Dear Stars,
This week's IT tips are all about - Session Hijacking
This article is about Session Hijacking and the ways to prevent it. But before we proceed with it, let me first tell you what a Session is. The total time you devote to your internet activity is called a Session. A session starts as soon as you log into a website or a service and ends when you end the connection or shut down your computer system. All your internet activity details are stored in a session temporarily.
What is Session Hijacking?
When a Session is a time when you are on the internet, Session hijacking means an attack over your internet session and the most common example one can give here is that, when you are using internet banking to check your bills or to do some transaction, an attacker can take over your internet session and hijack it. Session hijacking is usually done using web applications or browser sessions.
A session hijacker can get complete access to your session and can do anything you could do on that website. Let’s learn about a few more examples of Session Hijacking so that you can avoid them.
How does Session Hijacking work?
Session Hijacking can be done in three different types – In Active session hijacking, the attacker attacks your active internet connection, which means, hijacking your internet session while you are logged in and the other is passive session hijacking wherein the attacker monitors your session and steals the information exchanged between you and the server. In a hybrid hijack, the attackers monitor the network session and then attack as soon as they find the way.
Examples of Sessions Hijacking.
1. You get an email saying that you have won a lottery and prompting you to click on a link to claim your prize. The attackers include their own session key to this link and as soon as you click on the link, you will grant him access to your session.
2. When you log in to your bank account or credit card to make a purchase or check the balance, the attackers can attack your ongoing session, kick you out of the session and take over. They can then access your bank account.
How can we Prevent Session Hijacking?
Session Hijacking undoubtedly is one of the most common cyber-crime and is pretty scary too, but we can certainly prevent it with some simple measures. These attacks can really bring some terrible consequences for business organizations including data theft, financial losses, and much more.
Use HTTPS and not HTTP
(Hypertext transfer protocol secure) is a better and more secure version of HTTP. Especially the websites that require login details. HTTPS makes sure that the website has the SSL and TLS certification throughout the session and ensures the increased security of data transfer. Also, popular web browsers like Google Chrome flag all non-HTTPS websites as unsafe, and you get a warning message too.
Clear Cookies
Once the session is completed, clear the cookies to prevent session hijacking and stealing of cookies. The attacker will not be able to trace cookies if accidentally you have visited any vulnerable or malicious site.
Be Proactive
This is actually the best thing you can do to avoid session hijacking. Avoid using public WiFi and public computers, especially to access your banking websites or any website that requires your login credentials. If you have to use public WiFi, make a VPN (Virtual Private Network) to make sure that no one intrudes.
Also, Keep the System Updated, Don’t click on malicious links, and Log out Carefully
Be aware and never devour!!!.