Exam CISSP topic 1 question 49 discussion

Answer C Address space layout randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.

It is nothing other than C. What this specifically does is randomize addresses so you can't figure them out. Its been a while since I've done this but in a typical SIMPLE buffer overflow, the process is something like this: 1. Find a place to input something, send it a ton of data to see what happens i.e. plugging thousands of characters into something that expects maybe 20 max. 2. App crashes, you now have to figure out where it crashes 3. Use metasploit or something to generate a list of non-repeat characters, it crashes on a specific area of that so you know it crashed on say character 1687. That likely means you've found a spot to input some type of shellcode into the heap or stack. There's a lot of other steps and not much room, but essentially just think of ASLR as randomizing that location where you're trying to put your shellcode, since it isn't consistent, it'll never take because you haven't put it on the exact line its supposed to be on.

The MOST efficient option used to prevent buffer overflow attacks is option B: Process isolation. Buffer overflow attacks occur when a program writes data beyond the bounds of a buffer, leading to potential memory corruption and unauthorized access to the system. Process isolation is an effective defense mechanism against such attacks. By isolating processes from each other, each process is allocated its own memory space, and the buffer overflow in one process does not affect the memory of other processes. This prevents the attacker from exploiting the vulnerability in one process to gain unauthorized access to other parts of the system.

Am surprised ASLR has no mention in the official study guide