What Is Session Hijacking?
In real life, for example, you go to the market to buy vegetables. After you pay the money, you ask to do something else and come later to pick up the vegetables. If at this time a stranger asks to take the vegetables away, the person selling the vegetables Do you give dishes to strangers? !! Of course, this is just a metaphor, but this is exactly the metaphor of conversation hijacking. The so-called session is a communication between two hosts.
- For example, you Telnet to a certain station
- Session hijacking uses TCP / IP working principles to design attacks. TCP uses an end-to-end connection, that is, TCP uses (source IP, source TCP
- There are two mechanisms for dealing with session hijacking: prevention and detection. Preventive measures include restricting incoming connections and setting your network to reject packets sent from the Internet by impersonating local addresses.
- Encryption is also helpful. If you must allow external connections from trusted hosts, you can use Kerberos or IPsec tools. Using more secure protocols, FTP and Telnet protocols are the most vulnerable. SSH is a good alternative. SSH establishes an encrypted channel between local and remote hosts. At the same time, some websites also use Https instead of the Http protocol. Https establishes an encrypted channel between the local and remote hosts. Detection can be improved by using IDS or IPS systems. The use of protocols such as switches, SSH, and a more random initial sequence number will make session hijacking more difficult. In addition, network administrators should not be paralyzed and have a sense of security. Although session hijacking is not as easy as it used to be, session hijacking is still a potential threat. Cyber attacks that allow someone to connect to one of your systems as an identified person need to be dealt with seriously. [3]