Re: Use of Microsoft Baseline Security Analyzer

[Harry Hoffman <hhoffman () IP-SOLUTIONS NET>]

Just as a heads up, Nessus now offers an agent that doesn't require 
credentials to scan. It was recently released and might be worth a look 
if having credentialed scans are an issue in your org.

Cheers,
Harry


On 1/20/16 8:25 AM, Woodruff, Dan wrote:
> Hi Ben,
>
> We briefly used MBSA in limited areas a few years ago, but have since 
> moved on to relying on credentialed scans with Nessus. Nessus lets you 
> plug in credentials for SCCM as well, so it does a credentialed check 
> of the individual server and compares the results of what is found on 
> the system with what SCCM thinks is there. And rather than just 
> relying on what the registry says for installed patches, Nessus also 
> checks versions of files on the file system to make sure the patch is 
> really there. We’ve had several occurrences over the past 3-4 years 
> where we installed a Microsoft patch, then some third party software 
> was installed that bundled a .dll or .ocx which overwrote the patched 
> version, leaving us vulnerable again. The registry and SCCM were none 
> the wiser since the file was ripped-and-replaced, but Nessus was able 
> to detect it and we could reinstall the patches.
>
> We’ve been big fans of Nessus here. Of course, MBSA is free and Nessus 
> is not.
>
> I’d be glad to answer any questions about our specific setup off-list 
> - just let me know.
>
> Dan Woodruff
>
> University IT Security and Policy
>
> University of Rochester
>
> daniel.woodruff () rochester edu
>
> *From:* The EDUCAUSE Security Constituent Group Listserv 
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Benjamin Stein
> *Sent:* Tuesday, January 19, 2016 5:57 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Use of Microsoft Baseline Security Analyzer
>
> Hello all,
>
> Are any of you using Microsoft Baseline Security Analyzer (MBSA) to 
> regularly scan servers and desktops for missing patches?
>
> We are having a discussion internally about differences between the 
> report from Microsoft’s tool and another vendor’s patch management 
> tool.  MBSA is reporting missing patches that the other tool is not.
>
> Is MBSA broadly used and trusted?
>
> Also wondering if anyone is successfully using mbsacli with lists of 
> computers reliably or if various factors (permissions, firewalls, 
> power-downs, etc.) make it too difficult to use broadly?
>
> Thanks,
>
> Ben
>
> Benjamin Stein
>
> Information Security Officer
>
> California Cancer Reporting and Epidemiological Surveillance 
> (CalCARES) Program
>
> Institute for Population Health Improvement
>
> UC Davis Health System
>
> 1631 Alhambra Blvd, Ste. 200
>
> Sacramento, CA, 95816
>
> Phone: 916-731-2563
>
> Email: bstein () ccr ca gov <mailto:bstein () ccr ca gov>
>
> The CalCARES program partners with the California Department of Public 
> Health to manage the operations of the state mandated California 
> Cancer Registry program