- Session replay is a scheme an intruder uses to masquerade as an authorized user on an interactive Web site. By stealing the user's session ID, the intruder gains access and the ability to do anything the authorized user can do on the Web site.Session IDs facilitate user tracking for a Web site and can provide automatic authentication for future visits to that site or associated sites. The session ID can be stored as a cookie, form field or URL. Once the intruder obtains session ID data (see session prediction), he can conduct either a session replay or session hijacking attack. A session hijacking intrusion is easily detected because it occurs while a session is in process. Because a session replay attack does not occur in real time, however, such an attack may only be discovered when the user learns he has been the victim of identity theft or some other form of fraud. Software countermeasures capable of minimizing the threat of session replay are similar to those used for application security. Examples include: - conventional firewalls
- application firewalls
- encryption/decryptionl programs
- anti-virus programs
- pop-up blockers
- spyware detection/removal programs.
Behavioral countermeasures include: - frequent deletion of stored cookies and temporary files from Web browsers
- making sure that browsers do not remember passwords
- setting browsers to purge all personal data every time they are closed (if they offer this feature)
- installing updates and patches promptly when they become available
- refraining to click on links in e-mail messages from questionable sources
- avoiding questionable Web sites.
 |
Learn more about Password Management and Policy |
  |
Identity and Access Management Services, Systems and Technologies: This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. |
  |
Using IAM, password and provisioning management tools for compliance: In this new lesson, expert Tom Bowers will teach you how provisioning and password management can reduce help desk calls, ease compliance woes and save corporate cash. |
| Endpoint security protection: Policies for endpoint control: Guest instructor Ben Rothke, provides tactics for endpoint security, policies for controlling endpoints and insight as to where endpoint security technology is headed. |
| How to break into a computer that is right at your fingertips: Stressing the importance of physical security, Joel Dubin explains how a hacker can bypass a BIOS password and break into a computer. |
| Spy vs. Spy: Excerpt from Chapter 6 of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day. |
| SAP Security Learning Guide: This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system ... |
| LAST UPDATED: |
04 Jun 2007
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|

 |
More resources from around the web:
|


');
// -->



|