1 microsoft baseline security analyzer the microsoft

This preview shows page 8 - 10 out of 11 pages.

will be assessed for potential damages and recommended fixes. 1. Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer is a tool which scans systems and networks using Microsoft products. These scans are to determine whether a system is missing security updates or maintains settings which are unsecure. It cannot detect previously unknown vulnerabilities. It is meant to determine if a system has all the current security updates and that some settings cannot be further optimized for security. 2. OpenVAS The OpenVAS is a system designed to detect security issues in servers and network devices. It uses a framework of tools most of which are generally available through public license. These tools scan for vulnerabilities and provide management of software, as well as perform network vulnerability scans (OpenVas, 2019). 3. Vulnerability Assessment Both tools perform vulnerability scans, searching for any areas where there is a known security flaw that have not been fixed on the system. Essentially both programs conduct audits of systems to locate know flaws and provides fixes for those flaws. OpenVAS is designed more for network vulnerability scans. While the Microsoft Baseline Security Analyzer focuses on a single, Microsoft system, OpenVAS is intended to
Image of page 8

Subscribe to view the full document.

Operating Systems Vulnerabilities 9 conduct its scan network wide. In addition, OpenVAS is not confined to Microsoft systems but can be used on various OS. 4. Intrusion Detection and Prevention An Intrusion Detection System (IDS) gathers information from various areas within a computer to identify possible security breaches, including intrusions and misuse (Rouse, 2018). An IDS monitors a single host, or system. Other types of IDS such as a Network IDS (NIDS) performs the same function but changes the scope to be network based (Rouse, 2018). An Intrusion Prevention System (IPS) is similar to and IDS in that it monitors host and network traffic. However, an IPS is an evolution in the IDS concept. IPS are designed to not only detect nefarious activities but also take steps to block these actions based on a set rules of engagement defined by the administrator. 5. Scan Results Both scan identified security flaws in company systems and networks. Results from OpenVAS indicate 5 security flaws rated by OpenVAS as of medium concern. This includes issues with mail servers, encryption. Ciphers, and SSLv2 and SSLv3 protocol issues. Microsoft Baseline Security Analyzer discovered two critical vulnerabilities with Microsoft C++ 2010 and 2005.
Image of page 9
Operating Systems Vulnerabilities 10 Recommendations 1. Specific Recommendations Based on the results of vulnerability scan performed this report has assessed several recommendations. Disable VRFY and EXPN requests on the mail server. Disable weak encryption algorithms and ciphers. Disable problematic SSLv2 and SSLv3 protocols.
Image of page 10
You've reached the end of this preview.
  • Winter '17

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern