Little known Microsoft security utilities

Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer

One really neat security tool that you might not be aware of is the Visio 2003 Connector for the Microsoft Baseline Security Analyzer (MBSA). If you have ever used Visio, you probably know that it is an effective tool for creating network diagrams. However, you aren't limited to creating these diagrams manually. You can create an MBSA-suitable diagram manually, but it's a lot easier to use LANsurveyor. You can use the LANsurveyor for Visio tool (it's in the Visio 2003 Resource Kit) to automatically create a Visio diagram of your network.

Once this diagram has been created, you can add in the Visio connector for the Microsoft Baseline Security Analyzer, and that allows you to initiate MBSA scans directly from Visio by clicking on computers that appear on the diagram. You can also import existing scan results. The diagram is then color coded to reflect the scan results. You can even view the MBSA report for each machine directly through Visio.

Security Risk Assessment for Midsize Organizations

The Security Assessment Tool works differently from other vulnerability assessment tools such as the Microsoft Baseline Security Analyzer. Rather than performing vulnerability scans of your servers, the Security Assessment Tool is a detailed questioner that you fill out with information regarding your security practices. The questionnaire is very detailed and is intended for organizations with fewer than 1,000 employees.

Once you have filled out the questionnaire, you will receive a detailed report of where your security weaknesses are and some things that you can do to correct those weaknesses.

Cipher Security tool

You might be familiar with the CIPHER.EXE command that's built into the Windows operating system. Normally, the CIPHER.EXE command is used for encrypting or decrypting files on a computer's hard drive. Although the Cipher command is a part of the Windows operating system, Microsoft has created a new version that is available at TechNet.

The new version of CIPHER.EXE does all of the same things the old version does, but it has one noteworthy new feature. It has the ability to securely erase deleted files from the hard drive. As you probably know, when a file is deleted, it isn't actually gone. The reference to the file has been removed from the disk's directory, but the file itself still exists and is usually recoverable until it is overwritten by other files. The new version of CIPHER.EXE can be used to overwrite a deleted file so that it cannot be recovered.

Port Reporter

Port Reporter is a port logging utility that was originally designed for Windows 2000, but it also runs on Windows Server 2003 and Windows XP. The basic idea is that Port Reporter runs as a service on the machine that's being monitored. As the monitored computer communicates with other computers, Port Reporter logs information such as the ports that are being used, which processes are using which ports, whether or not a detected process is related to a service, the modules loaded by a process and the user account that is running the process.

PortQry

PortQry was originally intended as a diagnostic tool, but it also acts as an effective security tool. PortQry is a command line utility designed for troubleshooting TCP/IP connectivity issues. The Windows Server 2003 Support Tools originally included PortQry, but there is a newer version available for download.

Malicious Software Removal Tool

A lot of people don't realize it, but Microsoft automatically performs a virus scan on computers running Windows through the Malicious Software Removal Tool. The Malicious Software Removal Tool is an antivirus application that is kept up to date by Windows Update and is set to run periodically on Windows 2000, XP or Server 2003 computers.

Before you let your existing antivirus licenses expire though, you should know that the Malicious Software Removal Tool is not a substitute for the antivirus software that you are running now. That's because this tool only checks for the most common viruses and only runs periodic scans. It does not constantly monitor your file system for malicious changes like a normal antivirus application would.

The Malicious Software Removal Tool Web page also contains for downloading the tool independently of Windows Update. In addition, there is a link to an online version of the tool that can scan your system via an Active X control.

If you would like to learn more about these and other Microsoft security tools, you can do so at TechNet Security tools.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.

This tip originally appeared on SearchWindowsSecurity.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in Security across network boundaries with Secure Mobile Architecture USB storage devices: Two ways to stop the threat to network security Network security: Using unified threat management (UTM) Network security: Empower users without endangering IT Network analysis -- Enhancing security assessments VPN security: Hiding in plain sight, using network encryption Network Security Products As threats grow, crowdsourcing could be the future of network security Securing the new network architecture What security measures are recommended for each level of the TCP/IP model? Securing the new network architecture: Security for distributed, dynamic networks What is data loss prevention? -- An introduction to DLP To simulate voice over IPSec VPNs which simulators work? Is my firewall setting preventing wireless network guest access? How to configure Windows Server 2008 advanced firewall MMC snap-in How to retrieve passwords from locked laptops How to interpret test scan results to assess network vulnerability RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Nessus  (SearchNetworking.com) network analyzer  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.