Limited-time offer! Save up to 50% Off | Solutions starting at $6 each  

CSI2102 - Information Security: Assignment

Added on - 04 Mar 2020

 CSI2102 - Information Security assignment The below document discusses the hacking of the network. It also discusses how an attacker uses a sniffer to observe the communication between two devices and collects the transmitted data.

Trusted by 2+ million users,
1000+ happy students everyday
Showing pages 1 to 4 of 17 pages
Question 1Session HackingTCP session hacking is of the security attack in a protected network of the user. Thecommon session hacking methods is called as IP spoofing. Here the attacker uses the sourcerouted IP packets which is used to insert the commands in the communication between twonodes in a network. The IP distinguishes itself as an authenticated user. This attack is mainly dueto the lack of authentication. Because the authentication is done only one time at the starting ofthe TCP session (Asif & Tripathi, 2012). Man in the middle attack is another type of sessionhacking in which the attacker uses a sniffer to observe the communication between two devicesand collects the transmitted data.Performance of the attackSession hacking can be done in different ways.By using packet sniffersCross site scriptingSpoofing of IPBlind attackBy using packet sniffersHere the attacker captures the victim's session ID and access the server through the packer sniffer(Bharti, 2013).1
Cross site scriptingHere the attacker captures the session ID of the victim through the XSS attack. Java scriptis used in the XSS attack. Then the crafted link with malicious script is send to the attacker,when the victim clicks the java script will run and complete the instructions which is given in themalicious code by the attacker (D, 2017).Spoofing of IPThis spoofing technique is unauthorized one which is used to access the IP address of thecomputer from the through the trusted host. When this technique is implemented the attacker willaccess the IP address of the client and it will be injected to the spoofed packets and it is used inthe TCP session to fool the server and it will communicate with the victim (Guides, Tools & X,2017).Blind attackIf the attacker can’t sniff the packets then he will guess the sequence number which isexpected by the server. Hence the brute force combination will be tried for the sequence number.2
MitigationTo defend the network from session hacking, the network administrator needs toimplement the security measures in the network and application level. These network levelattacks can be prevented by ciphering the packets. Hence the attacker cannot decipher the packetto get the confidential information (KumarBharti & Chaudhary, 2013). The packets can beencrypted by the protocols like IPSEC, SSH and SSL. The IPSEC protocol have the ability toencrypt the packet with some shared key between the two members. This IPsec can be run in twomodes, Transport and tunnel. In transport mode the data’s are sent in an encrypted packet file. Intunnel mode the header and data’s of the packet is encrypted and it is more restrictive. Thissession hacking is one of the serious threat which mainly focus the web application andnetworks.To prevent the session Hijacking by follows the below steps.The web applications can be use the TLS/SSL to transfer the sensitive data.The SSL/TLS encrypting the data so it difficult for hacker.Must be use the very long random numbers as session key.Web applications also use secondary checks to increase the security.Users must be log out the web applications.3
You’re reading a preview
Preview Documents

To View Complete Document

Click the button to download
Subscribe to our plans

Download This Document

In the end conclusion the network from session hacking, the network administrator needs to implement security measures in the network and application level. These network-level attacks can be prevented by ciphering the packets.