Microsoft Baseline Security Analyzer

Views 3018

Microsoft Baseline Security Analyzer 2.2 (MBSA) is a tool that provides a streamlined method of identifying any missing security updates or any common security misconfigurations in your instances of SQL Server. This tool is available for download from Microsoft. Just choose your appropriate language and the destination where you would like to save the installation package to and your away.

How to Install MBSA

To install MBSA 2.2 is a relatively simple process. The steps are:

1. Double click on your downloaded MBSASetup-x64-EN.msi ( I have the 64 bit English version)

clip_image001

 

2. Select Run

clip_image002

 

3. Click Next

clip_image003

 

4. Accept the license agreement, Select Next

clip_image004

 

5. Choose your installation destination by using the Browse button, Click  Next

clip_image005

 

6. Installation is now ready, Click Install

clip_image006

 

How to use MBSA 2.2

Now that we have installed MBSA 2.2 we can now check our existing environments to ensure that we are up to date with all of our security patches and configuration to help limit the possible security issues that we could incur.

Upon opening MBSA (ensure you run this as an administrator) for the first time we will be greeted with this screen as shown below:

clip_image007

 

The first thing we want to do is scan a computer (in my case as I am only doing this on my laptop).  You may want to use the Scan Multiple Computers in your environment once your happy with how to use this tool.

clip_image008

 

For further information on the options for scanning click on the “Scanning Options” link at the bottom. The default options are suitable to get your scanning underway. You will require access to the internet from the machine that you are running the tool so that it can determine if your environment (machine) has the most up to date security information. Once you have started the scan this may take some time to complete. Just be patient and go and get yourself a coffee.

The results that come back from the scan gives you a break down per section:

  • Security Update Scan Results
  • Windows Scan Results
  • IIS Scan Results
  • SQL Server Scan Results
  • SQL Server Reporting Services Scan Results (If you have this installed)
  • SQL Server Analysis Services Scan Results (If you have this installed)

From the results you can then go and look deeper into any issues and resolve the issues. As can be seen below:

clip_image009

 

There are some issues with this instance of SQL Server. For example the “Folder Permissions” have an issue. To find out further information on the issue and how to correct the issue click on the “How to correct this” link.

You also have the ability to look back at previous security scans. From the main screen select “View Security Reports” and select the appropriate report you would like to review.

clip_image010

 

Conclusion

MBSA is a pretty simple effective tool that quickly and easily allows you to check your environment to bring it into line with recommended settings and patches. Once you have a report the detailed steps on how to resolve these are available for you on the appropriate links in the report to the right of the identified issue.

For more information have a read of How to use Microsoft Baseline Security Analyzer

Leave a Reply

Your email address will not be published. Required fields are marked *

Warwick

I am a Microsoft Data Platform MVP as well as a Microsoft Certified Master working as the Principal Consultant here at SQL Masters Consulting. When I am not working with the SQL Server Stack I like to get away to the Snow and spend time Snowboarding.

Search