Manualshelf

Operation Manual

ManualsBrandsOutpost Firewall ManualsFirewallVersie 4.0
919293949596979899100
Appendix C: Penetration Techniques
Appendix C: Penetration Techniques
96
Outpost Firewall Pro allows to control the following actions:
Components injection
Windows operating system by design enables installing system interceptors (hooks)
through which foreign code can be injected into other processes. Usually this technique is
used to perform common, legitimate actions, for example, switching the keyboard layout or
launching a PDF file within the web browser window. However, it can be likewise used by
malicious programs to embed malicious code and thus hijack the host application. An
example of leak test using such technique to stage a simulated attack is a PC Audit
program (
http://www.pcinternetpatrol.com/).
Outpost Firewall Pro controls the installation of a hook interceptor in a process's address
space. This is implemented via the interception of functions that are typically used by
malicious processes (Trojans, spyware, viruses, worms etc.) to implant their code into
legitimate processes (i.e. Internet Explorer or Firefox). The behavior of a DLL file
invoking such functions is considered suspicious and triggers legitimacy verification.
Control over another application
DDE technology is used to control applications. Most famous browsers are DDE servers
and can be used by malicious programs to transfer private information into the network.
One example of this technique is Surfer leak test
(
http://www.firewallleaktester.com/leaktest15.htm). ZABypass is another example of a
leak test using this method.
With Outpost Firewall Pro, every attempt to use the DDE intercommunication is monitored
with no exclusion, whether the process is open or not. DDE inter process communication
control enables Outpost Firewall Pro to control the methods used by applications to get
control over the legitimate processes. It prevents malware from hijacking the legitimate
program and checks whether such DDE-level interactivity is allowed to be performed upon
the network-enabled applications. In case such attempt is detected, it triggers legitimacy
verification.
Application window control
Windows allows applications to exchange window messages between processes. Malicious
processes can get control over other network-enabled applications sending them window
messages and imitating user input from keyboard and mouse clicks. The example of using
this technique is Breakout leaktest (
http://www.firewallleaktester.com/leaktest16.htm).