Lab Assignment: Microsoft Baseline Security Analyzer
Introduction
The Microsoft Baseline Security Analyzer (MBSA) is a powerful tool to identify missing security updates and common security misconfigurations in a networked environment. This lab will involve researching to understand the theoretical implications of improper configuration, as well as the practical aspect of using MBSA to identify configuration issues and perform remediation.
Questions
1. Focus on the overall "security assessment" risk rating that appears at the top of your report. Considering what security measures you (or the computer owner) have undertaken for your computer, does the assessment surprise you? Why or why not? What measures should you plan to undertake if the green checkmark did not appear?
2. a. What does MBSA do to check for weak local account passwords?
b. Why is it important to have a strong password on local user accounts especially in a corporate environment?
c. Explain why it is important to have a password expiration policy set.
3. Malware can affect a computer in multiple ways. Having automatic updates turned off, not allowing Windows to update, and disabling the Windows firewall and setting exceptions in the Windows firewall are all tell-tale signs of this. Explain
a. how malware is able to accomplish this, and
b. also what type of malware could be used.
Please be as specific and fact-based as possible regarding types of malware using credible references to support your answers.
4. On local machines (home) computers, it is traditionally acceptable to have Windows automatically update the system with patches. In a corporate environment, typically system administrators will set domain computers to manually install updates. Through this process, the administrators will decide if a patch is necessary for their environment's standard operation expectancy (SOE). Typically they would use Windows Server Update Services (WSUS) to push out the updates to the computers, which is a highly time consuming process.
Conficker is one of the most recent examples of an infection that leveraged a vulnerability that could have been avoided through a patch had already been released. Yet, it spread like wildfire, infecting millions of corporate environments.
Explain what Conficker is, which systems were vulnerable, which vulnerability it exploited, which Microsoft patch fixed the vulnerability, and the reason(s) that it is necessary to test new patches as they are released. Please be as specific and fact-based as possible regarding types of malware using credible references to support your answer.
How would MBSA be used to detect the missing patch in a corporate environment?
5. If you were preparing the next version of MBSA, what new feature would you add? Why?
Attachment:- Lab Assignment.rar