🔒

Network Security Risks and Prevention

Jul 23, 2025

Overview

This lecture discusses common security risks in client-server network communication, focusing on replay attacks and session hijacking, and outlines methods to prevent these threats.

Network Communication & Risks

  • Network traffic between clients and servers can contain sensitive information valuable to attackers.
  • Attackers may intercept traffic using network taps, ARP poisoning, or malware.

Replay Attacks

  • A replay attack involves capturing legitimate data and resending it to gain unauthorized access.
  • Attackers need to obtain replayable data, often by intercepting traffic or redirecting it.
  • Replay attacks are not inherently on-path attacks, though on-path attacks are often used to collect data for replay.
  • "Pass the hash" is a replay attack that uses captured password hashes to authenticate as a victim.
  • Preventing replay attacks includes encrypting network traffic and using salted hashes so the same hash cannot be reused.

Browser Cookies & Session Hijacking

  • Cookies store session information, including session IDs, which attackers seek to steal.
  • Session hijacking (side jacking) allows attackers to use stolen session IDs to impersonate victims on web servers.
  • Attackers can capture session IDs through packet analysis tools (e.g., Wireshark, Kismet) or exploits like cross-site scripting.
  • Tools such as Tamper, Firesheep, and Scapy can be used to view or manipulate cookie and header information.

Preventing Session Hijacking

  • Encrypt all network traffic using HTTPS to prevent attackers from accessing session details.
  • Browser extensions can enforce HTTPS connections, enhancing security.
  • If full end-to-end encryption is unavailable, using a VPN encrypts traffic at least part of the way.

Key Terms & Definitions

  • Replay Attack — an attack where intercepted network data is resent to masquerade as the original sender.
  • On-path Attack — intercepting and potentially altering traffic between two parties.
  • Pass the Hash — a replay attack using a captured password hash for authentication.
  • Session Hijacking — stealing a session ID to impersonate a user on a web service.
  • Cookie — a file storing information about websites, including session IDs.
  • Salted Hash — a password hash with added random data to ensure uniqueness.

Action Items / Next Steps

  • Ensure network traffic uses encryption, preferably HTTPS, to protect sensitive data.
  • Review and update browser privacy and security extensions for enforcing encrypted connections.
  • Consider using a VPN for additional encryption, especially on unsecured networks.

Full transcript