Featured:
Allergies
Tech Know
Grilling Guide
eHow Now Blog

What Is Session Hijacking?

What Is Session Hijacking? thumbnail
Session hijacking allows unauthorized access to a Web server.

Session hijacking refers to exploiting, or taking over, a valid TCP/IP communication session between computers without the knowledge or consent of the computers’ owners. TCP/IP is an abbreviation for Transmission Control Protocol over Internet Protocol, the most common protocol, or set of formal rules, for connecting computers on the Internet.

  1. Session Token

    • Session hijacking typically involves exploiting the mechanism that controls the connection between a Web server and a Web browser, known as a session token. The session token is usually a string of characters a Web server sends to a client Web browser once the client has been authenticated. By predicting or stealing the session token, an attacker can gain unauthorized access to the Web server and enjoy the same access to resources as the compromised user. One method of compromising the session token involves running malicious programs -- in the form of cross-site scripts, JavaScript codes or Trojan horses -- on the client computer.

    Threat

    • Session hijacking relies on inherent weaknesses in the design of the TCP/IP protocol and can be performed on any computer running TCP/IP, regardless of its hardware architecture or operating system. Session hijacking cannot be prevented by complex passwords, multifactor authentication -- in which more than one form of authentication is implemented to verify transactions -- or software patches. Session hijacking compromises confidentiality, integrity and availability -- known to the network security community as the "CIA triad" -- and, as such, is a highly dangerous form of attack.

    Software Tools

    • Session hijacking can be performed without software tools, but many attackers choose software tools simply because of their availability and ease of use. Tools such as Juggernaut, on the Linux operating system; Hunt, on the Unix operating system; and T-Sight, on the Windows operating system, allow attackers to “sniff” network traffic and scan for open server ports in order to identify vulnerabilities.

    Likely Targets

    • Large networks, with large numbers of open communication sessions, are the most likely target for session hijacking attacks. TCP/IP, for example, requires authentication only at the time of establishing the connection -- so an established connection can easily be stolen -- while other network protocols, such as FTP and Telnet, do not implement any form of authentication at all. Indeed, FTP and Telnet actually transmit data in a completely unencrypted form, known as cleartext, which can be intercepted and read by anyone monitoring the network connection.

Related Searches:

References

  • Photo Credit Hemera Technologies/Photos.com/Getty Images

Comments

Related Ads

thumbnail
Featured