{"id":249,"date":"2011-02-26T21:58:42","date_gmt":"2011-02-27T02:58:42","guid":{"rendered":"http:\/\/rud.is\/b\/?p=249"},"modified":"2017-03-27T09:39:25","modified_gmt":"2017-03-27T14:39:25","slug":"never-a-better-time-to-baseline","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/","title":{"rendered":"Never A Better Time To Baseline"},"content":{"rendered":"

If you’re preparing to install Windows 7 or Windows Server 2008 R2 Service Pack 1<\/a>, now would be a good time to give Microsoft’s Attack Surface Analyzer<\/span> a spin. ASA takes a baseline snapshot of your system state and then lets you take another snapshot after any configuration change or product installation and displays the changes to a number of key elements of the Windows attack surface, including analysis of changed or newly added files, registry keys, services, ActiveX Controls, listening ports, access control lists and other parameters.<\/p>\n

Ideally<\/i>, you’d take your baseline after a fresh install of your workstation or server from known, good media\/images and after your own base configuration changes.<\/p>\n

This would also be a good thing to do when building your base VM images so you can then validate their state as you duplicate and modify VDIs.<\/p><\/blockquote>\n

The installation of a Service Pack is a pretty radical change to your environment. If you run ASA prior to the SP install you can see if there are any significant changes to your system’s security profile after the bundle of patches and hotfixes are put down. You could also use the SP1 event to baseline post-install, provided you’ve done as thorough of a malware & rootkit sweep as can be done (you still cannot truly trust the results).<\/p>\n

It may take some discipline to run ASA regularly on your personal systems every time you update software or drivers. IT shops should have an easier time scripting ASA during system deployments as well as application code updates. In either scenario, this free tool from Microsoft should help make you a more informed user and also aid you in building and maintaining more secure systems.<\/p>\n

See also: MSDN SDLC blog post on the new Attack Surface Analyzer<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

If you’re preparing to install Windows 7 or Windows Server 2008 R2 Service Pack 1, now would be a good time to give Microsoft’s Attack Surface Analyzer a spin. ASA takes a baseline snapshot of your system state and then lets you take another snapshot after any configuration change or product installation and displays the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[20,3,9,6,11],"tags":[302,147,111,304,301,305,112,306,176,303,307],"class_list":["post-249","post","type-post","status-publish","format-standard","hentry","category-drivers","category-information-security","category-operating-systems","category-software","category-windows","tag-mediaimages","tag-microsoft","tag-microsoft-windows","tag-rootkit","tag-secure-systems","tag-slipstream","tag-windows-7","tag-windows-nt","tag-windows-server","tag-windows-server-2008","tag-windows-vista"],"yoast_head":"\nNever A Better Time To Baseline - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Never A Better Time To Baseline - rud.is\" \/>\n<meta property=\"og:description\" content=\"If you’re preparing to install Windows 7 or Windows Server 2008 R2 Service Pack 1, now would be a good time to give Microsoft’s Attack Surface Analyzer a spin. ASA takes a baseline snapshot of your system state and then lets you take another snapshot after any configuration change or product installation and displays the […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2011-02-27T02:58:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-03-27T14:39:25+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"Never A Better Time To Baseline\",\"datePublished\":\"2011-02-27T02:58:42+00:00\",\"dateModified\":\"2017-03-27T14:39:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/\"},\"wordCount\":305,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"keywords\":[\"media\/images\",\"Microsoft\",\"Microsoft Windows\",\"Rootkit\",\"secure systems\",\"Slipstream\",\"Windows 7\",\"Windows NT\",\"Windows Server\",\"Windows Server 2008\",\"Windows Vista\"],\"articleSection\":[\"Drivers\",\"Information Security\",\"Operating Systems\",\"Software\",\"Windows\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/\",\"url\":\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/\",\"name\":\"Never A Better Time To Baseline - rud.is\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/#website\"},\"datePublished\":\"2011-02-27T02:58:42+00:00\",\"dateModified\":\"2017-03-27T14:39:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/rud.is\/b\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Never A Better Time To Baseline\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/rud.is\/b\/#website\",\"url\":\"https:\/\/rud.is\/b\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/rud.is\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\/\/rud.is\"],\"url\":\"https:\/\/rud.is\/b\/author\/hrbrmstr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Never A Better Time To Baseline - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/","og_locale":"en_US","og_type":"article","og_title":"Never A Better Time To Baseline - rud.is","og_description":"If you’re preparing to install Windows 7 or Windows Server 2008 R2 Service Pack 1, now would be a good time to give Microsoft’s Attack Surface Analyzer a spin. ASA takes a baseline snapshot of your system state and then lets you take another snapshot after any configuration change or product installation and displays the […]","og_url":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/","og_site_name":"rud.is","article_published_time":"2011-02-27T02:58:42+00:00","article_modified_time":"2017-03-27T14:39:25+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"Never A Better Time To Baseline","datePublished":"2011-02-27T02:58:42+00:00","dateModified":"2017-03-27T14:39:25+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/"},"wordCount":305,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"keywords":["media\/images","Microsoft","Microsoft Windows","Rootkit","secure systems","Slipstream","Windows 7","Windows NT","Windows Server","Windows Server 2008","Windows Vista"],"articleSection":["Drivers","Information Security","Operating Systems","Software","Windows"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/","url":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/","name":"Never A Better Time To Baseline - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2011-02-27T02:58:42+00:00","dateModified":"2017-03-27T14:39:25+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2011\/02\/26\/never-a-better-time-to-baseline\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"Never A Better Time To Baseline"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-41","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":87,"url":"https:\/\/rud.is\/b\/2011\/02\/09\/quick-hits-2011-02-09\/","url_meta":{"origin":249,"position":0},"title":"Quick Hits :: 2011-02-09","author":"hrbrmstr","date":"2011-02-09","format":false,"excerpt":"Security VSR uses some high-ish profile attacks from 2010 to provide fodder for the VAR community :: Security Risk: Top Hacker Attacks of 2010. I include it as the examples they provide should make it easier for folks doing presentations where they need to show real-life attacks (without sifting through\u2026","rel":"","context":"In "HTML5"","block_context":{"text":"HTML5","link":"https:\/\/rud.is\/b\/category\/html5\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":49,"url":"https:\/\/rud.is\/b\/2011\/02\/05\/spaces-for-windows\/","url_meta":{"origin":249,"position":1},"title":"‘Spaces’ for Windows","author":"hrbrmstr","date":"2011-02-05","format":false,"excerpt":"UPDATE [2011-02-05] Added VirtuaWin to the list thanks to a tip by @ken5m1th. I've been setting up a relatively new 64-bit Windows 7 Ultimate machine and decided to see if the virtual desktops landscape had changed much in the recent past. It's amazing that with all of the feature duplication\u2026","rel":"","context":"In "Operating Systems"","block_context":{"text":"Operating Systems","link":"https:\/\/rud.is\/b\/category\/operating-systems\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11,"url":"https:\/\/rud.is\/b\/2011\/02\/02\/11hdmi-overscan-tweak-for-wimpy-windows-font-display\/","url_meta":{"origin":249,"position":2},"title":"HDMI Overscan Tweak For Wimpy Windows Font Display","author":"hrbrmstr","date":"2011-02-02","format":false,"excerpt":"I recently hooked up a Windows 7 box to my Dell ST2310 monitor and was surprised at just how horrid the fonts looked, especially since my MacBook Pro looks fantastic using both DVI and HDMI with the display. I even tried all the ClearType tweaks to no avail. Then, it\u2026","rel":"","context":"In "Displays"","block_context":{"text":"Displays","link":"https:\/\/rud.is\/b\/category\/displays\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11659,"url":"https:\/\/rud.is\/b\/2018\/11\/17\/tis-the-season-to-check-your-ssl-tls-cipher-list-thrice-rcurl-curl-openssl\/","url_meta":{"origin":249,"position":3},"title":"Tis the Season to Check your SSL\/TLS Cipher List Thrice (RCurl\/curl\/openssl)","author":"hrbrmstr","date":"2018-11-17","format":false,"excerpt":"The libcurl library (the foundational library behind the RCurl and curl packages) has switched to using OpenSSL's default ciphers since version 7.56.0 (October 4 2017). If you're a regular updater of curl\/httr you should be fairly current with these cipher suites, but if you're not a keen updater or use\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":81,"url":"https:\/\/rud.is\/b\/2011\/02\/08\/quick-hits-2011-02-08\/","url_meta":{"origin":249,"position":4},"title":"Quick Hits :: 2011-02-08","author":"hrbrmstr","date":"2011-02-08","format":false,"excerpt":"Security Originally meant to improve the security of jailbroken iOS devices, antid0te is now also available for OS X Snow Leopard thanks to the efforts of Stefan Esser. Since Apple engineers did not see fit to load the dynamic linker - dyld - at a random base address, they left\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12497,"url":"https:\/\/rud.is\/b\/2019\/09\/14\/rswitch-1-5-0-release-now-also-corrals-rstudio-server-connections\/","url_meta":{"origin":249,"position":5},"title":"RSwitch 1.5.0 Release Now Also Corrals RStudio Server Connections","author":"hrbrmstr","date":"2019-09-14","format":false,"excerpt":"RSwitch is a macOS menubar application that works on macOS 10.14+ and provides handy shortcuts for developing with R on macOS. Version 1.5.0 brings a reorganized menu system and the ability to manage and make connections to RStudio Server instances. Here's a quick peek at the new setup: All books,\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/rud.is\/b\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2019\/09\/rswitch-1.5.0-rstudio-server.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2019\/09\/rswitch-1.5.0-rstudio-server.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2019\/09\/rswitch-1.5.0-rstudio-server.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2019\/09\/rswitch-1.5.0-rstudio-server.png?resize=700%2C400 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=249"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/249\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}