Preventing Session Hijacking


To defend against session hijack attacks, a network should employ several defenses. The most effective protection is encryption, such as Internet Protocol Security (IPSec). This also defends against any other attack vectors that depend on sniffing. Attackers may be able to passively monitor your connection, but they won't be able to interpret the encrypted data. Other countermeasures include using encrypted applications such as Secure Shell (SSH, an encrypted telnet) and Secure Sockets Layer (SSL, for HTTPS traffic).
You can help prevent session hijacking by reducing the potential methods of gaining access to your network—for example, by eliminating remote access to internal systems. If the network has remote users who need to connect to carry out their duties, then use virtual private networks (VPNs) that have been secured with tunneling protocols and encryption (Layer 3 Tunneling Protocol [L3TP]/Point-to-Point Tunneling Protocol [PPTP] and IPSec).
The use of multiple safety nets is always the best countermeasure to any potential threat. Employing any one countermeasure may not be enough, but using them together to secure your enterprise will make the attack success rate minimal for anyone but the most professional and dedicated attacker. The following is a checklist of countermeasures that should be employed to prevent session hijacking:
  • Use encryption.
  • Use a secure protocol.
  • Limit incoming connections.
  • Minimize remote access.
  • Have strong authentication.
  • Educate your employees.
  • Maintain different username and passwords for different accounts.
  • Use Ethernet switches rather than hubs to prevent session hijacking attacks.

7 comments:

  1. Career in ethical hacking is safest and most in demand. The entire world is now online and due to advancement in technology which also has lead to increase in cyber crimes.Role of Ethical Hackers is to prevent cyber- crimes. The demand for them is highest as very few Ethical Hackers available. Earlier ethical hacking is limited to the IT sector, now as all companies/organizations create their online presence, they require Cyber Security. Ethical hacking Jobs are available with both government and private organisations.If you want to join Indian cyber army and work with them for government,police agencies for that clear the Indian cyber army exam or get ethical hacking training from them.Indian cyber army also started cyber crime helpline number for those who become cyber victims.Visit the official website for more information.

    ReplyDelete
  2. This concept is a good way to enhance the knowledge.thanks for sharing. please keep it up. Kislay Chaudhary session at CDTS – “Investigation and Detection of Crime”

    ReplyDelete
  3. Nice article thanks for given this information. I hope it useful to many People.
    Ethical Hacking Training in Delhi

    ReplyDelete
  4. I like your post. Indian Cyber Army credibility in Ethical hacking training & Cybercrime investigation training

    ReplyDelete
  5. Thanks for your article, please update your blog regularly. for more information go through this link: CEH Training In Hyderabad

    ReplyDelete

Popular Posts