Unless you've deliberately disconnected yourself from the outside world, there's a good chance that your computer is online on a daily basis. When you are surfing the Internet, your machine communicates with thousands of routers and servers in the world.
The constant exchange of information over the Internet means it is open to threats and vulnerabilities. Hackers are getting better and better at penetrating systems nowadays.
One of the most common attacks is Session Hijacking. But before you learn how to protect yourself, it's a good idea to understand how your computer communicates with the world and the types of attacks out there.
The OSI Model
The Open Systems Interconnection Model, or more popularly known as OSI model, is a conceptual model that characterizes communications between systems regardless of hardware and software technology. Each layer serves a function and serves the layer above it.
The OSI Model was first introduced and developed by the International Organization for Standardization (ISO) in 1978. It ensures that even with rapidly improving technology, devices follow its standard processes allowing effective communication.
The Transmission Control Protocol/Internet Protocol or TCP/IP acts as a language between a computer and servers. It allows seamless communication between systems. TCP/IP ensures that data exchange is well established over the network. You can find it in the Transport Layer of the OSI Model.
Vulnerabilities in TCP/IP makes it susceptible to different attacks, one of which is Session Hijacking. Also known as Man in the Middle Attack, it focuses on intercepting legitimate communication between a computer and a server.
Most session hijacking focus on two pieces of information: SessionID and session sequence number. SessionID is a unique string of numbers assigned to your computer when it connects to a server. It allows the server to recognize your session while accessing a website. Every time you visit a site, it creates a new SessionID for you.
On the other hand, a session sequence number is used to makes sense of the data sent by the server to your computer. Your computer received information from the servers in chunks called data packets. The sequence number is used to organize and reassemble the data in your computer.
Typically, the SessionID and the session sequence number are not secured. Meaning, it may be sent to your computer in plain text. Some servers may employ encryption algorithms for added security layer.
Session hijacking happens when the hackers get SessionID by stealing or predicting the string sequence. Once they hack a session, it's easy for them to access information and websites with your accounts without needing to penetrating your registration and login. It fools the server by pretending to be your computer using the SessionID.
Some may kick you out of the connection. By then, the hackers will have the freedom to change your password and take control of your account on the website. This method is called an active session attack. A passive session hijacking happens when an attacker quietly monitors information exchange. The hacker remains unnoticed while looking for sensitive personal information over the network.
There are several ways a cybercriminal can penetrate your session over a network. Here are some typical examples.
During session fixation, an attacker sets-up his own SessionID. He then has to create a connection to the server using his SessionID. The attacker then sends a link to the victim, in the form of promotion or some other bait. Once redirected to the website, the system establishes a legitimate connection between the victim and the server. After the victim logs in, the attacker can steal the session using his SessionID.
Session Side Jacking
Session side jacking takes advantage of connections with weak security. Examples of which are public WiFi connections. Using sniffers like Wireshark, hackers scan connections for unencrypted SessionID or tokens. Since hackers can obtain these session tokens easily, hijacking becomes a matter of finding the right WiFi hotspot with connected users.
Cross-site scripting happens when vulnerabilities in the servers allow hackers to "inject" scripts in the website. When a victim visits a site, the scripts are activated. It will start tracking information including the SessionID.
Malware is one of the most common methods of hijacking. Seemingly innocent programs such as browser toolbars can track information on your computer. It can scan your cookies for your SessionID or your personal information. Malware may even open your computer to further vulnerabilities.
In itself, TCP/IP is entirely open to vulnerabilities due to its limitations. However, experts implement several security measures in different layers of the OSI Model. Below are a few more precautions you can take to avoid session hijacking.
Avoid using public WiFi network. As much as possible, opt for password protected connections. If connecting to a standard WiFi is needed, make sure to follow these [Insert link to Ultimate Guide to Public WiFi Security] tips to protect yourself.
Additionally, do not access your bank, shopping and other websites that use your personal information when you're not on your connection. It's better to register to a data plan instead.
Websites and Logging out
Make sure that the sites you are visiting are encrypting the connections. Check the URL if it starts with HTTPS. The "S" signifies secure connection. You can also install browser extensions such as HTTPS Everywhere that forces a website to use its secure link (if it exists).
Additionally, always log out of your accounts when using unsecured connections. Even if you're accessing the websites through your device, as long as there is an Internet connection, the SessionID may still be hacked.
Always keep your browser updated. Patches and updates are usually provided by developers to keep up with the evolving threats. Additionally, use ad blockers to protect yourself from possible malware attacks on favorite websites. Use Ghostery or similar extensions.
Antivirus and Anti-Malware
Right from the installation of your operating system, you should have reliable antivirus and anti-malware in place. Install regularly updated antivirus application such as Panda Security.
On the other hand, also install a robust anti-malware program like MalwareFox. Your antivirus alone is not enough of protection for your computer. MalwareFox provides real-time security, threat identification, scanning, and even anti-ransomware functions.
Hackers will tell you that Session Hijacking is a tested method of infiltrating connections and downloading information from victims. While technology is progressing, the browsing habits of users don't change much. Following the suggestions above will protect you from most common Session Hijacking. Installing the right security programs will shield your computer from more threats.