Session Hijacking

In: Computers and Technology

Submitted By oness
Words 4462
Pages 18
Preventing Session Hijacking in Cloud Computing
Sasha Melanie
Personal Research Paper
20th October 2015

Abstract
The idea of Cloud processing is turning out to be a well-known concept every passing day particularly in the field of computing and information technology. It refers to both applications that are conveyed as administrations over the Internet and also as resources (software and hardware) in the data centres. With this kind of advancement, the cloud computing technology raises many security concerns. There are several vulnerabilities that come along with cloud computing that may be exploited by attackers through security threats such as session hijacking. This paper gives an overview of the cloud as well as session hijacking highlighting the key vulnerability areas that every organization need to put into consideration before any implementation of cloud computing. The paper gives the basis for further research that would help curb the challenge of session hijacking in cloud computing.

TABLE OF CONTENTS
Abstract 2
CHAPTER ONE 5
1.0 INTRODUCTION 5
1.1 Motivation for the study 6
1.2 Premises of the study 7
1.3 Problem Statement 7
1.4 Technical objectives of the study 7
CHAPTER TWO 9
2.0 RELATED WORK 9
2.1 Issues with Cloud Computing 9
2.2 ANALYSIS OF SESSION HIJACKING 9
2.2.1 Cookies: 10
2.2.2 TCP session capturing 10
2.3 PREVENTING SESSION HIJACKING 11
2.3.2 Information encryption programming 11
2.3.3 Virus Detection Applications 12
2.3.4 Digitized Signature 12
2.3.5 Computerized Authentication 13
2.3.6 Firewalls 14
2.3.7 Surf Anonymously 14
CHAPTER THREE 16
3.0 RESEARCH METHODOLOGY AND DESIGN 16
3.1 Introduction 16
3.2 Research Design 16
3.3 Data Collection Instruments 16
3.4 Methods of data Analysis and expected results 17
3.5 Time tables 17
3.6 Conclusion 18
REFERENCES 19…...

Similar Documents

Academic Session

...Academic Sessions 2012-2013 Universiti Teknologi MARA Degree, Master and Doctoral Programmes (Updated: 12 April 2012) Session 1 : September 2012 — January 2013 Activity Lecture Mid-semester + Eidul Adha Break Lecture Revision Week Examination Semester Break Date 10 September — 25 October 2012 26 October – 4 November 2012 (Eidul Adha : 26 Oktober 2012) 5 November – 21 December 2012 22 December 2012 – 2 January 2013 3 – 21 January 2013 22 January – 3 Mac 2013 Length of time 7 weeks 1 week 7 weeks 1 week 19 days 6 weeks Session 2 : March 2013 – July 2013 Activity Lecture Mid-semester Break Lecture Date 4 March – 19 April 2013 22 – 28 April 2013 29 April – 24 May 2013 27 May 2013 – 2 Jun 2013 (Harvest Festival : 30-31 May 2013) (Gawai : 1-2 June 2013) 3 – 21 Jun 2013 22 – 25 Jun 2013 26 Jun – 14 July 2013 15 July 2013 – 8 September 2013 Length of time 7 week 1 week 4 weeks Special Leave (Harvest Festival & Gawai) 1 week Lecture Revision Week Examination Semester Break 3 weeks 4 days 19 days 8 weeks Notes: 1. The sessions above are applicable to all Degree, Master and Doctoral programmes in UiTM. 2. There are two (2) sessions per academic year. Each session consists of: . Lectures 14 weeks . Mid Semester Break 1 week . Revision Week ½ - 1 week - Examination 2½ - 3 weeks Approved by UiTM Senate Academic Sessions 2012-2013 Universiti Teknologi MARA Pre-Diploma, Diploma and Asasi Programmes (Updated: 12 April 2012) Session 1 :......

Words: 451 - Pages: 2

Interactive Session:

...INTERACTIVE SESSION: ORGANIZATIONS INFORMATION SYSTEMS HELP KIA SOLVE ITS QUALITY PROBLEMS Korean car manufacturer Kia Motors started selling in the North American market, promising high-quality vehicles at prices well below the competition. In 1994, Kia sold 12,000 cars, and by 2004, Kia had sold 270,000 cars. From a marketing end standpoint, Kia has been a phenomenal success. But until 2002 Kia ranked at the bottom of J. D. Power and Associates’ annual initial-quality survey of new vehicle owners. In 1997 when the average North American car had 1.1 defects per vehicle, Kia had 2.75. In 2002 Kia had improved to 2.12 defects per vehicle, but the industry average was 1.33. Kia had a long way to go, and it was affecting its ability to sell cars, retain customers, and keep operational costs down. Like all manufacturers of vehicles sold in North America, Kia had to create a system by December 1, 2003 to report any defects, accidents, or injuries involving its vehicles to the U.S. National Highway Traffic Safety Administration (NHTSA). Kia Motors uses a manufacturing and production system to help in identifying sources of defects in their automobiles. Kia uses the information from the system to improve its production processes to eliminate or reduce defects. Improving vehicle quality lowers Kia’s costs for warranty repairs while increasing customer satisfaction. CASE STUDY QUESTIONS 1. Why was it so difficult for Kia to identify sources of defects in the cars......

Words: 1610 - Pages: 7

Speech Therapy Session Plan

...__________ School of Health & Rehabilitation Sciences Divisions of Communication Sciences & Disorders Old Main Building · Groote Schuur Hospital · Observatory ·7925 Telephone: +27 21 406-6401 Fax: +27 21 406-6323 SESSION PLAN Name: Dudu Jones Date of birth: 28 February 2008 Age: 5 years 8 months Home language: isiXhosa and English Date: 23 May 2014 Goal: Dudu is above 60 months of age is still unable to use and understand adjectives of therefor the goal for this intervention is that she will be able to use and understand the adjectives of size. Dudu is expected to able to identify an object by its size and should be able to describe the object using adjectives of size. Dudu is also expected to be able to use 80% of the adjectives of size that she will be thought by the Clinician. The goal will be measured by asking her parents and teacher how often she uses the adjectives that she is being thought during the sessions. The Clinician will also ask her parents to ask Dudu to do tasks that will test if she understands the concepts she is being thought. For example her mother will say: “give me the big cup”. If performs this task correctly it means the sessions are a success. (Paul and Norbury, 2012) Aim The aim is to increase Dudu’s understanding and use of adjectives focusing on the concept of ‘big and small’’. To show that Dudu understands the concept of big and small it is aimed that she...

Words: 1721 - Pages: 7

Session Planning

... Associate Dean: Session Planning Session Planning Shyeida Duncan CSS101 September 3, 2014 Stefani Nelson Session Planning Session Planning The major I've chosen to study is Business Management and Accounting. I choose this major for different reasons. I want to be the type of person who has different backgrounds “under their belt”. Right out of college I want to work under someone else business using the skills I learn during these two years of business school. I can obtain better interpersonal skills, leadership skills, organizational skills, more intelligence, management ability, business experience also learn how to have a positive outlook of different situations when working under some else company. After graduation, I want to own my own restaurant. I'm uncertain about which type of restaurant I would like to run that will be determined after I complete culinary school. Session Planning Session Planning I would like to be contacted via email @ Shyeidaduncan@gmail.com. My associate dean can contact me any time of day. My emails comes directly to my cellular device therefore I'm able to respond faster. Questions I would like to ask my associates dean are: Is there any way for me to find a job through independence university while attending school? Is there any way for me to contact my financial planner? What is it like working as an Associated Dean? How long did it take you to figure out what he/she wanted to do with their lives? To......

Words: 261 - Pages: 2

Hijacking

...Describe different types of session hijacking. Also research session hijacking on internet and see if you can find a case where session hijacking was successfully used to perform an attack against a system. Include references in your answer. Network-Level Hijacking – is the interception of packets during the transmission between client and server in a TCP/UDP session. Attacks on network level sessions provide the attacker with critical information to attack application level session. TCP/IP Hijacking – spoofs packets to take over a connection between a victim and a target machine. The hacker is able to communicate with the host’s machine as if the attacker is the victim when the connection hangs. One-time passwords can be easily attacked through this technique. IP Spoofing – Allows attackers to create their won acceptable packets tio insert in the TCP session. Attacker spoofs the trusted host’s IP. Then, the hijacker alters the sequence number and acknowledgment number the ser server expects. Forged packets are injected in to the TCP session before the client can respond. Example: This is not really a system, but session hijacking Facebook accounts are very popular. I found hundreds videos showing how to hijack an account. Basically, all you need is a computer with an internet browser, Wireshark (Network Protocol Analyzer), cookie injector, and have a wi-fi connection. Once you’re able to find their facebook session, and then use the cookie injector. Bang,......

Words: 410 - Pages: 2

Session Plan

...application * Importance of Decision Support Systems( DSS) in business * Managing global projects and systems Text Book: Laudon Kenneth and Laudon Jane, MIS-Managing The Digital Firm, Pearson Reference Book: Brady, Cases in MIS, Thomson Learning, Bombay. Brien, James, Management Information System, Tata McGraw Hill, N.Delhi. JankiRaman, Decision Support System, Prentice Hall of India, N.Delhi. Pedagogy: Presentations, Case Studies Evaluation Component and weightage: Class Participation incl. Quiz : 10 marks Assignment : 10 marks End Term Project : 20 marks Mid Term : 20 marks End Term : 40 marks ________ Total 100 Marks -------------- Session Plan: Session No. | Topic | Reading | Case Discussion | 1-2 | Introduction of IT Fundamentals | Chapter 1-2 | UPS Competes Globally | 3 | Business Processes and BPR | | | 4 | Strategic Information Systems forcompetitive advantage. Porters fiveforces model, Value chain model | Chapter 3 | Is the iPad a disruptive technology? | 5-7 | Operational, Management and Enterprise Systems * ERP * SCM * CRM | Chapter 1,9 | ERP: Border States Industries Fuels Rapid Growth with ERPSCM: Southwest Airlines takes off with better SCMCRM helps Chase Card Services Manage Customer | 8-9 | MS Access – Lab assignment | | | 10 | RDBMS | Chapter 6 | Database behind Myspace | Mid Term | 11 | Data warehousing & BI | Chapter......

Words: 498 - Pages: 2

Session Planning

...Planning my session – Date of session - | | Time and Duration - | | Number of Participants - | | Ability of participants - | | Age of participants - | | Gender of participants - | | Previous Experience of participants - | | Facilities available - | | Equipment available - | | Session Objectives - | | Warm up - | | Skills/ drills/ techniques - | | Main activity - | | Cool Down - | | Reviewing my session – Date of session - | 12/12/14 | Time and Duration - | 2-3 1 hour long. | Number of Participants - | 15. | Ability of participants - | Some able. Some less developed. | Age of participants - | 16-17 | Gender of participants - | Both genders | Previous Experience of participants - | Mixed ability. | Before the session - What went well? – I set up the equipment well in advance and knew what my session was so I was well prepared for the session which made it run smoothly. | What did not go so well? Some of the participants forgot there kit so didn’t have everyone doing the session. | What would I do next time? Make sure everyone has their kit or have a backup plan for my session if less people participate | During the session – What went well? – It was a cold day so made sure everyone was active and was a fun session, the participants enjoyed it and I communicated with them so they understood what they was doing. We had some competitive games to add a bit of excitement and an edge to the session. | ......

Words: 380 - Pages: 2

Session 12

...Session 13 - Homework Problems Miguel Faundez Chapter 13 13.4 Answers a) The scatter plot shows a positive linear relationship. b) For each increase in shelf space of an additional foot, weekly sales are estimated to increase by $7.40. c) Y=145+7.4X=145+7.4(8)=204.2, or $204.20. 13.5 Answers a) From the scatter diagram, we can see that there exists positive relation between reported and audited magazine. b) The slope, B1=26.724 implies that for a unit increment in number of reported magazines, there will be 26.724 increment in the dependent variable, Audited number of magazines. c) The predicted audited newsstand sales for magazine that report newsstand sales of 400,000(X=400) is audited=0.5718+26.724x400=10690.1718. 13.16 Answers a) 20,535/30,025=0.684. 68.4% of the variation in sales can be explained by the variation in shelf space. b) √9,490/10=30.8058. c) Based on a) and b), the model should be useful for predicting the labor hours. 13.17 Answers a) r2 = 130,301.41/144,538.64 = .901498796 This means that 90.15% of the variation in audited sales is explained by the variability in reported sales. b) Formula = SST = SSR + SSE SST-SSR = SSE 144.538.64 – 130,301.41 = 14,237.23 SSE = 14,237.23 SYX = √SSE/ (n – 2) = √14,237.23/ (10 – 2) = √1779.65 SYX = 42.1859 c) This regression model is very helpful in predicting audited sales 13.24 Answers a) A residual analysis of the data indicates a pattern, with sizable clusters......

Words: 508 - Pages: 3

Project Plan for Training Session

...Project Plan for Training Session Your Name CMGT410 Instructor Date Background and Statement of Need Acme Inc, located in Los Angeles. has just designed and installed a brand new Intranet that will allow users to collaborate interactively on all their projects. In a few weeks the system will be fully operational and it will be necessary to train the users of the new system via a 2-day training Session. The users will be flying in from several parts of the country where the company has offices. The guests will be booked into a hotel for a 2-day stay and attend the training session onsite in a reserved conference room. All meals will be provided as well as transportation to and from the airport. Project Objectives The objective of the training session is to educate users about the new intranet, its features and capabilities. Maintenance procedures and troubleshooting the new system will also be covered.. Tasks 1 Hire Speaker 1.1 Research Speaker 1.2 Book Speaker 2. Send invites via email 2.1Email Invitations 2.2Track Confirmations 3.Arrange Accomodations 3.1 Research Prices 3.2Book Rooms 3.3 Reserve Conference Room 3.4 Confirm Accomodations 3.5 Arrange Transportaion to/from Airport 4. Arrange Airfare 4.1 Research Best Prices 4.2 Purchase Tickets 4.3 Confirm Reservations 4.4 Email Itinery 5. Book Catorer 5.1 Research Caterer 5.2 Select Catorer 5.3 Pay Deposit 5.4 Confirm Caterer 6. Create Training Manual 6.1 Create Manual 6.2 Manual......

Words: 363 - Pages: 2

Session Hijacking

... Preventing Session Hijacking in Cloud Computing Sasha Melanie Personal Research Paper 20th October 2015 Abstract The idea of Cloud processing is turning out to be a well-known concept every passing day particularly in the field of computing and information technology. It refers to both applications that are conveyed as administrations over the Internet and also as resources (software and hardware) in the data centres. With this kind of advancement, the cloud computing technology raises many security concerns. There are several vulnerabilities that come along with cloud computing that may be exploited by attackers through security threats such as session hijacking. This paper gives an overview of the cloud as well as session hijacking highlighting the key vulnerability areas that every organization need to put into consideration before any implementation of cloud computing. The paper gives the basis for further research that would help curb the challenge of session hijacking in cloud computing. TABLE OF CONTENTS Abstract 2 CHAPTER ONE 5 1.0 INTRODUCTION 5 1.1 Motivation for the study 6 1.2 Premises of the study 7 1.3 Problem Statement 7 1.4 Technical objectives of the study 7 CHAPTER TWO 9 2.0 RELATED WORK 9 2.1 Issues with Cloud Computing 9 2.2 ANALYSIS OF SESSION HIJACKING 9 2.2.1 Cookies: 10 2.2.2 TCP session capturing 10 2.3 PREVENTING SESSION HIJACKING 11 2.3.2 Information encryption programming 11 2.3.3 Virus Detection Applications 12 2.3.4......

Words: 4485 - Pages: 18

Session Hijacking

... Preventing Session Hijacking in Cloud Computing Sasha Melanie Personal Research Paper 20th October 2015 Abstract The idea of Cloud processing is turning out to be a well-known concept every passing day particularly in the field of computing and information technology. It refers to both applications that are conveyed as administrations over the Internet and also as resources (software and hardware) in the data centres. With this kind of advancement, the cloud computing technology raises many security concerns. There are several vulnerabilities that come along with cloud computing that may be exploited by attackers through security threats such as session hijacking. This paper gives an overview of the cloud as well as session hijacking highlighting the key vulnerability areas that every organization need to put into consideration before any implementation of cloud computing. The paper gives the basis for further research that would help curb the challenge of session hijacking in cloud computing. TABLE OF CONTENTS Abstract 2 CHAPTER ONE 5 1.0 INTRODUCTION 5 1.1 Motivation for the study 6 1.2 Premises of the study 7 1.3 Problem Statement 7 1.4 Technical objectives of the study 7 CHAPTER TWO 9 2.0 RELATED WORK 9 2.1 Issues with Cloud Computing 9 2.2 ANALYSIS OF SESSION HIJACKING 9 2.2.1 Cookies: 10 2.2.2 TCP session capturing 10 2.3 PREVENTING SESSION HIJACKING 11 2.3.2 Information encryption programming 11 2.3.3 Virus Detection Applications 12 2.3.4......

Words: 4485 - Pages: 18

Training Session

...This session was different from the rest because this time we hadn’t met in the recreation center we had met in PEB. Another thing that was different was that we didn’t use machines, like we usually do, because I had waned to be more familiar with machines and their correct uses. So we began with a warm-up of high knew, butt kicks, side shuffle and ladder fast feet. This warm up was quite interesting and I had enjoyed and will definitely be using this warm-up and all the others for when I workout on my own. We then used resistance band in a way I hadn’t yet explored; chest presses and a row. This taught me to use the bands instead of machines to achieve these goals, because a spot on a machine is not always guaranteed. The end to this workout was really killer; I had really pushed myself yet I couldn’t completely finish it. It was a series of Bosu mountain climbers and Bosu plank twists. I’m still working on strengthening my core and through these exercises I’ve learned what will really help me succeed in that area. Session 6 was when the last and final day to see improvement from the beginning. I had attempted a 1RM pull-up and had receded back to 70 lbs. assisted. This was mostly because we had spring break and I had not workout over the break, which caused my body to have to basically start over but in all other aspects f my goals I had seen some sort of improvement even though it wasn’t what I had expected. Yet, Rose had helps me realize that any type of improvement s...

Words: 383 - Pages: 2

Session One

...Eldon Hales August 17, 2011 Session One: What is the Bible? What is God Like? What is the Trinity? Writing Prompt: Reflect upon Grudem’s method of developing ideas about God. What aspects of his theological process do you most appreciate? Are there emphases in his writing that are particularly challenging to you? Wayne Grudem begins his brief study of Systematic Theology by first showing the authority of Scripture. While he acknowledges the Bible was written by man, he does show that it is still the very Word of God. He is careful to point out Scripture’s authority, its clarity, its necessity, and its sufficiency. I appreciate his thoughtful approach of discussing Who is God by starting with What is the Bible. Grudem then moves his discussion to the characteristics and attributes of God. Gurdem points out that much of what we know about God comes from His own description of Himself in His Word, the Bible. First and foremost, we can be certain that God exists and He is knowable. Grudem then gives very brief, simple descriptions of God’s omnipotence, omniscience, wisdom, and holy nature. He points out that God is independent, meaning that He does not need us or anything else in creation. He is perfect and content in and of Himself. However, He chooses to allow us to be important to Him. God is a relational God who delights in being in fellowship and community with us. God is also truthful and good. God can be trusted to keep His promises......

Words: 657 - Pages: 3

Portrait Session

...For a charity auction a few years back, the photographer Patrick Demarchelier donated a private portrait session. The lot sold, for a hundred and fifty thousand dollars, to the wife of a very rich man. It was her wish to pose on the couple’s yacht. “I call her, I say, ‘I come to your yacht at sunset, I take your picture,’ ” Demarchelier recalled not long ago. He took a dinghy to the larger boat, where he was greeted by the woman, who, to his surprise, was not wearing any clothes. “I want a picture that will excite my husband,” she said. Capturing such an image, by Demarchelier’s reckoning, proved to be difficult. “I cannot take good picture,” he said. “Short legs, so much done to her face it was flat.” Demarchelier finished the sitting and wondered what to do. Eventually, he picked up the phone: “I call Pascal. ‘Make her legs long!’ ” Pascal Dangin is the premier retoucher of fashion photographs. Art directors and admen call him when they want someone who looks less than great to look great, someone who looks great to look amazing, or someone who looks amazing already—whether by dint of DNA or M·A·C—to look, as is the mode, superhuman. (Christy Turlington, for the record, needs the least help.) In the March issue of Vogue Dangin tweaked a hundred and forty-four images: a hundred and seven advertisements (Estée Lauder, Gucci, Dior, etc.), thirty-six fashion pictures, and the cover, featuring Drew Barrymore. To keep track of his clients, he assigns three-letter rubrics, like...

Words: 6388 - Pages: 26

Ge Sessions

...GE Sessions One way that GE ensures leaders play an active role in governance is by conducting regular annual review periods for key operating functions within the Company, including compliance, environment, health & safety, and people development. This allows GE to create a cycle of continuous improvement at the senior level and incorporate evolving best practices. These sessions provide a vital system of accountability and allow topical focus as needed through the year. They create a singular point of focus to surface any issues, review performance and disseminate new information. Session/council Timing Global Leadership Meeting January Session D Compliance review Ongoing throughout year—once per business CEC Corporate Executive Council Quarterly Session C Organizational staffing and succession review April, May Growth Playbook Long-term business strategy June, July Operating Plan Annual strategy, including budget October, November Session E Environment, Health & Safety Ongoing, 25 sessions per year Risk Committee Review environmental, compliance, liquidity, credit, market and event risks Quarterly Operating System—These regular, annual reviews create a cycle of continuous improvement in areas including compliance, environment, health & safety, and people development. Global Leadership Meeting The annual GLM has been a foundation of GE’s management processes for over 35 years. At this session over 600 of GE’s top......

Words: 1193 - Pages: 5