Monitoring Scenarios in the MBSA Management Pack

  • Article

Table 1 Management Pack Monitoring Scenarios

Scenario

Description

Windows 2000 Server

Windows Server 2003

Setup of MBSA

  • Places the MBSA binaries on all agent computers

  • Automatically downloads updated copies of the Mssecure.cab file

X

X

Security Reporting

  • Reports missing security patches

  • Reports on missing service packs

  • Detects other security vulnerabilities known to Microsoft

X

X

MBSA Issues

  • MBSA setup issues on agent computers

  • Permissions issues on agents that prevent MBSA from scanning

  • MBSA scanning issues on agent computers

  • Issues with reading the MBSA output file on agents

X

X

Internet Explorer vulnerabilities

  • Internet Explorer zones not configured for security

  • Internet Explorer enhanced security configuration not enabled for administrators

  • Internet Explorer enhanced security configuration not enabled for non-administrators

X

X

Internet Information Services vulnerabilities

  • MSADC and Scripts virtual directories are installed

  • IIS parent paths are enabled

  • IISADMPWD virtual directory is installed

  • IIS sample applications found

  • IIS Lockdown Tool not run on specific servers

  • IIS logging is disabled

  • IIS is installed on a domain controller

X

X

Windows operating system vulnerabilities

  • Local account password is blank or weak

  • Internet Connection Firewall is disabled

  • Too many users in the local administrators group

  • Auto logon is enabled

  • "Password never expires" is set on local account

  • Current RestrictAnonymous registry setting is dangerous

  • Automatic updates are not enabled

  • Local guest account is enabled

  • Logon and logoff event auditing is disabled

  • File system is not NTFS

X

X

Microsoft SQL Server vulnerabilities

  • Everyone group has more than Read permissions to SQL Server registry keys

  • SQL Server or MSDE password is exposed in clear text log

  • SQL Server or MSDE local password is weak

  • BUILTIN\Administrators is member of SQL Server SysAdmin role

  • SQL Server or MSDE service accounts are running as LocalSystem

  • Mixed-mode authentication

  • SQL Server or MSDE directory access is not secure

  • Guest account has access to one or more databases

  • SQL Server or MSDE is installed on a domain controller

  • Non-SysAdmin user has CmdExec privileges

  • Too many users in the SQL Server SysAdmin role

X

X