Advanced Windows security using EMET

Solid Defense

Protection Techniques

EMET can protect against a range of attacks and well-known exploits in Windows. When you look into EMET, you will encounter many abbreviations, such as DEP, SEHOP, Null Page, Heap Spray, EAF, EAF+, ASR, Mandatory ASLR, and Bottom-up ASLR. Do not be confused: The EMET user guide provides a good explanation for many of the terms.

Before using EMET on a large scale on a variety of Windows computers, you should at least have a basic idea of how these technologies work, because activating protections can cause problems for a small number of applications. It is therefore advisable to try EMET in advance in a test environment with the applications used in the company. The standard EMET functions include:

  • Data Execution Prevention (DEP)
  • Structured Exception Handler Overwrite Protection (SEHOP)
  • Address Space Layout Randomization (ASLR)

These functions work system-wide, whereas the other technologies mentioned are used for specific applications. Below, I will explain the three most common mechanisms.

Data Execution Prevention

DEP prevents defective program code from being executed in system memory areas that are reserved for Windows and other authorized programs. DEP has been available as a hardware and software function since Windows XP and can be configured rudimentarily using the Windows Control Panel. EMET expands the DEP functionality and allows applications that were not intended to use DEP and that have problems with the mechanism to take advantage of the DEP function.

Structured Exception Handler Overwrite Protection

SEHOP [4] is a Windows function from Vista SP1 onward that attempts to fend off attacks that are based on overwriting the structured exception handler (SEH). This protection mechanism is available for the run time of an application. SEHOP is enabled by default in Windows 7 and higher. EMET does not then detect whether SEHOP is in use. Windows instead writes the related information in the event viewer's application log.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus