Flint Tech’s Cybersecurity Awareness Series: Session Hijacking and DNS poisoning

Home / Flint Tech’s Cybersecurity Awareness Series: Session Hijacking and DNS poisoning
Flint Tech’s Cybersecurity Awareness Series: Session Hijacking and DNS poisoning

Thanks for joining us for our month-long series on cybersecurity! Check out our social media pages and let us know what you think.

To wrap up our cybersecurity awareness series, we’re going to look at two attacks that can seriously hurt your small business: Session Hijacking and DNS Poisoning.

credit: MaryEllenCampbell on Tenor.com

Session Hijacking is an advanced attack that has become easier to accomplish over time. Every time somebody logs into a website, a session is created (this involves two systems communicating with each other). When the user ends communication, the session becomes inactive.

A session is hijacked when an attacker takes control of the session using cookies. This can be accomplished by different methods:

  • Cross-site scripting (CSS): As we described in our last post, CSS is when attackers use a server or application’s vulnerabilities to inject script into a website for malicious purposes. If the server does not set HTTP Only in session cookies, injected scripts can gain access to the session key, which gives attackers all they need to hijack the session.
  • Session side jacking: This is when an attacker monitors the traffic within a network and intercepts the session cookies after the user has authenticated it. Unsecured Wifi Hotspots usually allow for this kind of attack.

Ultimately, encryption is the best line of defense against these attacks. The most effective ones include:

  • Secure Sockets Layer (SSL): This is the standard technology for securing an internet connection and protecting sensitive data being sent between two systems.
  • Transport Layer Security (TLS): This is an updated, more secure version of SSL.

DNS Poisoning is one of the trickiest attacks out there. DNS servers are compromised when the attacker substitutes the address of a valid website for a fake so that users are redirected to malicious websites, including phishing sites. Attackers can either collect passwords and other sensitive information, or simply refuse to load the site. The Chinese government uses this method to block access to sites they find objectionable.

Attackers are able to execute this attack by:

  • Mimicking a server: When your DNS server submits a query, the attacker responds quickly with the wrong answer before the legitimate server is able to respond.
  • Bombarding a server: Attackers send thousands of queries to a caching server, then send thousands of false responses, gaining control of the domain and the entire site over time.
  • Taking advantage of open ports: Again, attackers send thousands of queries to DNS resolver ports. Over time, they discover which port is open and focus future attacks only on that port.

Secure web hosting is crucial to guarding against this attack. Options for protection include:

  • Control your DNS server: This takes time, expertise, and determination to do properly. If you don’t have the time or knowledge, Flint Tech Solutions can help.
  • Limit queries: This means refusing DNS requests over open ports. This limits how much you get bombarded with queries that could compromise your data.
  • Find the best software: Again, this is an area where Flint Tech can help. Some DNS software comes with protections built in, and this is an area where you want to make sure you’re getting what you pay for.

We hope you’ve enjoyed this series and learned more than you knew before about cybersecurity. Stay tuned to our blog for more great content to come!

To learn more about how Flint Tech can help defend your small business, click on our logo below: