Session hijacking

• It is a type of cyberattack where an unauthorized individual gains access to a legitimate user's web session
• It is also known as session fixation or session theft
• In a web session, a user logs into a web application or website and is assigned a unique session identifier, often in the form of a session cookie.
• This identifier is used to authenticate and track the user's interactions with the site as they navigate through various pages or perform actions.
• Session hijacking occurs when an attacker manages to steal or take control of the user's session identifier, effectively impersonating the legitimate user and gaining unauthorized access to their account or sensitive information.
• This can lead to various malicious activities.

IP spoofing

• The most common method of session hijacking is called IP spoofing
• IP spoofing occurs when an attacker uses source-routed IP packets to insert commands into an active communication between two nodes on a network and disguise itself as one of the authenticated users.

Defending session hijack

• To defend a network with session hijacking, a defender has to implement both security measures at Application level and Network level.
• This includes using secure session management techniques, secure cookies, and network security measures like using secure protocols (e.g., HTTPS) and implementing firewalls.
• Network level hijacks can be prevented by Ciphering the packets so that the hijacker cannot decipher the packet headers, to obtain any information which will aid in spoofing.
• This encryption can be provided by using protocols such as IPSEC, SSL, SSH etc.