Challenges and Approaches to Overcome Session Hijacking and Intrusion Detection Systems
Verified
Added on 2023/06/14
|4
|603
|263
AI Summary
This article discusses the challenges of session hijacking, particularly the difficulty of overcoming sniffing, and the approaches to address them, such as using encrypted communications. It also compares the strengths and weaknesses of signature-based and anomaly-based intrusion detection systems.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Network Penetrating Testing
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Question 1 Among all the steps of the session hijacking process there is one step which is the most difficult technical challenge for the organizations. Sniffing the traffic between the target computer and the server is the step of session hijacking process which has proved the most challenging and difficult to overcome. Sniffing is defined as the procedure of capturing and monitoring the data packets which are passing via the given network.Sniffers are generally used by the network administrator in order to monitor and troubleshoot the traffic in the network. There are attackers who use references in order to capture the data packets which contain the sensitive information for example password and account information and many more. Challenges of this process are such that it can record any data which is transmitted and send it to the control for any further analysis.it is possible for the hackers to attend the packet injection and compromise the data which are not encrypted before being sent. This way they can steal the personal credentials of an individual and help them to achieve their wrong intentions. Approaches to overcome the challenges of snapping the traffic between the target computer and the server are such that it has various defences which can be used against session hijacking. For example the installation and establishment of a security system must be encrypted communications over a secure socket layer. This is also called the hypertext transfer protocol. This is a process in which cookies are also used and are sent in an invisible manner so that the entire communication can be encrypted at the time of transmission. Question 2 Signature based intrusion detection system is defined as the system which detects the anomalies which are at a low risk of raising the false alarms in a quick and effective manner. It also analyzes the various kinds of attacks by identifying the patterns of any malicious content and also helps the administrators to organize and implement the controls in a potential manner. Its strength includes that it is a system which contains the pre configuration signature database which ultimately helps in protecting the network in an immediate and instant manner. Its weaknesses include that it has the inability to detect the fresh and previously unknown attacks which can prove dangerous for the organization because without detection the fresh and previously unknown attacks the organization will not be able to configure the system according to the risks associated with the computers. 1
Anomaly based intrusion detection system is defined as the system to detect The attacks which are previously unknown attacks and also the new types of attacks as well. This is a system which fulfils the weaknesses of signature based intrusion detection systems. Its strengths include the monitoring of any kind of the data source which includes the user logs and devices along with the networks and servers. Moreover it has the ability to identify zero day attacks and unknown security threats in a rapid manner and also finds the unusual behaviour across the data sources which are even not identified while using the traditional method of security. Its weaknesses include that it detects at both the levels that is the network and the host level but the shortcomings of the system is such that it is considered as a highly false positive rate and can also be fooled by a correctly delivered attack. It is recommended to use anomaly based intrusion detection system. 2