       
|
|
|
 |
|
    |
|
|
|
|
|
  |
|
|
|
|
|
  |
|
|
|
|
|
  |
|
|
|
|
|
 |
|
|
|
|
|
  |
|
|
|
 |
 |
| Products:
SecureNT | SecureEXE | Free
utilities
| Download
Announcing SecureStack v1.0
A buffer overflow attack occurs when a hacker overflows an input buffer on the execution stack with more data than the application was designed to accept. Buffer overflow attacks exploit the lack of bounds checking on the size of input being stored in a buffer. The attack data is usually composed of three elements:
1. Arbitrary strings to achieve the buffer overflow: An attacker, through trial and error, determines the right amount of data necessary to generate an overflow condition.
In short a buffer overflow allows the attacker to take full control of your system. Buffer overflow attacks continue to exploit security vulnerabilities in corporate networks because of the “patch” paradigm most network administrators follow to find remedies to existing system vulnerabilities. SecureStack on the other hand protects data stored in memory (data segments and stack) and detects when someone is trying to execute unauthorized code. The technique is not new but until recently the performance overload imposed made it unusable. If SecureStack is a reality today it is due to the R&D efforts of the PaX team who conceived a technique that took advantage of a specific feature of Pentium class processors. Full details of their work as well as a solution for Linux can be found on their website at http://pageexec.virtualave.net/. How does SecureStack work? SecureStack offers protection from all buffer overflow attacks that try to inject and execute arbitrary code on your system. SecureStack flags data sections as non-executable, and it detects and prevents any attempt to run illegitimate code, thus making it impossible for attackers to gain control of your system. What is SecureStack? SecureStack consists of a kernel mode driver for Windows NT/2000 (Intel). The driver ensures that data stored in memory cannot be executed by smashing the stack and is application independent. This means that once Secure Stack is installed your system will be protected. SecureStack Performance Overhead
In our tests SecureStack performed exceptionally well
in a Windows NT4 environment, with a performance overload of 5% on average with peaks up to 10%.
SecureStack also works on Windows 2000 but due to the Windows 2000 memory
management the performance overload is too high and impractical for
production servers. We are confident that we will soon release a new version to overcome the performance issues under Windows 2000.
Self-modifying code (Trampolines) Software that uses self-modified code, and/or software that use special types of trampolines generated on the fly while running is not compatible with SecureStack. We have found that there are a few GUI applications that use trampolines generated on the fly which to SecureStack can look just like a buffer overflow. SecureStack was designed to protect server side applications and none of the applications we tested used trampolines. SecureStack exists in two versions:
Free Version: Detection only
Detection: SecureStack detects a buffer overflow and logs it to the event log (Event ID 24576). After detection we strongly recommend stopping and restarting the server application. Protection: When a buffer overflow is detected SecureStack kills the process. This is the only safe solution. Summary:
See also:
Click here to download SecureStack Free Version. For the professional edition please contact our sales team at sales@securewave.com or call +352 265 364 260. For any technical questions please contact support@securewave.com
|
|
