Module11 Session Hijacking
Module 11: Session Hijacking
Understand the various session hijacking techniques used to discover
network-level session management, authentication, authorization, and
cryptographic weaknesses and associated countermeasures. Hands-On Lab
Exercises: Over 4 hands-on exercises with real-life simulated t argets to build
skills on how to:
> Perform session hijacking using various tools
> Detect session hijacking
Key topics covered:
> Session Hijacking
> Types of Session Hijacking
> Spoofing
> Application-Level Session Hijacking
> Man-in-the-Browser Attack
> Client-side Attacks
> Session Replay Attacks
> Session Fixation Attack
> CRIME Attack
> Network Level Session Hijacking
> TCP/IP Hijacking
> Session Hijacking Tools
> Session Hijacking Detection Methods
> Session Hijacking Prevention Tools
Section 01: Session Hijacking Concepts
Session ID:
In computer science, a session identifier, session ID or session token is a piece of data that is used in network communications (often over HTTP) to identify a session, a series of related message exchanges. Session identifiers become necessary in cases where the communications infrastructure uses a stateless protocol such as HTTP.
Session hijacking:
In computer science, session hijacking, sometimes also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server.
Section 02: Session Hijacking Countermeasures
Countermeasures
Hypertext transfer protocol secure
Intrusion detection system (IDS):
An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations.
Hyptertext transfer protocol cookie:
HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser.
Security information and event management (SIEM):
Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes.
Internet protocol security (IPsec):
In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
Authentication header:
The Security Authentication Header (AH) was developed at the US Naval Research Laboratory in the early 1990s and is derived in part from previous IETF standards' work for authentication of the Simple Network Management Protocol (SNMP) version 2. Authentication Header (AH) is a member of the IPsec protocol suite. AH ensures connectionless integrity by using a hash function and a secret shared key in the AH algorithm. AH also guarantees the data origin by authenticating IP packets.
Encapsulation security payload (ESP):
Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. It provides origin authenticity through source authentication, data integrity through hash functions and confidentiality through encryption protection for IP packets.
Use HTTPS.
Use long and randomly generated session keys.
Use defense in depth.
Set the HttpOnly cookie.
Encrypt the data in transit between the user and the web server.
Regenerate session IDs upon new log ins for users.
Use firewalls.
0 Comments: