Analyzing Session Hijacking Challenges and Intrusion Detection Systems

Verified

Added on 2023/06/14

AI Summary

This report addresses two key areas of network security: session hijacking and intrusion detection systems (IDS). The first part identifies sniffing network traffic as the most technically challenging step in session hijacking, detailing the process and approaches to mitigate it, such as encrypted communication. The second part analyzes signature-based and anomaly-based IDSs, outlining their strengths and weaknesses. Signature-based systems offer quick detection of known threats but struggle with new attacks, while anomaly-based systems can detect novel attacks but have a higher false positive rate. The report recommends considering anomaly-based systems for their ability to identify zero-day attacks.

Network Penetrating
Testing

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Question 1
Among all the steps of the session hijacking process there is one step which is the most
difficult technical challenge for the organizations. Sniffing the traffic between the target
computer and the server is the step of session hijacking process which has proved the most
challenging and difficult to overcome. Sniffing is defined as the procedure of capturing and
monitoring the data packets which are passing via the given network. Sniffers are generally used
by the network administrator in order to monitor and troubleshoot the traffic in the network.
There are attackers who use references in order to capture the data packets which contain the
sensitive information for example password and account information and many more. Challenges
of this process are such that it can record any data which is transmitted and send it to the control
for any further analysis. it is possible for the hackers to attend the packet injection and
compromise the data which are not encrypted before being sent. This way they can steal the
personal credentials of an individual and help them to achieve their wrong intentions.
Approaches to overcome the challenges of snapping the traffic between the target
computer and the server are such that it has various defences which can be used against session
hijacking. For example the installation and establishment of a security system must be encrypted
communications over a secure socket layer. This is also called the hypertext transfer protocol.
This is a process in which cookies are also used and are sent in an invisible manner so that the
entire communication can be encrypted at the time of transmission.
Question 2
Signature based intrusion detection system is defined as the system which detects the
anomalies which are at a low risk of raising the false alarms in a quick and effective manner. It
also analyzes the various kinds of attacks by identifying the patterns of any malicious content
and also helps the administrators to organize and implement the controls in a potential manner.
Its strength includes that it is a system which contains the pre configuration signature database
which ultimately helps in protecting the network in an immediate and instant manner. Its
weaknesses include that it has the inability to detect the fresh and previously unknown attacks
which can prove dangerous for the organization because without detection the fresh and
previously unknown attacks the organization will not be able to configure the system according
to the risks associated with the computers.
1

Anomaly based intrusion detection system is defined as the system to detect The attacks
which are previously unknown attacks and also the new types of attacks as well. This is a system
which fulfils the weaknesses of signature based intrusion detection systems. Its strengths include
the monitoring of any kind of the data source which includes the user logs and devices along
with the networks and servers. Moreover it has the ability to identify zero day attacks and
unknown security threats in a rapid manner and also finds the unusual behaviour across the data
sources which are even not identified while using the traditional method of security. Its
weaknesses include that it detects at both the levels that is the network and the host level but the
shortcomings of the system is such that it is considered as a highly false positive rate and can
also be fooled by a correctly delivered attack.
It is recommended to use anomaly based intrusion detection system.
2