Lead Image © Andrii IURLOV, 123RF.com

Advanced Windows security using EMET

Solid Defense

Article from ADMIN 29/2015

By Marc Grote

Although attacks on computers are numerous and varied, they are predominantly based on the same techniques. Microsoft closes these vulnerabilities on Windows computers using the Enhanced Mitigation Experience Toolkit (EMET).

Using Microsoft's Enhanced Mitigation Experience Toolkit (EMET) [1], you can prevent attackers from exploiting security gaps in the software that you have installed on Windows computers. The security technologies used to limit damage cannot completely eliminate security risks, but instead, they meaningfully serve to complement other security measures.

Such measures include installing the latest security updates using Windows Firewall with Advanced Security and using User Account Control (UAC). Additionally, EMET provides a configurable function for determining the trustworthiness of SSL certificates. This function aims to detect and prevent man-in-the-middle attacks.

Installing EMET

You can download EMET for free from Microsoft's website [2]. For use in companies, you have the option of distributing EMET using the System Center Configuration Manager (SCCM) or the software distribution functions of Active Directory's group policies (more on that later). The configuration of EMET can be automated using group policies and administrative templates (ADMX files). EMET supports all current versions on Windows platforms. For clients, these are:

Vista SP2
7 SP1
8
8.1

The tool supports the following versions on the Windows Server side:

2003 SP2
2008 SP2
2008 R2 SP1
2012
2012 R2

On Windows Server 2003, a few limitations are described in the release notes and the EMET user guide, which are part of the EMET downloads. Read the user guide before using EMET, because it expands on the important configuration steps and provides an overview of the EMET protection technologies.