An active session is a user's connection after he has authenticated his identity and has been granted privileges. If a hacker can access a session in this state, he can get access without the need for authentication. He can interact with the system as the
whose session it was.
An unattended session occurs whenever a user
a session active when it is not being used. This allows
who has access to the terminal device access to that session. As far as the system is
, he or she is the person who left the session unattended. He or she has all the privileges of that user and will be able to perform any operation which that user could perform as that user. Unattended sessions
occur when someone physically steps away from his or her terminal or PC without logging off or locking it. Setting automatic log-off or terminal locking features for idle sessions will help, but user awareness is critical to reducing this vulnerability.
Hijacking is the process of interrupting the communications between the server and the client systems so that the attacker is able to insert information into the session or completely take over the session. Hijacking is accomplished by being able to spoof the communication protocol. Some
of the TCP protocol use very predictable sequence
, which allows someone on the network to intercept and take over the session.
Researchers at the University of Maryland found that by using tools developed as part of the Open1x project, an
source implementation of the IEEE protocol, they could perform session hijacking and man-in-the-middle attacks on Wireless Lans. The wireless security standard brought in to replace the flawed Wireless Encryption Protocol (WEP)is just as defective.
Lars Davies, research fellow at the Centre for Commercial Law Studies,
network managers to
on guard where wireless was concerned. "If you use a wireless network, you are
open to the world."
Allen, Paul and Millman, Rene, "Robust Wireless Standard is Flawed,"
, 22 February 2002.