Session hijacking can be done at two levels: Network Level and Application Level. Network layer hijacking involves TCP and UDP sessions, whereas Application level session hijack occurs with HTTP sessions. Successful attack on network level sessions will provide the attacker some critical information which will than be used to attack application level sessions, so most of the time they occur together depending on the system that is attacked. Network level attacks are most attractive to an attacker because they do not have to be customized on web application basis; they simply attack the data flow of the protocol, which is common for all web applications.

This document provides Guideline for securing a typical enterprice perimeter (Gateway) router. Security issues related to routing protocols (BGP, OSPF, RIP, VRRP) are beyond the scope of this document.

Web services hacking begins with the Web Services Definition Language or WSDL. A WSDL file is a major source of information for an attacker. Examining a WSDL description provides critical information like methods, input and output parameters. It is important to understand the structure of a WSDL file, based on which one should be able to enumerate web services. The outcome of this process is a web services profile or matrix. The scope of this paper is restricted to understanding this process. Once this is done, attack vectors for web services can be defined. The scope of attack vectors will be covered in the next paper.

Laptops are being deployed within enterprises at an increasing rate, mostly because of the flexibility and convenience they provide employees, and in turn, the productivity gains they provide for the companies. It's impossible to go anywhere today without seeing people working outside the traditional office setting on their laptops - at the local coffee shop, while lounging in the park, standing at their kitchen counters, waiting at airport gates, and working in their hotel rooms.

This BluePrints article describes some of key Transport Control Protocol (TCP) tunable parameters related to performance tuning. More importantly it describes how these tunables work, how they interact with each other, and how they impact network traffic when they are modified. Applications often recommend TCP settings for tunable parameters, but offer few details on the meaning of the parameters and adverse effects that might result from the recommended settings. This article is intended as a guide to understanding those recommendations. This article is intended for network architects and administrators who have an intermediate knowledge of networking and TCP.

During the SA3-31 meeting in Munich, it was decided that the Bluetooth link between peripheral devices did not require integrity protection. This contribution indicates that a man-in-the-middle attack may be possible on the bluetooth link in a WLAN interworking environment. The attacker lures the victim to connect to a malicious WLAN access point. The attack does not require to know the Bluetooth link key. The attacker can repeat this attack on the same victim many times in any WLAN network. A discussion of countermeasures against this attack can be found in a companion contribution.

This paper presents our conclusions from a year-long study of biometric authentication techniques and actual deployment potential, together with an independent testing of various biometric authentication products and technologies. We believe that our experience can help the reader in considering whether and what kind of biometric authentication should or should not be used in a given system. Biometric technology has not been studied solely to authenticate humans. A biometric system for race horses is being investigated in Japan and a company that imports pedigree dogs into South Africa uses a biometric technique to verify the dogs being imported.

The systematic footprinting of an organization enables attackers to create a complete profile of an organization's security posture. By using a combination of tools and techniques, attackers can take an unknown quantity (Widget Company's Internet connection) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet. While there are many types of footprinting techniques, they are primarily aimed at discovering information related to the following environments: Internet, intranet, remote access, and extranet.

HPING is a command-line oriented TCP/IP packet crafter. HPING can be used to create IP packets containing TCP, UDP or ICMP payloads. All header fields can be modified and controlled using the command line. A good understanding of IP and TCP/UDP is mandatory to use and understand the utility.

The security series of papers will provide guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule titled "Security Standards for the Protection of Electronic Protected Health Information," found at 45 CFR Part 160 and Part 164, Subparts A and C. This rule, commonly known as the Security Rule, was adopted to implement provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The series will contain seven papers, each focused on a specific topic related to the Security Rule. The papers, which cover the topics listed to the left, are designed to give HIPAA covered entities insight into the Security Rule, and assistance with implementation of the security standards. This series aims to explain specific requirements, the thought process behind those requirements, and possible ways to address the provisions.