Educause Security Discussion mailing list archives
Re: Use of Microsoft Baseline Security Analyzer
From: "Woodruff, Dan" <daniel.woodruff () ROCHESTER EDU>
Date: Wed, 20 Jan 2016 13:25:27 +0000
Hi Ben, We briefly used MBSA in limited areas a few years ago, but have since moved on to relying on credentialed scans with Nessus. Nessus lets you plug in credentials for SCCM as well, so it does a credentialed check of the individual server and compares the results of what is found on the system with what SCCM thinks is there. And rather than just relying on what the registry says for installed patches, Nessus also checks versions of files on the file system to make sure the patch is really there. We've had several occurrences over the past 3-4 years where we installed a Microsoft patch, then some third party software was installed that bundled a .dll or .ocx which overwrote the patched version, leaving us vulnerable again. The registry and SCCM were none the wiser since the file was ripped-and-replaced, but Nessus was able to detect it and we could reinstall the patches. We've been big fans of Nessus here. Of course, MBSA is free and Nessus is not. I'd be glad to answer any questions about our specific setup off-list - just let me know. Dan Woodruff University IT Security and Policy University of Rochester daniel.woodruff () rochester edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Benjamin Stein Sent: Tuesday, January 19, 2016 5:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Use of Microsoft Baseline Security Analyzer Hello all, Are any of you using Microsoft Baseline Security Analyzer (MBSA) to regularly scan servers and desktops for missing patches? We are having a discussion internally about differences between the report from Microsoft's tool and another vendor's patch management tool. MBSA is reporting missing patches that the other tool is not. Is MBSA broadly used and trusted? Also wondering if anyone is successfully using mbsacli with lists of computers reliably or if various factors (permissions, firewalls, power-downs, etc.) make it too difficult to use broadly? Thanks, Ben Benjamin Stein Information Security Officer California Cancer Reporting and Epidemiological Surveillance (CalCARES) Program Institute for Population Health Improvement UC Davis Health System 1631 Alhambra Blvd, Ste. 200 Sacramento, CA, 95816 Phone: 916-731-2563 Email: bstein () ccr ca gov <mailto:bstein () ccr ca gov> The CalCARES program partners with the California Department of Public Health to manage the operations of the state mandated California Cancer Registry program
Attachment:
smime.p7s
Description:
Current thread:
- Use of Microsoft Baseline Security Analyzer Benjamin Stein (Jan 19)
- Re: Use of Microsoft Baseline Security Analyzer Woodruff, Dan (Jan 20)
- Re: Use of Microsoft Baseline Security Analyzer Harry Hoffman (Jan 20)
- Re: Use of Microsoft Baseline Security Analyzer Mike Wiseman (Jan 20)
- Re: Use of Microsoft Baseline Security Analyzer Woodruff, Dan (Jan 20)