Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

DEP Down: Part 1

October 14, 2010

  • Blog
  • Archive
Today we continue our series of technical blogs with a blog about DEP (Data Execution Prevention). There are many good blogs and articles about DEP which go into great detail over the what, where, when and how’s of DEP and as such, I will only keep the introduction at a very minimum. Please follow the various links sprinkled throughout the blog for in-depth information about DEP, ROP and ASLR. Short Introduction on DEP Simply put, DEP was developed to protect against execution of code placed in memory meant to hold data such as heaps, stack, data sections, etc. Why is this a bad thing? Because most exploits rely on being able to do such a thing. We should mention right off the bat that there are two forms of DEP: hardware-based and software-based. Hardware-based DEP needs support from the CPU materialized by a so-called NX bit (non-executable bit). After AMD decided to include this functionality in its AMD64 family, Intel introduced a similar feature called Execute Disable Bit (XD) in x86 processors beginning with the Pentium 4 processors based on later iterations of the Prescott core. The NX bit specifically refers to bit number 63 (the most significant bit) of a 64-bit entry in Page Table Entries (PTE). If this bit is set to 0, then code can be executed from that page; if set to 1, code cannot be executed from that page. It should be noted that Physical Address Extension (PAE) page table format is required, due to x86's original 32-bit page table format having no room for the NX bit. To find out if your CPU supports DEP try the excellent program SecurAble. Support for hardware DEP was introduced in Windows XP SP2 and Windows Server 2003 SP1 and is present in all releases after. DEP applies to user-land processes causing them to terminate by throwing a memory access violation exception, as well as kernel drivers where upon detection will cause the system to BSOD with a code of 0xFC: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY. To see which processes are protected by DEP on Vista and above use Task Manager’s Process tab. On Windows XP, you need to use Process Explorer. In both cases the “Data Execution Prevention” box needs to be checked in the “View | Select Columns” menu. Software-Based DEP relies on code that performs validation checks instead and it has the obvious advantage of running on older CPUs while incurring a relative overhead compared to the hardware solution. In Windows however, software DEP is only used to validate SEH exception handler chains. For more details about how SEH validation is performed and to learn about the new SEHOP protection added in Vista and enabled by default on Windows 2008, please read this article. As most exploits rely on executing code from data memory, DEP should solve the problem, right? Well, not exactly… First, DEP is not always enforced even if the hardware and the OS support it. See this Microsoft Support Article for a description of the four DEP policy modes: AlwaysOn, AlwaysOff, OptIn, and OptOut. As the name suggests, if the policy is not set to AlwaysOn or OptOut, chances are that most 3rd-party applications will not be protected. In addition to those 4 modes, Microsoft implemented a mechanism called "Permanent DEP". On Vista (and newer), this "permanent" flag is automatically set for all executables that were linked by the vendor with the /NXCOMPAT linker option. To conclude our introduction on DEP, we’ve learned that while being a good defense against exploits, DEP is not perfect. In the next blog we will go into the details of how DEP can be defeated and one of the ways a security product with buffer overflow protection can still detect foul play. Blog by: Laurentiu Nicula Founding Software Engineer LNicula@eeye.com
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.