Popular in Course
verified elite notetaker
Popular in Department
This 4 page Study Guide was uploaded by kimwood Notetaker on Monday November 9, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 24 views.
Reviews for ISSC363_Assignment_7
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/09/15
BUFFER OVERFLOWS 1 Buffer Overflow Attacks Brian Page American Military University BUFFER OVERFLOWS 2 Introduction The most common vulnerability in software in recent years is buffer overflow vulnerabilities, especially in remote access applications. These attacks specifically allow anyone to take control of a host system. Buffer overflow vulnerabilities present a malicious attacker with exactly what they are looking for, the ability to execute or inject malicious code. Buffer Overflow To understand the purpose behind a buffer overflow attack you have to understand how they work. Buffer Overflow’s take advantage of a program that is in a state of waiting for a user’s input. They occur when a program attempts to store more data than it was designed to hold. There are three main types of Buffer Overflow attacks; they are heap based, stack based and string based. You must remember that Buffer Overflow attacks exploit a vulnerability in the programming that allows a malicious attacker to interrupt the normal process of operation. Heap Based The Heap is memory that has been dynamically allocated and is separated from the memory allocated for the stack and code. Heap based Buffer Overflow attacks happen when memory is allocated to the heap and data is written to it without bound checking the data. This leads to critical data being overwritten in the heap such as headers or object pointers. These type of attacks are harder to perform than Stack based or String based attacks. Another thing to remember also is that heap overflows are rarely reported. Stack Based Stack based Buffer Overflows are caused by programs and software that do not verify the length of the data that is being copied into the buffer. An attacker can exploit this vulnerability by BUFFER OVERFLOWS 3 adding more data than expected to the stack which essentially overwrites the data that the programmer though could not be replaced. Ideally, programmers would write software to guard against these types of attacks. String Based Strings based attacks effect the stack, but, take the data and display it for print. Malicious attackers have found ingenious ways of using this method to write to memory. String attacks add a single address that points to another address in memory where new instructions have been planted in order to execute. Playing Defense The best defense to Buffer overflow attacks, in a perfect world is perfect programming. Since we know this can never happen, the easiest most effective way to prevent these attacks is called a stack canary. If an attacker executes a buffer overflow attack, the data will overflow from the assigned buffer into EIP and it will overwrite the stack canary. Data Execution Prevention is also another safeguard in Buffer Overflow prevention. DEP marks areas of the stack as nonexecutable. Conclusion While there are many ways that Buffer Overflows can be used to exploit a system, new and inventive technologies are being constantly developed to help mitigate them. Developers need to be educated about how to mitigate the use of Heap, Stack and String based vulnerabilities. Many of the tools that programmers use to compile their code now have validation features that let them know if the possibility exists when the code is compiled. Prevention technology needs to be implemented on the workstations, servers and gateways. BUFFER OVERFLOWS 4 Email viruses are very much a thing of the past. The more administrators know about these attacks, the easier it will be to protect their systems. References Cited Eye, V. (n.d.). Heap Overflow: Vulnerability and Heap Internals Explained InfoSec Institute. Retrieved November 25, 2014, from http://resources.infosecinstitute.com/heapoverflow vulnerabilityandheapinternalsexplained/ Bradshaw, S. (n.d.). Stack Based Buffer Overflow Tutorial, part 1 Introduction InfoSec Institute. Retrieved November 25, 2014, from http://resources.infosecinstitute.com/stack basedbufferoverflowtutorialpart1—introduction/ Bradshaw, S. (n.d.). Stack Based Buffer Overflow Tutorial, part 1 Introduction InfoSec Institute. Retrieved November 25, 2014, from http://resources.infosecinstitute.com/stack basedbufferoverflowtutorialpart1—introduction/ Bradshaw, S. (n.d.). Stack Based Buffer Overflow Tutorial, part 2 Exploiting the stack overflow InfoSec Institute. Retrieved November 25, 2014, from http://resources.infosecinstitute.com/stackbasedbufferoverflowtutorialpart2— exploitingthestackoverflow/
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'