In our journey through the Open Systems Interconnection (OSI) seven layers of networking, the OSI session layer is a gatekeeper that manages the connection between applications. In other words, we are past just connecting devices. Now, we need to do something with that connection, which at this stage is called a session. This part of the OSI model gets into the ‘why’ of data movement. Think of everything done so far in the previous four layers as getting everyone to the party. What do you need to look out for in terms of threats now that they’re here?
What Is the Session Layer?
The OSI session layer is responsible for syncing everything up for action. For example, you can’t just ‘view’ a web page. You need to establish a connection to the web server. The session layer therefore creates, manages, accepts, opens and closes these sessions. On occasion, it’s even responsible for sessions failing, especially if your computer is managing a whole bunch of them. Therefore, not only is performance important at the session layer, so is security.
Connected Threats
Management of the OSI session layer is critical to success. You’ve probably heard of session hijacking as a type of attack. As you would correctly guess, those attacks happen in the session layer. Session hijacking can happen in different ways, including cross-site scripting, sidejacking, fixation, cookie theft and brute force attempts.
How do you stop these types of attacks? Here are some tips:
Force the use of HTTPS or some other protocol that ensures encryption.
Prevent access to cookies from client-side scripts.
Configure your system to regenerate the session key ..
Support the originator by clicking the read the rest link below.
