Question

Discuss which of the 5 steps of session hijacking you believe represents the most difficult technical challenge and explain the methods or approaches you might employ to overcome the challenges.

Answer 1

ANSWERS :

ANS 1. The 5 steps of session hijacking :

1. Using Sniffing in Active Session :

The person attacking employs a sniffing tool wich can be NetworkMiner , Wireshark etc in between the transmission of data so as to capture the data and gather the information regarding the session.

2. Monitoring the Traffic :

The person attacking then monitors the traffic for its benifits i.e. finding some vulnerable protocols or some packets that are required for authentication to get access.

3. Extracting the session ID :

The person attacking now tries to get the session ID either by examining the data they had captured or by predcting the sequence number. This is the most critical step , if the attacker guess the session number correctly they can get access otherwise not.

4. Making the attacked system offline :

In this step since the attacker has the access to the sequence number they tries to make the system offline , this can be done by DOS attacks. When the system is offline the attack is made as if it would have been online the transmission would have cntinued and the attacker would not have been able to access the system.

5. Taking over the Session and then maintaining the connection :

This is the last step that occurs in session hijacking , in this the attacker has the complete control over the communication session. They disguise there IP address and sends request to the srever via this and if it accepts the session hijackig has successfully taken place.

-- The step which represents the most difficult technical challenge is : Extracting the Session ID

This is because this steps include finding out the Session ID as well as the sequence number that involves very technicalities as one needs to find the perfect ID by just examining the network and there is little or no scope of error , as one will not be able to proceed further if this steps fails.

The methods or approaches to overcome the challenges :

1. Intorduction of end to end encryption using SSL so as the attacker cannot get access to the Sequence number or session ID.

2. The use of VPN can secure the traffic as well as the whole session.

3. Employing of Session ID monitors that will monitor the session ID and tell if anyone unauthorised is using it.

  

4. Intoduction of automatic log offs when a session ends, and there needs to be re authentication each time.

5. Deleting all the cookies especially session cookies from the client systems.