Reduce Buffer Overflow Risks

Previous page
Table of content
Next page

If a service is overrun, it results in DoS or complete system compromise. When a malicious programmer can reliably predict where in memory his code will land during a buffer overflow, he can crash the related service and gain whatever security context the service was running in. Most service accounts have full access to the local machine. Reducing the number of services overall and reducing the privileges given to the remaining services will reduce the risk of successful attack.

Reduce Risk of Denial-of-Service Attacks

Every service gives the hacker a potential DoS attack. Most services are network accessible and any that are can be overpowered. One type of DoS attack simply sends a very large number of requests and connection attempts in a short period of time, overwhelming Windows' ability to simultaneously respond to all requests. It sends Windows into 100% CPU utilization and makes it run out of available memory. Either way, Windows stops responding to new requests. Another type of DoS attack might stop or crash the Windows service and prevent legitimate use until it is restarted. Many services have had programming flaws that allowed DoS attacks to occur from as little as one malformed packet. The attacker could send one packet to each PC on a network and stop all computing or send one packet to an IIS server and bring the web site down.

Reduce Management Overhead

Reducing the number of services and minimizing the security risk of those that are needed reduces management overhead. Every active service must be maintained and applicable patches applied. Even services installed but inactive need to be patched. For instance, if a user has the ability to install and/or activate IIS on their computer, it needs to be patched regardless of whether it is actually used. Unfortunately, most Microsoft patch management tools do not look for inactive services. This means if the service is installed but not activated, many patch management tools (e.g., MSBA, Windows Update, Microsoft Update, WSUS, SUS, etc.) do not patch it. This ensures that if the user, or malicious intruder, can activate it, it is most certainly unpatched and exploitable. By tightening services, you can prevent unauthorized, and unpatched, services from executing. By analyzing needed services, removing unneeded services, and tightening remaining services, you can significantly reduce your risk of successful attack.


Previous page
Table of content
Next page
Professional Windows Desktop and Server Hardening
Professional Windows Desktop and Server Hardening (Programmer to Programmer)
ISBN: 0764599909
EAN: 2147483647
Year: 2004
Pages: 122
Authors: Roger A. Grimes
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Agile Project Management: Creating Innovative Products (2nd Edition)
Developing Tablet PC Applications (Charles River Media Programming)
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Web Systems Design and Online Consumer Behavior
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy