Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Assessment Tools Paula Kiernan Senior Consultant Ward Solutions.

Published byRuby Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Assessment Tools Paula Kiernan Senior Consultant Ward Solutions."— Presentation transcript:

1 Security Assessment Tools Paula Kiernan Senior Consultant Ward Solutions

2 Session Prerequisites Hands-on experience with Windows 2000 or Windows Server 2003 Working knowledge of networking, including basics of security Basic knowledge of network security-assessment strategies Level 200

3 Session Overview Free Security Assessment Tools from Microsoft Alternative Assessment Methods

4 Security Assessment Tools Free Security Assessment Tools from Microsoft Alternative Assessment Methods

5 Free Security Assessment Tools Free Security Assessment Tools from Microsoft include: MBSA Microsoft Update ExBPA MSRSAT Port Query MBSA Microsoft Update ExBPA MSRSAT Port Query

6 MBSA Microsoft Baseline Security Analyzer can examine one or more computers for the following: Missing Security Updates Missing Office Updates Vulnerabilities in Windows, IIS, SQL and Exchange (depending on MBSA version) Vulnerabilities in Internet Explorer Weak passwords, Auditing, Shares and much more… Missing Security Updates Missing Office Updates Vulnerabilities in Windows, IIS, SQL and Exchange (depending on MBSA version) Vulnerabilities in Internet Explorer Weak passwords, Auditing, Shares and much more… http://download.microsoft.com

7

8

9

10 Demonstration 1: Using the MBSA Analyze a computer using the MBSA

11 Microsoft Update Main site for obtaining updates for:  Windows  Office  Internet Explorer  All other Microsoft applications  Will replace Windows and Office Update sites http://update.microsoft.com/microsoftupdate/

12

13 Exchange Best Practices Analyzer ExBPA can examine your Exchange servers to: Generate a list of issues, such as misconfigurations or unsupported or non-recommended options Judge the general health of a system Help troubleshoot specific problems http://download.microsoft.com

14 Demonstration 2: Analyzing Configuration Settings on Exchange Server 2003 Analyze Exchange Server using the ExBPA Tool

15 MSRSAT Microsofts’ Security Risk Self-Assessment Tool: Assess compliance with Microsoft Security Risk Management Discipline guidelines Baseline for assessing security status of an organization Obtain advice on areas requiring improvement that may otherwise have been missed

16

17 Demonstration 3: Using the MSRSAT Using the MSRSA tool

18 Port Query Port Query can be used to: Examine specified ports to determine their state LISTENING FILTERED NOT LISTENING PortqryUI.exe Portqry.exe Examine specified ports to determine their state LISTENING FILTERED NOT LISTENING PortqryUI.exe Portqry.exe portqry -n microsoft.com -p tcp -e 25 portqry -n 169.254.0.11 -p tcp -o 143,110,25 -l portqry.txt portqry -n microsoft.com -p tcp -e 25 portqry -n 169.254.0.11 -p tcp -o 143,110,25 -l portqry.txt

19 Port Query UI

20 Demonstration 4: Using the Port Query UI Analyze a computer using Port Query

21 Other Free Security Assessment Tools Other free software available from Microsoft: Malicious Software Removal Tool Windows AntiSpyware (in Beta) Application Threat Modeling Tool Malicious Software Removal Tool Windows AntiSpyware (in Beta) Application Threat Modeling Tool

22 Malicious Software Removal Tool

23 Demonstration 5: Using the Malicious Software Removal Tool Analyze a computer using MSRT

24 Security Assessment Tools Free Security Assessment Tools from Microsoft Alternative Security Assessment Methods

25 Other methods for assessing your network security include: Purchase advanced security assessment tools e.g. NetIQs’ Vulnerability Manager Have a professional Penetration Test carried out by security experts Purchase advanced security assessment tools e.g. NetIQs’ Vulnerability Manager Have a professional Penetration Test carried out by security experts

26 Session Summary Take advantage of the free security assessment tools from Microsoft Check http://download.microsoft.com/ regularly for new free tools Sign up for the Security Bulletin service from Microsoft Follow a Defense in Depth approach to security and security assessments Keep systems up-to-date on security updates and service packs

27 Next Steps Find additional security training events: http://www.microsoft.com/ireland/events/default.asp Sign up for security communications: http://www.microsoft.com/technet/security/signup/default.mspx Find additional e-learning clinics https://www.microsoftelearning.com/security / Find additional tools and downloads: http://download.microsoft.com

28 Questions and Answers Clinic

29 Security Clinic Questions Patch Management Anti-Virus Firewalls and Perimeter Security Server Hardening Group Policy Security Assessment Policies and Procedures

30 paula.kiernan@ward.ie www.ward.ie

Download ppt "Security Assessment Tools Paula Kiernan Senior Consultant Ward Solutions."

Similar presentations

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:

Microsoft Security Resources. URL’s for this talk All URL’s mentioned in this talk can be found here: All URL’s mentioned in this talk can be found here:
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Essentials of Security Steve Lamb Technical Security Advisor

Essentials of Security Steve Lamb Technical Security Advisor
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Windows Server 2008 Network Access Protection (NAP) Technical Overview.

Windows Server 2008 Network Access Protection (NAP) Technical Overview.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Assessing Network Security

Assessing Network Security
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Implementing Exchange Server Security Ward Solutions.

Implementing Exchange Server Security Ward Solutions.
Windows Anti-virus and Security WNUG Meeting 2-7-2002.

Windows Anti-virus and Security WNUG Meeting
DePaul Information Security

DePaul Information Security
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

Similar presentations

Ads by Google