Has your session been hijacked? - That Computer Engineer


Learn | Teach | Explore

Thursday, July 5, 2018

Has your session been hijacked?

The term is called session hijacking. Before diving into the procedure, let us start with the introductory part.

What is a session? 

Before introducing what is session hijacking, let us learn what a session is? A session is a period of time under which a client and server are connected and authenticated to transfer data. It can be related to session similar in online money transaction where you have to enter your pin within a limited time, failing which you will have to request for a new session.

session hijacking hacking spoofing cyber security protection breaking inNow, you can understand the danger a session hijack can cause. In case of money transaction, if some third party gets hold of your session with the bank server, then he can do anything he wants to do with that time and information.  He can steal information, issue commands and enable some transactions. Worry not, bank infrastructure is too secured to be attacked by such simple hijacking. In fact, large companies, organizations, and corporations are spending a large amount of money just to make sure that their data and property remain secure.

Is it the same as a disguise?

A better term for disguise will be spoofing. No, it is not the same as spoofing. In hijacking, the attacker takes control of the active session that has already been created by the authentic user with the server. In spoofing, it is all about pretending to be someone else, not taking control of the session.

What are the basic steps used by a hacker for session hijacking?

1. The first step is all about looking at the traffic between the two parties. All about gathering information.

2. Observe the flow of traffic. Analyze the difference flags, the sequence number of packets and all the necessary information that can help an attacker to carry out the attack.

3. I love this third step. It involves breaking the connection between two parties.

4. An attacker may predict the session ID (like a secret key shared between two parties) and ultimately may take over the session.

5. Now the session is under control of the attacker, he can inject his own commands or perform his actions.

Pretty dangerous huh! I get chills too.

What cybersecurity organizations do to prevent such session hijacking?

1. Encryption is the key. The best thing to do is to encrypt all the information involved. There are a variety of algorithms like SHA, DSA, AES, etc that can be used to encrypt the information. Encryption has been employed already. Just like HTTPS over HTTP.

2. Deleting browsing information, cookies and history logs can be beneficial too.

3. Use of SSL and IPsec provides protection against hijacking too.

4. Kerberos which is a strong authentication system for client/server can provide protection against hijacking too. It involves some ticket generation system for authentication.

5. IPS and IDS can help in detecting anomalies which can be the indicator of potential hijacking attacks.

Session hijacking

No comments:

Post a Comment