Jump to content

Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0


giotis
 Share

Recommended Posts

Το EMET είναι μια προσπάθεια της Microsοft να μετριάσει τις επιθέσεις μέσα από την εκμετάλλευση του κώδικα των εφαρμογών. Για να το καταφέρει αυτό χρησιμοποιεί ένα σύστημα που ανιχνεύει ασυνήθιστες κινήσεις των πιο διαδεδομένων εφαρμογών χωρίς να χρειάζεται κάποιου είδους αναβαθμίσεις. Με αυτόν τον τρόπο καθυστερεί την εκμετάλλευση των εφαρμογών για κακόβουλες επιθέσεις μέχρι να αναβαθμιστεί η εφαρμογή.

Αν και δεν ήταν αρκετά δημοφιλής πρόγραμμα η αυξημένη ζήτηση έπεισε την Microsoft και πλέον το λογισμικό έφτασε την έκδοση 3.0.

Σε αυτήν την έκδοση υπάρχουν βελτιστοποιήσεις σε ότι αφορά την παραμετροποίηση της εφαρμογής , την εγκατάστασή της μέσω Group Policy ή System Center Configuration Manager καθώς και στις αναφορές του λογισμικού.

Μπορείτε να διαβάσετε περισσότερα στο άρθρο του Technet blog και να κατεβάσετε την εφαρμογή από αυτόν το σύνδεσμο.

Μια σύντομη περιγραφή της λειτουργίας του EMET από το Download.microsoft.com

 

Overview


The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent
hackers from gaining access to your system.

Software vulnerabilities and
exploits have become an everyday part of life. Virtually every product has to
deal with them and consequently, users are faced with a stream of security
updates. For users who get attacked before the latest updates have been applied
or who get attacked before an update is even available, the results can be
devastating: malware, loss of PII, etc.

Security mitigation technologies
are designed to make it more difficult for an attacker to exploit
vulnerabilities in a given piece of software. EMET allows users to manage these
technologies on their system and provides several unique benefits:

1.
No source code needed: Until now, several of the available mitigations
(such as Data Execution Prevention) have required for an application to be
manually opted in and recompiled. EMET changes this by allowing a user to opt in
applications without recompilation. This is especially handy for deploying
mitigations on software that was written before the mitigations were available
and when source code is not available.

2. Highly configurable:
EMET provides a higher degree of granularity by allowing mitigations to be
individually applied on a per process basis. There is no need to enable an
entire product or suite of applications. This is helpful in situations where a
process is not compatible with a particular mitigation technology. When that
happens, a user can simply turn that mitigation off for that process.

3.
Helps harden legacy applications: It’s not uncommon to have a hard
dependency on old legacy software that cannot easily be rewritten and needs to
be phased out slowly. Unfortunately, this can easily pose a security risk as
legacy software is notorious for having security vulnerabilities. While the real
solution to this is migrating away from the legacy software, EMET can help
manage the risk while this is occurring by making it harder to hackers to
exploit vulnerabilities in the legacy software.

4. Ease of use:
The policy for system wide mitigations can be seen and configured with EMET's
graphical user interface. There is no need to locate up and decipher registry
keys or run platform dependent utilities. With EMET you can adjust setting with
a single consistent interface regardless of the underlying platform.

5.
Ease of deploy: EMET comes with built-in support for enterprise
deployment and configuration technologies. This enables administrators to use
Group Policy or System Center Configuration Manager to deploy, configure and
monitor EMET installations across the enterprise environment.

6.
Ongoing improvement: EMET is a living tool designed to be updated as new
mitigation technologies become available. This provides a chance for users to
try out and benefit from cutting edge mitigations. The release cycle for EMET is
also not tied to any product. EMET updates can be made dynamically as soon as
new mitigations are ready

The toolkit includes several pseudo mitigation
technologies aimed at disrupting current exploit techniques. These pseudo
mitigations are not robust enough to stop future exploit techniques, but can
help prevent users from being compromised by many of the exploits currently in
use. The mitigations are also designed so that they can be easily updated as
attackers start using new exploit techniques.

Link to comment
Share on other sites

 Share

×
×
  • Create New...