Data Execution Prevention

05 April,2013 by Jack Vamvas

Data Excecution Protection (DEP)  is an OS security feature  restricting code execution from a non-executable memory region. DEP attempts to block hidden code exploits , such as buffer overflows.  An interesting side-effect of  enabling DEP is  unforeseen errors in  executables.

 Managing Data Execution Prevention should be part of wider policy on Database Security Countermeasures against hacker attacks

Access_violation_error

Microsoft Windows utilises DEP  using the  XD (Execute Disabled) or NX(No Execute) versions . These features allow the processor to indicate whether the data in a given location can be executable or not.  NX is the AMD processors implementation XD is Intels.

My general approach for database servers is to enable DEP and maintain exceptions. This approach causes problem occasionally , if upgrading from a non DEP enabled OS to a DEP enabled.  Testing applications against DEP is  now part of the standard checklist for upgrades

An example ,is this error message of a Access database access and startup violation error on a Windows 2008 DEP enabled  OS. From the error message it’s difficult to diagnose the root cause, but disabling DEP stopped the error and the program was able to run as expected.

Data execution protection

Read More

Powershell sql server security audit - SQL Server DBA

SQL Server Security Policy - SQL Server DBA


Author: Jack Vamvas (http://www.sqlserver-dba.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on Data Execution Prevention


sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer