Communication Security: Web Based Services • Chapter 5  313

                    Buffer overflows are based on the way the C or C++ programming languages
                 work. Many function calls do not check to ensure that the buffer will be big
                 enough to hold the data copied to it. Programmers can use calls that do this check
                 to prevent overflows, but many do not.
                    Creating a buffer overflow attack requires that the hacker understand assembly
                 language as well as technical details about the OS to be able to write the replace-
                 ment code to the stack. However, the code for these attacks is often published so
                 that others, who have less technical knowledge, can use it. Some types of firewalls,
                 called stateful inspection firewalls, allow buffer overflow attacks through, whereas
                 application gateways (if properly configured) can filter out most overflow attacks.
                    Buffer overflows constitute one of the top flaws for exploitation on the
                 Internet today.A buffer overflow occurs when a particular operation/function
                 writes more data into a variable (which is actually just a place in memory) than
                 the variable was designed to hold.The result is that the data starts overwriting
                 other memory locations without the computer knowing those locations have been
                 tampered with.To make matters worse, most hardware architectures (such as Intel
                 and Sparc) use the stack (a place in memory for variable storage) to store function
                 return addresses.Thus, the problem is that a buffer overflow will overwrite these
                 return addresses, and the computer—not knowing any better—will still attempt to
                 use them. If the attacker is skilled enough to precisely control what values are used
                 to overwrite the return pointers, the attacker can control the computer’s next
                 operation(s).

                 Making Browsers and

                 E-mail Clients More Secure

                 There are several steps network administrators and users can take to make Web
                 browsers and e-mail clients more secure and protect against malicious code or
                 unauthorized use of information.These steps include the following:

                      ■  Restricting the use of programming languages
                      ■  Keeping security patches current
                      ■  Becoming aware of the function of cookies












                                                                              www.syngress.com