Join Lisa Bock for an in-depth discussion in this video Understanding buffer overflows, part of IT Security Foundations: Core Concepts.
- A buffer overflow is a software vulnerability that occurs when a process or program puts more data into the buffer or memory area that is allocated for temporary storage. Buffers are created to contain a finite amount of data. The extra information which has to go somewhere can overflow and overwrite into adjacent buffers. Buffer overflows are common, as programmers fail to check and validate his or her source code, and damage can range from unexpected errors to very bad results.
Hackers love buffer overflow vulnerabilities and exploit them as much as possible. Let's take a look at how a buffer overflow happens. Here we can see some memory registers, spaces that we set aside to store data for a program. Let's say our program sets aside 10 bytes of storage for 10 characters, and if we save 10 or fewer bytes to this reserved memory range, nothing strange happens.
But if we try to save more than 10 bytes to this range, we step over the top of some other bytes that may contain information for other programs, or even for the operating system. When that other program goes to read the information it thinks is in the memory range reserved for it, strange things can happen, and if the information contained in the overflowed memory range is an executable program, the other program might end up running malicious code without even realizing it.
SANS is an organization that provides cybersecurity training and awareness. We can see that the buffer overflow is listed as a risky resource management issue. Here we see buffer copy without checking the size of input. This is a classic buffer overflow. And here we can see a little more information about this vulnerability. Microsoft has a tool called "Data Execution Prevention". This provides a safety net to prevent damage from malware that attempts to execute code from system memory locations reserved for Windows and other authorized programs.
Now we'll ensure they're on by going to the Control Panel, System and Security, and then System. I'll click on "Change Settings" and take a look at the system properties. In this case, I'm going to select the "Advanced" tab. And now I'm going to select "Settings". In "Performance Options", we can select "Data Execution Prevention". And here I say, turn on Data Execution Prevention for essential Windows programs and services only.
Let's check to see if it's activated. I've opened up my Task Manager, and under "Details", I can see the processes that are running. If you don't see "Data Execution Prevention", right-click and select the column "Data Execution Prevention". And as we can see, Data Execution Prevention is enabled for the essential operating system services.
Note: This course maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals 98-367 certification exam and is recommended test prep viewing.
- Differentiate between risks, threats, and vulnerabilities.
- Explain how to avoid worms and viruses.
- Define cookies, and explain how they preserve user information.
- Describe the WPA2 wireless security method.
- Cite the differences between public and private key encryption.
- Summarize how to use a virtual private network.
- Identify ways to minimize the attack surface.