Protecting Against Session Hijacking
As you have seen, session hijacking is an insidious threat because the attacker is taking over a legitimate session. In other types of attacks, you can remove what the threat exploits and therefore eliminate the threat. Unfortunately, in this case, to eliminate the cause would prohibit any legitimate connections, which defeats the purpose of having an Internet connection. Therefore, it is not an option. The following are some other options you can take to minimize the threat of session hijacking:
Use encryption
Use a secure protocol
Limit incoming connections
Minimize remote access
Have strong authentication (least effective)
Use Encryption
Encryption is probably one of the few ways you can protect against session ...
Get Hackers Beware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.