The Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool for
auditing basic security configurations, including security updates and Microsoft
IIS and Microsoft SQL Server configurations. The tool's command-line interface
lets you include MBSA commands in logon scripts or run MBSA ad hoc from the
command prompt. If you're visually oriented, however, you might prefer to view
the problem report on a network diagram so you can get an at-a-glance view of
the status of your computers. Microsoft Office Visio 2003 Connector for the
Microsoft Baseline Security Analyzer, a free add-on for Microsoft Office Visio
2003, lets you do just that.
The Visio Connector lets you scan computers and access all MBSA commands and
output directly through Visio. Visio is a drawing program that lets you use
stencils to represent the devices in your network as objects, known as shapes.
Shapes can have aesthetic properties, such as color and line thickness,
and logical properties, such as an assigned name or IP address that represents
a computer. By integrating MBSA scans and Visio diagrams, you can create a Visio
document of your server topology that shows the results of an MBSA scan of your
servers.
Scan results persist when you copy shapes, so you can run a scan on a computer and then copy the shape representing that computer to another document while retaining the original scan results. In this way, Visio Connector can turn your passive network diagrams into active security tools.
Installing the Visio Connector
To install the Visio Connector, first download and install MBSA. Although the
connector works with both MBSA 1.2 and 2.0, MBSA 2.0 supports Windows Server
Update Services (WSUS), provides severity ratings for detected problems, and
includes new security checks that the earlier version doesn't, such as scanning
for updates for Office XP or later. You can download MBSA 2.0 at http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx.
Then, run the setup program (MBSASetup-EN.msi) to install the tool. (For information
about MBSA 2.0 features, see "Crank Up Security with MBSA 2.0," March 2006,
InstantDoc ID 49245.)
Next, download the Visio Connector software from http://www.microsoft.com/technet/security/tools/mbsavisio.mspx
and run the Visio Connector for MBSA.msi setup package to install the add-on.
To use the connector, you must have Visio 2003 installed. I recommend Visio
Professional 2003, which includes additional stencils such as network rack diagrams
and logical network diagrams that help make the Visio plug-in more usable.
Setting Up a Visio Document
After you've installed the Visio Connector, start Visio and click File, New,
Choose Drawing Type. Choose either a Basic Network Diagram or a Detailed Network
Diagram. From the stencil, select a shape tab that contains a computer object,
such as the Computers and Monitors, Network and Peripherals, or Servers tab.
Each tab contains different computer objects that the Visio plug-in recognizes.
Choose a computer object, such as Server, File Server, Email Server, PC, or
Laptop Computer, and drag it onto the Visio document. A new MBSA menu will appear
within the Visio menu bar. To configure the shape, right-click it and select
Properties to display the Custom Properties dialog box. The Visio Connector
uses the custom properties, which include Network Name, IP Address, Location,
Building, and Room, to identify the computer that you want to scan. In the Custom
Properties dialog box, either type the computer name in the Network Name field
or the IP address in the IP Address field. One feature of Visio is its ability
to allow dialog boxes, such as Custom Properties, to remain open, letting you
make changes to the properties as you continue to work on your document.
Performing a Scan
Put your mouse cursor on the computer shape to make its information icon appear.
Click the information icon as shown in Figure
1 to perform a baseline security scan. (You can also start a scan from the
MBSA menu option.) Starting a scan opens the MBSA Visio scan dialog box, which
shows a list of all the computer objects that were discovered. From this dialog
box, you can choose which objects to scan and what type of scan to perform (e.g.,
a scan for Windows, IIS, and SQL vulnerabilities; weak passwords; or missing
security updates).
You can use the connector to scan computers from all the pages within your
document, which is handy if you use multiple pages to manage your network. For
example, on the first page you might list your Active Directory (AD) topology
using shapes to represent your domain controllers (DCs), and on another page
you might document your email topology with shapes for your Exchange servers.
When you perform a scan, a new window opens within Visio that shows you the
status of the scan. The data shown in this window resembles the output of mbsacli.exe,
the command-line version of MBSA, and is essentially a list of the computers
that were scanned and the findings.
After the scan is complete, click the Report tab to view a summary report of
the scan. The summary report resembles the output generated by the MBSA GUI
tool, but it's embedded within the Visio document, as Figure
2 shows. Like the MBSA GUI report, the embedded report summarizes the systems
that were scanned and the results, lets you drill down into details of the scan,
and offers recommendations on how to correct problems that MBSA discovered.
The Visio plug-in color-codes the scanned shape according to the scan results
to give you an at-a-glance summary of your network using the familiar green-is-good,
red-is-bad color scheme. You can toggle the color coding options, and you can
close the status and report windows and restore them at any time from the MBSA
menu.
If you already have an MBSA scanning mechanism in place and simply want to
view the results in Visio, you can import completed scans, although doing so
overwrites the earlier data. You can also open a network diagram document that
you created in Visio 2003 and use the plug-in on that document's objects. Unfortunately,
you can't use the connector with documents created in earlier versions of Visio.
Prev. page
[1]
2
next page 
