公共实验室信息安全评估实验报告

2023年12月21日发(作者：)

公共实验室信息安全评估实验报告

时间：2012-11-21

地点：南一楼807室

实验人员： xxx

一、实验目的

首先学习利用工具对本地主机运行状态进行安全评估，分析本地主机安全隐患，并生成相应的报告文件。对系统进行综合评估，发现主机应用服务状态，对外安全隐患。利用X-Scan扫描系统漏洞并分析，对漏洞进行防御。

将评估结果形成一个完整的评估报告，并对被分析的网络系统提出改进建议，提升其整体安全性。

二、实验步骤

(1) SecAnalyst运行状态评估

通过Secanalyst可以扫描出系统基于进程和文件的安全隐患。

(2) MBSA综合评估

微软设计的基于Windows系统的综合扫描工具。

(3) X-scan攻击扫描评估

X-Scan是完全免费软件，无需注册，无需安装(解压缩即可运行，自动检查并安装WinPCap驱动程序)。采用多线程方式对指定IP地址段(或单机)进行安全漏洞检测，支持插件功能。扫描内容包括：远程服务类型、操作系统类型及版本，各种弱口令漏洞、后门、应用服务漏洞、网络设备漏洞、拒绝服务漏洞等二十几个大类。对于多数已知漏洞，我们给出了相应的漏洞描述、解决方案及详细描述链接，其它漏洞资料正在进一步整理完善中。

(4) MSAT安全评估

微软安全风险评估工具(MSAT)是一种免费工具，它的设计是为了帮助企业来评估当前的IT安全环境中所存在的弱点。它按优先等级列出问题，并提供如何将风险降到最低的具体指导。MSAT是一种用来巩固计算机安全环境和企业安全的工具，简便而实惠。它通过快速扫描当前的安全状况来启动程序，然后使用MSAT来持续监测您的基础设施应对安全威胁的能力。

三、实验记录

(1) SecAnalyst运行状态评估

#T0 SecAnalyst 分析报告 版本:0, 4, 0, 47

#操作系统 : Professional (Build 7600) (CHS)

#系统目录 : C:Windowssystem32

#浏览器 : Internet Explorer 8.0.7600.16385

#生成时间 : 2012-11-19 12:37:13

#T2 请把报告贴到安全救援中心,我们的专家会为你做出诊断，另外，报告中的安全风险值仅仅表示可疑程度。

#Q1 (请在此输入你的电脑遇到的问题和异常情况..)

#O4 警告 自启动:[hkey_local_machinesoftwaremicrosoftwindowscurrentversionshell

extensionsapproved360软件管家右键卸载 Shell Extension]-c:program

#O4 低风险 自启动:[hkey_local_machinesoftwaremicrosoftwindowscurrentversionshell

extensionsapprovedSimpleShlExt extension]-c:program files魔法桌面美化王

#O4 低风险 自启动:[hkey_local_machinesoftwaremicrosoftwindowscurrentversionshell

extensionsapprovedNVIDIA Play On My TV Context Menu Extension]-c:

#O4 低风险 自启动:[hkey_local_machinesoftwaremicrosoftwindowscurrentversionshell

extensionsapprovedHaoZip Shell Extension]-c:program

#O4 低风险 自启动:[hkey_local_machinesoftwaremicrosoftwindowscurrentversionshell

extensionsapprovedDeveloper Studio Components]-f:microsoft visual

#O4 低风险 自启动:[hkey_local_machinesoftwaremicrosoftwindowscurrentversionshell

extensionsapprovedRegistered ActiveX Controls]-f:microsoft visual

#O4 低风险 自启动:[hkey_current_usersoftwaremicrosoftwindowscurrentversionrun360sd]-"c:program " /autorun

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:Program FilesLenovoATK

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:Program FilesCommon

#D0 低风险 驱动: C:

#D0 低风险 驱动: C:

#R0 警告 Homepage: /?tn=62002018_10_hao_pg -

HKCUSoftwareMicrosoftInternet ExplorerMain, Start Page

#O2 危险 BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:Program

#O2 警告 BHO: {00000000-12C9-4305-82F9-43058F20E8D2} - C:Program

#O2 低风险 BHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -

C:

#O2 低风险 BHO: {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:Program

FilesThunder

#O2 低风险 BHO: {A8502600-B272-4F68-A67B-A0305D46D297} - C:Program

#O2 低风险 BHO: {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - [file not found]

#O3 低风险 Toolbar: Locked - - [file not found]

#P0 危险 进程:c:program

#P0 危险 进程:c:program

#P0 危险 进程:c:program

#P0 危险 进程:c:program

#P0 低风险 进程:c:

#P0 低风险 进程:c:program

#P0 低风险 进程:c:program

#P0 低风险 进程:c:program

#P0 低风险 进程:c:program

#HS0 低风险 隐藏服务: 360电脑技师服务 - 启动方式： - 当前状态： - "C:Program

" /service [file not found]

#S0 危险 NT 服务: SddSUpdate - 启动方式: 手动 - 当前状态: 已停止 - C:Program

#S0 危险 NT 服务: MDM - 启动方式: 手动 - 当前状态: 已停止 - "C:Program

FilesCommon FilesMicrosoft "

#S0 警告 NT 服务: 360rp - 启动方式: 自动 - 当前状态: 已停止 - "C:Program

"

#S0 警告 NT 服务: Bonjour Service - 启动方式: 手动 - 当前状态: 已停止 -

"C:Program "

#S0 警告 NT 服务: LFKAS - 启动方式: 手动 - 当前状态: 已停止 - C:Program

FilesLenovoATK

#S0 警告 NT 服务: DTLService - 启动方式: 手动 - 当前状态: 已停止 - C:Program

#S0 警告 NT 服务: lkClassAds - 启动方式: 自动 - 当前状态: 已启动 -

C:

#S0 警告 NT 服务: TSUSVC - 启动方式: 手动 - 当前状态: 已停止 - "C:Program

" -run

#S0 警告 NT 服务: nvsvc - 启动方式: 自动 - 当前状态: 已启动 -

C:

#S0 警告 NT 服务: AdobeFlashPlayerUpdateSvc - 启动方式: 手动 - 当前状态: 已停

止 - C:

#S0 低风险 NT 服务: 360js - 启动方式: 自动 - 当前状态: 已启动 - "C:Program

" /service

#S0 低风险 NT 服务: ATKGFNEXSrv - 启动方式: 手动 - 当前状态: 已停止 - C:Program

FilesLenovoATK

#S0 低风险 NT 服务: ASLDRService - 启动方式: 手动 - 当前状态: 已停止 -

C:Program FilesLenovoATK

#S0 低风险 NT 服务: niSvcLoc - 启动方式: 自动 - 当前状态: 已启动 -

C: -s

#S0 低风险 NT 服务: XYNTService - 启动方式: 手动 - 当前状态: 已停止 -

C:UsersADMINI~1AppDataLocalTemp{EBAAF778-01D3-4B58-8414-206B05B30885}{061A431C-86E7-4DB4-92B8-36DE783865CF} - [file not found]

#S0 低风险 NT 服务: NILM License Manager - 启动方式: 已禁用 - 当前状态: 已停止 -

"F:instumentsSharedLicense " - [file not found]

#S0 低风险 NT 服务: dm_srv - 启动方式: 手动 - 当前状态: 已停止 -

e:DMDBMSdmdmServerdm_ - [file not found]

#S0 低风险 NT 服务: lkTimeSync - 启动方式: 自动 - 当前状态: 已启动 -

C:

#S0 低风险 NT 服务: FLEXnet Licensing Service - 启动方式: 手动 - 当前状态: 已停止 - "C:Program FilesCommon FilesMacrovision SharedFLEXnet

"

#S0 低风险 NT 服务: Serv-U - 启动方式: 手动 - 当前状态: 已停止 - "C:Program

" -service

#S0 低风险 NT 服务: ZhuDongFangYu - 启动方式: 自动 - 当前状态: 已启动 -

"C:Program "

#S0 低风险 NT 服务: AlipayUpdaterSvc - 启动方式: 自动 - 当前状态: 已启动 -

C:Program FilesCommon

#S0 低风险 NT 服务: MySQL - 启动方式: 自动 - 当前状态: 已启动 - "C:Program

FilesMySQLMySQL Server 5.5binmysqld" --defaults-file="C:Program

FilesMySQLMySQL Server " MySQL

#S0 低风险 NT 服务: SdDUpdService - 启动方式: 手动 - 当前状态: 已停止 -

C:Program

#F0 危险 文件关联: .html - "C:Program "

"%1"

#F0 危险 文件关联: .htm - "C:Program "

"%1"

(2) MBSA综合评估

Report Details for WORKGROUP - ZJL-PC (2012-11-21 13:08:38)

Security assessment:

Incomplete Scan (Could not complete one or more requested checks.)

WORKGROUPZJL-PC

192.168.1.153

WORKGROUP - ZJL-PC (2012-11-30 星期五 淇 1-08)

2012/11/30 星期五 淇 1:08

2.2.2170.0

Security updates scan not performed

Computer name:

IP address:

Security report name:

Scan date:

Scanned with MBSA version:

Catalog synchronization date:

Sort Order:

Score (worst first)

Windows Scan Results

Administrative Vulnerabilities

Score Issue Result

The Automatic Updates feature is disabled on this computer.

What was scanned How to correct this

Automatic

Updates

Incomplete

Updates

A previous software update installation was not completed. You must restart your computer to finish the

installation. If the incomplete installation was a security update, then the computer may be at risk until the

computer is restarted.

What was scanned How to correct this

Password

Expiration

All user accounts (3) have non-expiring passwords.

What was scanned Result details How to correct this

Windows Firewall is enabled and has exceptions configured. Windows Firewall is enabled on all network

connections.

What was scanned Result details How to correct this

Windows

Firewall

Local Account Some user accounts (2 of 3) have blank or simple passwords, or could not be analyzed.

Password Test

What was scanned Result details

File System All hard drives (4) are using the NTFS file system.

What was scanned Result details

Autologon is not configured on this computer.

What was scanned

Autologon

Guest Account The Guest account is disabled on this computer.

What was scanned

Restrict

Anonymous

Computer is properly restricting anonymous access.

What was scanned

Administrators No more than 2 Administrators were found on this computer.

What was scanned Result details

Additional System Information

Score Issue Result

Neither Logon Success nor Logon Failure auditing are enabled. Enable auditing and turn on auditing for specific Auditing

events such as logon and logoff. Be sure to monitor your event log to watch for unauthorized access.

What was scanned How to correct this

Services No potentially unnecessary services were found.

What was scanned

No shares are present on your computer.

What was scanned

Shares

Windows

Version

Computer is running Microsoft Windows 7.

What was scanned

Internet Information Services (IIS) Scan Results

Score Issue Result

IIS is not running on this computer.

IIS Status

SQL Server Scan Results

Instance SQLEXPRESS

Administrative Vulnerabilities

Score Issue Result

SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local

Administrators group or run as LocalSystem.

What was scanned Result details How to correct this

Service

Accounts

Folder

Permissions

Permissions on the SQL Server and/or MSDE installation folders are not set properly.

What was scanned Result details How to correct this

SQL SQL Server and/or MSDE authentication mode is set to Windows Only.

Server/MSDE

What was scanned

Security Mode

Registry

Permissions

The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

What was scanned

CmdExec is restricted to sysadmin only.

What was scanned

CmdExec role

Sysadmins Could not perform this check because SQL Server and/or MSDE was not running.

Sysadmin role Could not perform this check because SQL Server and/or MSDE was not running.

members

Password Policy Could not perform this check because SQL Server and/or MSDE was not running.

SSIS Roles Could not perform this check because SQL Server and/or MSDE was not running.

Could not perform this check because SQL Server and/or MSDE was not running.

Sysdtslog

Guest Account Could not perform this check because SQL Server and/or MSDE was not running.

Instance (default)

Administrative Vulnerabilities

Score Issue Result

SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local

Administrators group or run as LocalSystem.

What was scanned Result details How to correct this

Service

Accounts

Password Policy Enable password expiration for the SQL server accounts.

What was scanned How to correct this

Folder

Permissions

Permissions on the SQL Server and/or MSDE installation folders are not set properly.

What was scanned Result details How to correct this

More than 2 members of sysadmin role are present.

What was scanned How to correct this

Sysadmins

SQL SQL Server and/or MSDE authentication mode is set to SQL Server and/or MSDE and Windows (Mixed Mode).

Server/MSDE

What was scanned How to correct this

Security Mode

Sysadmin role BUILTINAdministrators group should not be part of sysadmin role.

members

What was scanned How to correct this

Sysdtslog Do not create sysdtslogs90 in the Master or MSDB is recommended to create a seperate logging

database.

What was scanned How to correct this

SSIS Roles The BUILTIN Admin does not belong to the SSIS roles.

What was scanned

Registry

Permissions

The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

What was scanned

CmdExec is restricted to sysadmin only.

What was scanned

CmdExec role

Guest Account The Guest account is not enabled in any of the databases.

What was scanned

Desktop Application Scan Results

Administrative Vulnerabilities

Score Issue Result

Internet Explorer zones do not have secure settings for some users.

What was scanned Result details How to correct this

IE Zones

Macro Security No supported Microsoft Office products are installed.

(3) X-scan攻击扫描评估

X-Scan 检测报告

本报表列出了被检测主机的详细漏洞信息, 请根据提示信息或链接内容进行相应修补. 欢迎参加X-Scan脚本翻译项目

扫描时间

2012/11/30 星期五 淇 12:45:23 - 2012/11/21 星期五 淇 12:47:55

检测结果

存活主机

漏洞数量

警告数量

提示数量

1

0

1

67

主机列表

主机

localhost检测结果

发现安全警告

主机摘要 - OS: Windows NT 6.1; PORT/TCP: 135, 445, 3306

[返回顶部]

主机分析: localhost

主机地址

localhost

localhost

localhost

localhost

localhost

localhost

localhost

端口/服务

microsoft-ds (445/tcp)服务漏洞

发现安全提示

发现安全提示

发现安全提示

发现安全提示

MySql (3306/tcp)epmap (135/tcp)DCE/d95afe70-a6d5-4259-822e-2c84da1ddb0d

(49152/tcp)DCE/f6beaff7-1e19-4fbb-9f8f-发现安全提示

b89e2018337c (49153/tcp)unknown (49154/tcp)发现安全提示

发现安全提示

DCE/367abb81-9844-35f1-ad32-98f038001003

(49156/tcp)localhost

DCE/12345778-1234-abcd-ef00-ac

(49157/tcp)发现安全提示

localhost

DCE/30adc50c-5cbc-46ce-9a0e-91914789e23c

(49153/tcp)发现安全提示

localhost

DCE/3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5

(49153/tcp)发现安全提示

localhost

localhost

localhost

DCE/06bba54a-be05-49f9-b0a0-30f790261023

(49153/tcp)发现安全提示

发现安全提示

发现安全提示

unknown (49153/tcp)DCE/86d35949-83c9-4044-b424-db363231fd0c

(49154/tcp)localhost

DCE/201ef99a-7fa0-444c-9399-19ba84f12a1a

(49154/tcp)发现安全提示

localhost

DCE/5f54ce7d-5b79-4175-8584-cb65313a0e98

(49154/tcp)发现安全提示

localhost

DCE/fd7a0523-dc70-43dd-9b2e-9c5ed48225b1

(49154/tcp)发现安全提示

localhost

localhost

localhost

DCE/58e604e8-9adb-4d2e-a464-3b0683fb1480

(49154/tcp)发现安全提示

发现安全警告

发现安全提示

ms-sql-m (1434/udp)tcp (4) MSAT安全评估

Microsoft Security Assessment Tool

zjl

完成 30-十一月-12 13:22

业务风险配置文件 与 纵深防御指数 汇总报表

四、实验总结

4．1总结系统主要的安全漏洞是哪些？

答：系统主要的安全漏洞主要有系统本身自带漏洞，系统开放端口漏洞，系统加载软件的安全性能以及人员的安全素养。

4．2针对实验中的MSAT安全评估报告，除了MSAT提出的建议，自己思考提出针对系统安全改进建议。

1．

答：针对MSAT的报告，BRP 分数较低而 DiDI 分数较高似乎就表示一个良好结果，但是情况并不总是这样。 此自我评估的范围并不允许将所有因素都考虑在内。 在特定的

AoA 中，如果 BRP 分数与 DiDI 分数有明显差异，建议您进一步检查此 AoA。 在分析结果时，考虑与 BRP 和 DiDI 都有紧密联系的单项分数很重要。 如果所有区域的分数都相对较为平均，则表示环境比较稳定。 如果 DiDI 分数之间存在差异，则表明整体安全战略注重的是单个缓解技巧。 如果安全战略没有使人员、流程和技术方面达到平衡，环境将可能更容易遭受攻击。