Network security hardening with EMET (part 2)

Today it’s time to show the installation of EMET (Enchanced Mitigation Experience Toolkit) on a standalone computer.

Helps raise the bar against attackers

EMET helps protect against new and undiscovered threats even before they are formally addressed through security updates or antimalware software. EMET includes 12 security mitigations that complement other defense in-depth security measures, such as Windows Defender and antivirus software. EMET installs with default protection profiles, which are XML files that contain preconfigured settings for common Microsoft and third-party applications.

We’re using EMET 4.1 update 1 for this installation. The homepage for EMET is found here, this is where you start and download the latest version, at the moment this is version 4.1 update 1.

After downloading fire up the ‘EMET Setup.msi’, you’ll get a window with the setup wizard

Read everything here and after you’re ready to continue, click on ‘Next >’

Define the installation location and if you’re ready again, click on ‘Next >’ again.

Read the License Agreement carefully and if you agree with them, check the ‘I Agree’ option and hit ‘Next >’.

The installation is ready to go, you’ll need to confirm the start of the installation by clicking on ‘Next >’ once more.

The installation will start. And will run automaticly the EMET Configuration Wizard.

As we install this on a fresh computer without settings, we choose ‘Use Recommended Settings’ and click on ‘Finish’.

After that the installation is finished and we can close the installer.

The installation is complete and you are able to open the ‘EMET GUI’ from the Start Menu.

In this GUI you see that for example Google Chrome is not running under the EMET and from here you can configure the protection. Rightclick on ‘chrome ā€“ Google Chrome’ and select ‘Configure Process…’

A new window will open and chrome.exe is added with all mitigations turned on. After you restart Google Chrome the mitigation rules will work. After that you’ll find out if you visit a website which requires Shockwave Flash to play a video or something, you’ll get:

But this is a known issue and also descibed in part 1 of this series of posts, to fix this disable for chrome.exe the SEHOP mitigation.

This way you can add applications and set the mitigation rules, you can come to this page with settings if you click in the GUI home on the Apps button in the ribbon, or press CTRL+SHIFT+A.

If you click the Trust button, the Certificate Trust Configuration will open.

By default you’ll see some social media websites are preconfigured. But note, this feature is only available for Internet Explorer when run in Desktop mode. It is not available in the Modern Internet Explorer app on Windows 8. Here you can add websites and with the ‘Pinning Rules’ you add the certification verify rules and expiration date and a few other rules. For example you can put here the websites of for online bank accounting.

We’ve setup a basic security for now. Add the applications you want protected to EMET Apps if they are not added by default.

EMET mitigations work at a very low level in the operating system, and some kinds of software that perform similar low-level operations might have compatibility issues when they are configured to be protected by using EMET.

Additionally, EMET is intended to work with desktop applications, and you should protect only those applications that receive or handle untrusted data. System and network services are also out of scope for EMET, and although it is technically possible to protect them by using EMET, we do not advise you to do this.

The following is a list of specific products that have shown compatibility issues with the mitigations that are offered by EMET. You will have to disable specific incompatible mitigations if you want to protect the product by using EMET. Be aware that the list takes into consideration default settings for the latest version of the product. Compatibility issues may be introduced when you install certain add-ins or additional components to the standard software.

More info can be found on EMET mitigations guidelines.