Execute Disable Bit and Enterprise Security

Posted on 22nd May 2010 @ 1:47 AM

Execute Disable Bit and Enterprise Security

The challenge

Malicious buffer overflow attacks pose a significant security threat to businesses, increasing IT resource demands, and in some cases destroying digital assets. In a typical attack, a malicious worm creates a flood of code that overwhelms the processor, allowing the worm to propagate itself to the network, and to other computers. These attacks cost businesses precious productivity time, which can equal significant financial loss.

The solution

Intel's Execute Disable Bit¹ functionality can help prevent certain classes of malicious buffer overflow attacks when combined with a supporting operating system.

Execute Disable Bit allows the processor to classify areas in memory by where application code can execute and where it cannot. When a malicious worm attempts to insert code in the buffer, the processor disables code execution, preventing damage and worm propagation.

Replacing older computers with Execute Disable Bit-enabled systems can halt worm attacks, reducing the need for virus-related repairs. In addition, Execute Disable Bit may eliminate the need for software patches aimed at buffer overflow attacks. By combining Execute Disable Bit with anti-virus, firewall, spyware removal, e-mail filtering software, and other network security measures, IT managers can free IT resources for other initiatives.

Enterprise infrastructure security

The ongoing challenge of balancing security needs with resource limitations is daunting. On one hand, security threats are ever more frequent, sophisticated, and unpredictable while budget constraints mean IT can't always implement a "perfect world" scenario.

Security appliances based on Intel® architecture help IT organizations in large and small businesses safeguard corporate data. By collaborating with software security vendors and enabling security features in networking devices, Intel can help you better protect your enterprise infrastructure.

Wireless and WLAN security

The flexibility and mobility that wireless local area network (WLAN) technology offers can create significant competitive advantages. But because WLAN technology is based on radio wave transmissions, it has provoked legitimate concerns about the security of wireless networks.

By familiarizing yourself with the various standards available for maintaining WLAN security, understanding some of the issues involved in security breaches, and applying security best practices in your organization, you can ensure that your data is safe and secure.

¹ Enabling Execute Disable Bit functionality requires a PC with a processor with Execute Disable Bit capability and a supporting operating system. Check with your PC manufacturer on whether your system delivers Execute Disable Bit functionality.