Buffer overflows are one of the flashiest
forms of hacking. Mostly because they are the root of a lot
of the higher profile attacks that you see in the movies. However, real buffer overflow attacks require
a great deal of effort to find exploitable servers and create exploits. A buffer is a temporary data storage area
that has a limited space allocated for any single task. To work with this design, programs should
be written with error checking. Error checking is the process of verifying
that buffers will receive the right type and the right amount of data. Failure to validate correct error checking
procedures could result in weak security. Picture a bucket. A bucket can only hold a certain amount of
water. As the bucket starts to fill, water begins
to pour over the sides and out onto whatever surrounds the bucket, getting everything wet. Similarly, a buffer overflow occurs when input
given to an application exceeds the allotted buffer memory. The input is still accepted and it overwrites
other, critical data. The input could either be direct interaction
or receiving a data file. It could also be a remote request that is
supported on an open network service port. Basically, any time data has to be processed,
there has to be enough memory for the processing to happen and proper instructions need to
be present to handle the processing. Buffer overflows could be used to crash or
cause erratic behavior in a program, provide incorrect results, and to create security
breaches that could result in data being misinterpreted as instructions and executed. Because of infrequent patching, critical SCADA
systems have been targeted by hackers utilizing buffer overflows. Since SCADA systems are often found in critical
manufacturing, this could be quite harmful to our country’s critical infrastructure. The simplest way to prevent buffer overflow
is not to allow more data to come in once the buffer is full. Boundary protection can stop the data after
a buffer fills. However, just saying that oversimplifies the
process. Stopping buffer overflows requires near constant
monitoring as systems are updated and new services are added. Moreover, some argue that buffer overflows
can never be prevented. By their nature, some programming languages
are limited in handling the buffer and can lead to risk. For example, C programming (C and C++) is
especially vulnerable to buffer overflows. C programming has functions that do not effectively
check for boundaries. Buffer overflows are difficult to monitor
and can have a huge impact on software and web applications. Being proactive about buffer overflow prevention
and patching outdated systems infrastructure can go a long way to keep services protected.
