Working With the Visio 2003 Connector For the Microsoft Baseline Security Analyzer (MBSA) 2.0
If you have ever worked with Microsoft’s Baseline Security Analyzer (MBSA) version 2.0, then you probably know that although it has the capability of scanning multiple computers, it can be a bit tedious to go through all of the reports for a large network. Fortunately, you are no longer confined by the MBSA user interface. Instead, it is possible to link MBSA into a Microsoft Visio 2003 diagram.
Before We Begin
Before I get started, there are a few prerequisites that you will have to meet. For starters, you are going to need a copy of Microsoft Visio 2003. You will also need to download a copy of the Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer 2.0. From here on out, I will just refer to this as the Visio Connector since its official name is so long. You can download a copy of the Visio Connector from the Microsoft Web site at: http://www.microsoft.com/technet/security/tools/mbsavisio.mspx
Another thing that you are going to need is a copy of MBSA 2.0. Although I am going to show you how to perform MBSA scans through Visio, Visio and the Visio connector still rely on the MBSA engine. You can download MBSA 2.0 from the Microsoft Web site at: http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx
One last thing that you may need is the Visio 2003 Resource Kit for IT Professionals. This is different from the normal Visio 2003 Resource Kit. The Visio 2003 Resource Kit for IT Professionals (http://microsoft.order-9.com/visiopro/product.asp?catalog%5Fname=MSTrialandEval&category%5Fname=VisioPro&product%5Fid=099-93385) automates the network diagram creation process. Since this product sells for about $400, I will assume that you don’t have it, but if you do decide to purchase this kit, it will make the process easier.
That does it for the prerequisites. Before I show you how to put everything together though, I want to show you what a typical MBSA report looks like (for the benefit of those who have never used MBSA) so that you will be able to appreciate what I am going to be showing you later on. The images below have been cropped to make them fit on this page, but Figure A shows a report of the results for all of the computers that were scanned. If you click on an individual computer, you will receive more detailed information similar to what’s shown in Figure B.
Figure A: This is what the MBSA scan results usually look like
Figure B: MBSA allows you to click on the scanned computers to see a more detailed report
Now that you have all of the prerequisites, let’s get started. I am going to assume that you already have Visio 2003 and MBSA 2.0 installed. The next thing that you will have to install is the Visio Connector. To do so, double click on the Visio Connector for MBSA.MSI file that you downloaded earlier, and click the Run button when prompted. This will cause Windows to launch the product’s installation wizard. Click Next to bypass the wizard’s Welcome screen and you will see the end user license agreement. Accept the license agreement, click Next and you will be asked to confirm the installation location. Accept the defaults, click Next twice, and the connector will be installed. Click Finish to complete the process.
Creating a Drawing
Now that you have installed the Visio Connector, it’s time to create a drawing of your network. Remember that this process is automated if you invest in the Visio 2003 Resource Kit for IT Professionals. That being said, open Visio and select the New | Network | Basic Network Diagram commands from Visio’s File menu. You should now see a collection of Visio objects on the left and the empty workspace on the right. Now, drag a server object to the workspace. With the server object still selected, select the Custom Properties command from Visio’s Shape menu. You will now see a long list of custom properties that you can apply to the server object. Enter the server’s name into the Network Name field, as shown in Figure C, and click OK.
Figure C: Enter the server’s name into the Network Name field and click OK
Now, complete the rest of the drawing, assigning the Network Name property to each server that you create. Your drawing will be different from mine, but it should look something like what you see in Figure D when it is complete.
Figure D: This is what a basic Visio network diagram sometimes looks like
Now that you have created your diagram and assigned the Network Name attribute to each object, it’s time to perform your MBSA scan against the network. To do so, select the Perform Baseline Security Scan from Visio’s MBSA menu. You will now see a screen asking you to confirm which computers you want to scan. Make your selections, click OK, and the scan will begin. When the scan completes, the drawing will be color coded as shown in Figure E.
Figure E: Your Visio drawing is color coded to reflect each machine’s security status
You will notice in Figure E, that many of my machines are colored red. Red indicates a critical security issue (no E-mails please, this is a lab setup, not a corporate network). Let’s pretend that I actually care about the security of these machines and that I wanted to see what was causing the critical security issues.
To do so, all I would have to do is to select the Report tab at the bottom of the screen and then click on the computer that I want to examine, as shown in Figure F. As you can see in the figure, this particular machine is running Windows Vista, and MBSA doesn’t quite know how to deal with that operating system. The MBSA reports a critical security state because it is not able to complete a full security analysis.
For a machine that is running a “normal” operating system, Visio will give you the exact same type of report that you would receive if you were analyzing the machine directly through the MBSA. Like the MBSA, Visio gives you links to missing patches and to Knowledgebase articles related to correcting outstanding issues.
Figure F: If you select the Report tab and click on a machine you can view that machine’s security report
As you can see, Visio 2003 can act as a network security tool. When coupled with the MBSA connector, Visio can provide you with a color coded diagram of your network’s security.