Enhanced Mitigation Experience Toolkit
Even though the best practice is to run minimal server roles and third-party applications on a server, sometimes it is required to run some non-Microsoft, non-recommended, and legacy services on an enterprise server. This may be due to some of the business and technical policies in your organization. This brings another type of threat to your organization. Microsoft has a free tool called Enhanced Mitigation Experience Toolkit (EMET), which can provide another layer of protection for your system and applications. EMET provides multiple mitigation technologies such as:
- Structured Exception Handler Overwrite Protection (SEHOP)
- Data Execution Prevention (DEP)
- Mandatory Address Space Layout Randomization (ASLR)
- Certificate Trust (Pinning)
The details of these technologies can be found at http://blogs.technet.com/b/srd/archive/2009/02/02/preventing-the-exploitation-of-seh-overwrites-with-sehop.aspx and http://blogs.technet.com/b/srd/archive/2013/05/08/emet-4...