How to Enable ASLR (Address Space Layout Randomization)

In this quick tutorial, we’ll explain how to enable ASLR for added protection against security threats.

ASLR (Address Space Layout Randomization) is a security technique that was originally used on GNU/Linux systems. However, these days, it’s used by many operating systems as an additional form of protection against certain attacks.

What this technique does is randomise the location where system executables, libraries or memory stacks are loaded in the system memory.

Hackers often try to exploit systems by guessing the location of important data or executables. By randomising everything, it makes it much harder for a hacker to take control of the system or exploit data.

 

Before you get started

To successfully complete this tutorial, you will need the following:

 

How to Enable ASLR

 

First, click on the search bar and type “Virus and threat protection” (1), although “virus” will probably be enough for the system to begin displaying results.

From the results displayed, click on “Virus and threat protection” (2).

Screenshot of search results for Virus and threat protection on Windows
Search for Virus and threat protection to run the Windows Security console

You will then see the Windows Security console.

On the left-hand side, click on “App & browser control” (3).

Screenshot of Virus and threat protection screen on Windows
Click on “App & browser control”

Then, on the App & browser control screen, below Exploit protection” , click on “Exploit protection settings” (4).

Screenshot of Apps & browser control screen on Windows
Click on “Exploit protection settings”

On the next screen, you will see three settings related to ASLR which you can freely enable or disable:

  • Force randomisation for images (Mandatory ASLR) (5)
  • Randomise memory allocations (Bottom-up ASLR) (6): Used to randomise virtual memory allocations, including memory stacks, the Thread Environment Block (TEB) and the Process Environment Block (PEB).
  • High-entropy ASLR (7): This option notably increases the randomisation by adding more bits, thereby increasing security.

NOTE: Some apps may experience issues when you enable ASLR, so you may have to disable it to avoid problems.

Screenshot of Exploit protection settings screen
Select each type of ASLR

 

Summary

In this tutorial, we’ve shown how easy it is to enable ASLR on your Windows system. This technique randomises the memory location of key data and processes, thereby providing increased protection against cyberattacks.

This feature is available on both Microsoft Windows Client systems, such as Windows 10 or 11, and Windows Server, such as Windows Server 2022 and some earlier versions.

As you can see, it’s a really simple process, so there’s no excuse for not enabling it!

We also recommend that you check out our blog for other similar tutorials and articles.

Thanks for choosing Jotelulu!

Categories:Servers

Fill out the form and one of our Sales team will contact you soon.

growth@jotelulu.com  |  jotelulu.com 

You can unsubscribe from these communications at any time. For more information,  check our Privacy Policy.

 

We make the difficult easy

Existing Disaster Recovery tools often require advanced knowledge to manage, demanding expertise that is difficult to acquire.

Jotelulu’s Disaster Recovery aims to make the difficult easy and offers a very simple deployment based on a three-step configuration:

Origin (Primary Site)
Determine the origin location of the subscription on which the Disaster Recovery service will be established.

Destination (Recovery Site)
Set the destination location (availability zone) where you want the Recovery Site to be deployed.

Replication characteristics
Specify the data related to the number of copies to be kept and the frequency at which the replication will be performed.