiernan
Senior Consultant
Ward Solutions

2
Session Prerequisites

Hands-on experience with Windows 2000 or Windows
Server 2003
Working knowledge of networking, including basics
of security
Basic knowledge of network security-assessment
strategies

Level 200
3
Session Overview

Free Security Assessment Tools from Microsoft
Alternative Assessment Methods

4
Security Assessment Tools

Free Security Assessment Tools from Microsoft
Alternative Assessment Methods

5
Free Security Assessment Tools
Free Security Assessment Tools from Microsoft
include

MBSA
Microsoft Update
ExBPA
MSRSAT
Port Query

6
MBSA
Microsoft Baseline Security Analyzer can examine
one or more computers for the following

Missing Security Updates
Missing Office Updates
Vulnerabilities in Windows, IIS, SQL and
Exchange (depending on MBSA version)
Vulnerabilities in Internet Explorer
Weak passwords, Auditing, Shares
and much more

http//download.microsoft.com
7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
Demonstration 1 Using the MBSA

Analyze a computer using the MBSA

11
Microsoft Update

Main site for obtaining updates for
Windows
Office
Internet Explorer
All other Microsoft applications
Will replace Windows and Office Update sites

http//update.microsoft.com/microsoftupdate/
12
(No Transcript)
13
Exchange Best Practices Analyzer
ExBPA can examine your Exchange servers to
Generate a list of issues, such as
misconfigurations or unsupported or
non-recommended options
ü
ü
Judge the general health of a system
ü
Help troubleshoot specific problems
http//download.microsoft.com
14
Demonstration 2 Analyzing Configuration Settings
on Exchange Server 2003

Analyze Exchange Server using the ExBPA Tool

15
MSRSAT
Microsofts Security Risk Self-Assessment Tool

Assess compliance with Microsoft Security Risk
Management Discipline guidelines

Baseline for assessing security status of an
organization

Obtain advice on areas requiring improvement that
may otherwise have been missed

16
(No Transcript)
17
Demonstration 3 Using the MSRSAT

Using the MSRSA tool

18
Port Query
Port Query can be used to

Examine specified ports to determine their state
LISTENING
FILTERED
NOT LISTENING
PortqryUI.exe
Portqry.exe

portqry -n microsoft.com -p tcp -e 25 portqry -n
169.254.0.11 -p tcp -o 143,110,25 -l portqry.txt
19
Port Query UI
20
Demonstration 4 Using the Port Query UI

Analyze a computer using Port Query

21
Other Free Security Assessment Tools
Other free software available from Microsoft

Malicious Software Removal Tool
Windows AntiSpyware (in Beta)
Application Threat Modeling Tool

22
Malicious Software Removal Tool
23
Demonstration 5 Using the Malicious Software
Removal Tool

Analyze a computer using MSRT

24
Security Assessment Tools

Free Security Assessment Tools from Microsoft
Alternative Security Assessment Methods

25
Alternative Security Assessment Methods
Other methods for assessing your network security
include

Purchase advanced security assessment tools e.g.
NetIQs Vulnerability Manager
Have a professional Penetration Test carried out
by security experts

26
Session Summary
Take advantage of the free security assessment
tools from Microsoft
ü
Check http//download.microsoft.com/ regularly
for new free tools
ü
Follow a Defense in Depth approach to security
and security assessments
ü
ü
Sign up for the Security Bulletin service from
Microsoft
Keep systems up-to-date on security updates and
service packs
ü
27
Next Steps