Computer Tutorials
Computer Knowledge
Windows Security Baseline Verification Hardening Assistant
Windows Security Baseline Verification Hardening Assistant
Originally I wanted to take a look at MBSA (Microsoft
Baseline Security
Analyzer), but found that Microsoft has stopped updating it for a long time. I remember that when I wrote "Network Offensive and Defense Practical Research on Vulnerability Exploitation and Privilege Elevation", I did it alone I have introduced that MBSA is used to check the patching of system vulnerabilities. After searching for the official Microsoft website for a long time, I could not find the software. There are some websites in China that provide downloads of the software. For security reasons, I did not download it locally for testing. I accidentally found a small tool. The Windows security baseline can be checked and reinforced. The original implementation mainly detects the Windows registry values and then reinforces them. Software name WindowsBaselineAssistant, download address https://github.com/DeEpinGh0st/WindowsBaselineAssistant. The software is open source software and can be compiled directly or the compiled program can be downloaded
https://github.com/DeEpinGh0st/WindowsBaselineAssistant/releases/download/v1.2.1
/WindowsBaselineAssistant-v1.2.1.zip.
1. Run WindowsBaselineAssistant
Although it is open source software, three files are extracted after downloading. Please refer to Figure 1. Scanned by Tinder antivirus software, no virus threats were found.
Figure 1 Program File Situation
The software can be run directly under Windows 10, Net
Framework 4.0 and above. Compilation requires some dependencies: SunnyUI 3.6.3, SunnyUI.Common
3.6.3, System.ValueTuple 4.5.0, NPOI 2.5.1, Costura.Fody 4.1.0.
1.Detection rules
If you want to detect the TCP connection threshold for retransmission now
The detection type is to retrieve the registry. The retrieved registry path is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
The detection item is TcpMaxHalfOpenRetried
The standard value is 400
The data type is DWord
When the detection value is less than this value, it is judged to be consistent
is implemented as:
Check the threshold for TCP connections that are in SYN_RCVD state and have been retransmitted at least once xxxxxx registry HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesTcpipParameters TcpMaxHalfOpenRetried 400 lessnumber dword
Run WindowsBaselineAssistant.exe directly, and the running effect is shown in Figure 2.
Figure 2 Main interface of software operation
2. Detection and reinforcement
1. Detect system vulnerabilities
This tool software does not detect system patch repairs, but only detects some settings that may cause attacks, as shown in Figure 3. It is found that there are indeed many problems inside. It mainly depends on the test results. If there are non-conforming items, it will be displayed in red.
Figure 3 Security Test Results
2. Reinforcement
Click Reinforcement and the software will automatically correct the values in the registry. The reinforcement is completed. The author actually tested it and found it convenient.
3.Export results
Click "Export Results", as shown in Figure 4, you will be prompted to export the hardening results to the current directory of the program.
Figure 4 Export reinforcement results
4. View the reinforcement results
Open the "Windows Security Baseline Detection Hardening Results Summary Table-192.168.1.37.xlsx" file, as shown in Figure 5, to view detailed results.
Figure 5 Check the reinforcement results
5. Customized reinforcement rules
The software also provides custom rules, as shown in Figure 6, which detects based on registry values.
Figure 6 Customized reinforcement rules
3. Summary and evaluation
The software only detects some default settings. Through reinforcement, the security of the system can be enhanced to a certain extent. The only drawback is that it cannot view the patches for high-risk system vulnerabilities. Microsoft's MBSA2.3 version can detect patches for Windows systems. Compare and provide repair suggestions.
The above is the detailed content of Windows Security Baseline Verification Hardening Assistant. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Can I install mysql on Windows 7
Apr 08, 2025 pm 03:21 PM
Yes, MySQL can be installed on Windows 7, and although Microsoft has stopped supporting Windows 7, MySQL is still compatible with it. However, the following points should be noted during the installation process: Download the MySQL installer for Windows. Select the appropriate version of MySQL (community or enterprise). Select the appropriate installation directory and character set during the installation process. Set the root user password and keep it properly. Connect to the database for testing. Note the compatibility and security issues on Windows 7, and it is recommended to upgrade to a supported operating system.
How to solve mysql cannot connect to local host
Apr 08, 2025 pm 02:24 PM
The MySQL connection may be due to the following reasons: MySQL service is not started, the firewall intercepts the connection, the port number is incorrect, the user name or password is incorrect, the listening address in my.cnf is improperly configured, etc. The troubleshooting steps include: 1. Check whether the MySQL service is running; 2. Adjust the firewall settings to allow MySQL to listen to port 3306; 3. Confirm that the port number is consistent with the actual port number; 4. Check whether the user name and password are correct; 5. Make sure the bind-address settings in my.cnf are correct.
Solutions to the errors reported by MySQL on a specific system version
Apr 08, 2025 am 11:54 AM
The solution to MySQL installation error is: 1. Carefully check the system environment to ensure that the MySQL dependency library requirements are met. Different operating systems and version requirements are different; 2. Carefully read the error message and take corresponding measures according to prompts (such as missing library files or insufficient permissions), such as installing dependencies or using sudo commands; 3. If necessary, try to install the source code and carefully check the compilation log, but this requires a certain amount of Linux knowledge and experience. The key to ultimately solving the problem is to carefully check the system environment and error information, and refer to the official documents.
MySQL can't be installed after downloading
Apr 08, 2025 am 11:24 AM
The main reasons for MySQL installation failure are: 1. Permission issues, you need to run as an administrator or use the sudo command; 2. Dependencies are missing, and you need to install relevant development packages; 3. Port conflicts, you need to close the program that occupies port 3306 or modify the configuration file; 4. The installation package is corrupt, you need to download and verify the integrity; 5. The environment variable is incorrectly configured, and the environment variables must be correctly configured according to the operating system. Solve these problems and carefully check each step to successfully install MySQL.
Unable to access mysql from terminal
Apr 08, 2025 pm 04:57 PM
Unable to access MySQL from the terminal may be due to: MySQL service not running; connection command error; insufficient permissions; firewall blocks connection; MySQL configuration file error.
How to copy and paste mysql
Apr 08, 2025 pm 07:18 PM
Copy and paste in MySQL includes the following steps: select the data, copy with Ctrl C (Windows) or Cmd C (Mac); right-click at the target location, select Paste or use Ctrl V (Windows) or Cmd V (Mac); the copied data is inserted into the target location, or replace existing data (depending on whether the data already exists at the target location).
How to pull the vertical reference line of PS
Apr 06, 2025 pm 08:18 PM
Pull vertical guides in Photoshop: Enable ruler view (View > ruler). Hover the mouse over the vertical edge of the ruler, and then the cursor becomes a vertical line with double arrows and hold and drag the mouse to pull out the reference line. Click Delete by dragging the guide, or hovering it into a cross.
MySQL download prompts disk write errors how to deal with
Apr 08, 2025 am 11:51 AM
MySQL download prompts a disk write error. The solution is as follows: 1. Check whether the disk space is insufficient, clean up the space or replace a larger disk; 2. Use disk detection tools (such as chkdsk or fsck) to check and fix disk errors, and replace the hard disk if necessary; 3. Check the target directory permissions to ensure that the user account has write permissions; 4. Change the download tool or network environment, and use the download manager to restore interrupted download; 5. Temporarily close the anti-virus software or firewall, and re-enable it after the download is completed. By systematically troubleshooting these aspects, the problem can be solved.
