• Choose a category
• All
• Classic-Fiction

■ Session hijacking attacks are simple to launch.

■ Hijacking is dangerous because of the information that can be gathered during the attack.

Describe How You Would Prevent Session Hijacking

To defend against session hijack attacks, a network should employ several defenses. The most effective protection is encryption, such as Internet Protocol Security (IPSec). This also defends against any other attack vectors that depend on sniffing. Attackers may be able to passively monitor your connection, but they won't be able to interpret the encrypted data. Other countermeasures include using encrypted applications such as Secure Shell (SSH, an encrypted Telnet) and Secure Sockets Layer (SSL, for HTTPS traffic).

You can help prevent session hijacking by reducing the potential methods of gaining access to your network-for example, by eliminating remote access to internal systems. If the network has remote users who need to connect to carry out their duties, then use virtual private networks (VPNs) that have been secured with tunneling protocols and encryption (Layer 3 Tunneling Protocol [L3TP]/Point-to-Point Tunneling Protocol [PPTP] and IPSec).

The use of multiple safety nets is always the best countermeasure to any potential threat. Employing any one countermeasure may not be enough, but using them together to secure your enterprise will make the attack success rate minimal for anyone but the most professional and dedicated attacker. The following is a checklist of countermeasures that should be employed to prevent session hijacking:

■ Use encryption.

■ Use a secure protocol.

■ Limit incoming connections.

■ Minimize remote access.

■ Have strong authentication.

■ Educate your employees.

■ Maintain different username and passwords for different accounts.

Exam Essentials

Know the purpose of a DoS attack. The purpose of a DoS attack is to send so much traffic to a target system that users are prevented from accessing the system.

Understand the difference between DoS and DDoS. A Distributed Denial of Service (DDoS) attack is a coordinated attack by many systems sent to one target, whereas DoS involves a single system attacking the target.

Know how to prevent DoS attacks. Network traffic filtering, IDS, and auditing tools are all ways to detect and prevent DoS attacks.

Know the two phases of DDoS. During the first phase, systems are compromised and DDoS tools are installed, making the systems zombies or slaves; this is called the intrusion phase. The second phase involves launching an attack against the victim system.

Know what a zombie or slave is in a DDoS attack. A zombie or slave is a system that has been compromised by a hacker and can be commanded to participate in the sending of a DDoS attack to a target system.

Know what a master is in a DDoS attack. The master is the controlling system in a DDoS attack scenario. It tells the zombies when to launch the attack.

Understand session hijacking and how it occurs. Session hijacking involves taking over another user's session after they have authenticated in order to gain access to a system.

Understand the difference between spoofing and hijacking. Spoofing involves artificial identification of a packets' source address, where that address is often deduced from sniffed network traffic, where hijacking refers to a compromised session-normally one in which the attacker takes the user offline and uses their session.

Understand the difference between active and passive session hijacking. Active session hijacking is the more common of the two types and involves taking over another user's session and desynchronizing the valid user's connection. Passive hijacking monitors the session and allows a hacker to gather confidential information via sniffing packets.

Be familiar with some of the tools used to perform session hijacking. Juggernaut, Hunt, TTYWatcher, IP watcher, T-Sight, TCP reset utility are all session hijacking tools.

Understand the importance of sequence numbers in a session hijacking attack. It's necessary to either