sharepoint 2010 : Verifying Security Using the Microsoft Baseline Security Analyzer

3/1/2011 8:51:20 AM
Like Microsoft SharePoint Server, Windows Server and Microsoft SQL Server also require the latest service packs and updates to reduce known security vulnerabilities. Microsoft offers an intuitive free downloadable tool, the Microsoft Baseline Security Analyzer (MBSA), to streamline this procedure. This tool identifies common security vulnerabilities on SharePoint servers by identifying incorrect configurations and missing security patches for Windows Server, Internet Information Services (IIS), and Microsoft SQL Server.

MBSA not only has the potential to scan a single SharePoint server, but it can also scan multiple instances of SQL Server if multiple instances are installed. The MBSA SQL Server scan detects and displays SQL Server vulnerabilities such as the following: members of the sysadmin role, weak or blank SQL Server local accounts and SA passwords, SQL Server authentication mode, SQL Server on a domain controller, and missing service packs and updates.

Scanning for Security Vulnerabilities with MBSA

MBSA can scan a single computer or a range of computers based on an IP address, range of IP addresses, computer name, or all computers in a domain. The security scanner can identify known security vulnerabilities on several Microsoft technologies such as Windows, IIS, or SQL Server. In addition, MBSA can identify weak passwords and missing service packs and updates.

To scan a SharePoint server for known SQL or Windows vulnerabilities, weak passwords, and security updates, follow these steps:

Choose Start, All Programs, Microsoft Baseline Security Analyzer 2.1.

Click Scan a Computer to pick the system to scan. An administrator also has the opportunity to scan more than one computer by either entering a valid IP address range or a domain name.

On the next screen, enter the computer name or IP address of the desired SharePoint server. Select all options desired and click Start Scan, as shown in Figure 1.

Figure 1. Using the MBSA Scan tool to scan a SharePoint server.

Viewing MBSA Security Reports

A separate security report is generated for the desired SQL server when the computer scan is completed. A report is generated regardless of a local or remote scan. Scan reports also are stored for future viewing on the same computer on which the MBSA tool was installed.

The MBSA security reports are intuitive and address each vulnerability detected. If MBSA detects a missing SQL Server service pack, Windows patch, or hot fix, it displays the vulnerability in the Security Update Scan section and provides the location that will focus on the fix.

Review the security report generated from the scan conducted in the example, as shown in Figure 2. Each section scanned has a score associated with it. An end user or an administrator can easily browse each section identifying known security vulnerabilities, verifying what was scanned, checking the results, and analyzing how to correct any anomalies that MBSA detected.

Figure 2. Analyzing an MBSA scan report.

  •  sharepoint 2010 : Utilizing Security Templates to Secure a SharePoint Server
  •  Integrating Office Communications Server 2007 in an Exchange Server 2010 Environment : Web Conferencing
  •  Integrating Office Communications Server 2007 in an Exchange Server 2010 Environment : Installing and Using the Communicator 2007 Client
  •  Integrating Office Communications Server 2007 in an Exchange Server 2010 Environment : Exploring Office Communications Server Tools and Concepts
  •  SharePoint 2010 : Securing SharePoint’s SQL Server Installation
  •  SharePoint 2010 : Physically Securing SharePoint Servers
  •  SharePoint 2010 : Identifying Isolation Approaches to SharePoint Security
  •  Exchange Server 2010 : Installing OCS 2007 R2 (part 5) - Starting the OCS Services on the Server & Validating Server Functionality
  •  Exchange Server 2010 : Installing OCS 2007 R2 (part 4) - Configuring the Server & Configuring Certificates for OCS
  •  Exchange Server 2010 : Installing OCS 2007 R2 (part 3) - Configuring Prerequisites & Deploying an OCS 2007 Server
    Video tutorials
    - How To Install Windows 8

    - How To Install Windows Server 2012

    - How To Install Windows Server 2012 On VirtualBox

    - How To Disable Windows 8 Metro UI

    - How To Install Windows Store Apps From Windows 8 Classic Desktop

    - How To Disable Windows Update in Windows 8

    - How To Disable Windows 8 Metro UI

    - How To Add Widgets To Windows 8 Lock Screen

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010
    programming4us programming4us