"Only need"? heck no. It's a start...but only a start.
Define your role and your boundaries. If your job is to just look at
the security of that server operating system and nothing else then yeah,
MBSA would be a good start.
If it's the security of your network, I would argue it's not enough.
All MBSA will tell you is the status of patches and passwords and a few
other 'baseline' security things. In my little SBSland...here's what it
doesn't tell me about the security of my servers.
It doesn't tell me if those servers are running Sun Java and need a JRE
update [I don't run Sun Java on them for that reason...but in case I had
it on my servers it doesn't tell me that]
It doesn't tell me about the patch status of the applications on my box.
It doesn't tell me if I was running Veritas Backup exec that there's a
vuln in that.
It doesn't tell me that my AV is either up to date, working as it
should, has a vulnerability, etc etc...
It doesn't tell me if someone has compromised my system, has cracked the
admin password and is now relaying out spam email out my server.
It doesn't tell me if malware has infested my server and I'm now got a
back door or root kit that has me owned by some former drug syndicate
that is now making more money on malware than it did on drugs.
It doesn't tell me if my Secretary has downloaded something from
NakedDancingPigs.com because on average 80 to 90% of my systems are
running as local admin and has introduced a trojan into my system.
It doesn't tell me that the sales guy that has the Windows Mobile
Audiovox 5600 cell phone just left it behind in the Burger King at the
airport and it has on it a domain username and password.
It doesn't tell me that someone used a Kinkos kiosk computer to log in
remotely to my network and a keylogger just grabbed a username and password.
It doesn't tell me how many of my staff are VPNing in over unsecured
lines, with malware and virus infected machines ready to pounce on my
servers.
You know what I think keeps me secure?
Paranoia.
Not tools, but paranoia.
http://www.protectyourwindowsnetwork.com/ is an excellent resource and
book I think for kicking up that paranoia.
BTW two security bulletins out today including one for that IE zero day
and MBSA will indeed tell you which machines need that.
Number one on 'how to get your network hacked' as per Dr. Jesper
Johansson and Steve Riley, NFC, is "don't patch".
Ravi Dogra wrote:
And do i only need to run MBSA for analysing security.
Should i do some thing else also.....
--
RD
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
