Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Internet Security Whitepapers Session Hijacking

Session hijacking can be done at two levels: Network Level and Application Level. Network layer hijacking involves TCP and UDP sessions, whereas Application level session hijack occurs with HTTP sessions. Successful attack on network level sessions will provide the attacker some critical information which will than be used to attack application level sessions, so most of the time they occur together depending on the system that is attacked. Network level attacks are most attractive to an attacker because they do not have to be customized on web application basis; they simply attack the data flow of the protocol, which is common for all web applications.

Cisco Router Security Best Practices

Internet Security Whitepapers Hacking Routers, Cable Modems and Firewalls

This document provides Guideline for securing a typical enterprice perimeter (Gateway) router. Security issues related to routing protocols (BGP, OSPF, RIP, VRRP) are beyond the scope of this document.

Web Services Enumeration and Profiling

Internet Security Whitepapers Enumeration

Web services hacking begins with the Web Services Definition Language or WSDL. A WSDL file is a major source of information for an attacker. Examining a WSDL description provides critical information like methods, input and output parameters. It is important to understand the structure of a WSDL file, based on which one should be able to enumerate web services. The outcome of this process is a web services profile or matrix. The scope of this paper is restricted to understanding this process. Once this is done, attack vectors for web services can be defined. The scope of attack vectors will be covered in the next paper.

Advanced Hacking Techniques: Implications for a Mobile Workforce

Internet Security Whitepapers Hacking Mobile Phones, PDA & Handheld Devices

Laptops are being deployed within enterprises at an increasing rate, mostly because of the flexibility and convenience they provide employees, and in turn, the productivity gains they provide for the companies. It's impossible to go anywhere today without seeing people working outside the traditional office setting on their laptops - at the local coffee shop, while lounging in the park, standing at their kitchen counters, waiting at airport gates, and working in their hotel rooms.

A Man-In-The-Middle Attack Using Bluetooth

Internet Security Whitepapers Bluetooth Hacking

During the SA3-31 meeting in Munich, it was decided that the Bluetooth link between peripheral devices did not require integrity protection. This contribution indicates that a man-in-the-middle attack may be possible on the bluetooth link in a WLAN interworking environment. The attacker lures the victim to connect to a malicious WLAN access point. The attack does not require to know the Bluetooth link key. The attacker can repeat this attack on the same victim many times in any WLAN network. A discussion of countermeasures against this attack can be found in a companion contribution.

Footprinting - Hacking Exposed: Network Security Secrets and Solutions

Internet Security Whitepapers Footprinting

The systematic footprinting of an organization enables attackers to create a complete profile of an organization's security posture. By using a combination of tools and techniques, attackers can take an unknown quantity (Widget Company's Internet connection) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet. While there are many types of footprinting techniques, they are primarily aimed at discovering information related to the following environments: Internet, intranet, remote access, and extranet.

Understanding Tuning TCP

Internet Security Whitepapers Evading IDS Firewall and Honeypot

This BluePrints article describes some of key Transport Control Protocol (TCP) tunable parameters related to performance tuning. More importantly it describes how these tunables work, how they interact with each other, and how they impact network traffic when they are modified. Applications often recommend TCP settings for tunable parameters, but offer few details on the meaning of the parameters and adverse effects that might result from the recommended settings. This article is intended as a guide to understanding those recommendations. This article is intended for network architects and administrators who have an intermediate knowledge of networking and TCP.

Biometric Authentication Systems

Internet Security Whitepapers Physical Security System Hacking Web Based Password Cracking

This paper presents our conclusions from a year-long study of biometric authentication techniques and actual deployment potential, together with an independent testing of various biometric authentication products and technologies. We believe that our experience can help the reader in considering whether and what kind of biometric authentication should or should not be used in a given system. Biometric technology has not been studied solely to authenticate humans. A biometric system for race horses is being investigated in Japan and a company that imports pedigree dogs into South Africa uses a biometric technique to verify the dogs being imported.

HPING Tutorial

Internet Security Whitepapers Linux Hacking

HPING is a command-line oriented TCP/IP packet crafter. HPING can be used to create IP packets containing TCP, UDP or ICMP payloads. All header fields can be modified and controlled using the command line. A good understanding of IP and TCP/UDP is mandatory to use and understand the utility.

HIPAA Security Series - Security Standards: Physical Safeguards

Internet Security Whitepapers Physical Security

The security series of papers will provide guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule titled "Security Standards for the Protection of Electronic Protected Health Information," found at 45 CFR Part 160 and Part 164, Subparts A and C. This rule, commonly known as the Security Rule, was adopted to implement provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The series will contain seven papers, each focused on a specific topic related to the Security Rule. The papers, which cover the topics listed to the left, are designed to give HIPAA covered entities insight into the Security Rule, and assistance with implementation of the security standards. This series aims to explain specific requirements, the thought process behind those requirements, and possible ways to address the provisions.

Explore What's Inside Security Science

Global Internet Security News Global Internet Security News
Elevates people's awareness level by providing the most informative security related news and events, which includes, but is not limited to, financial and business security, information and technology security, as well as corporate and individual security worldwide.
Information Security Information Security
Security Policy Resource page, a compiled research project of the SECURITY-SCIENCE team. The ultimate goal of this project is to offer everything you need for swift development and implementation of information security policies. You'll find a great set of policies posted here, including, but is not limited to, procedures and guidelines, that you can easily align to your company’s security requirements.
Internet Security Tools Internet Security Tools
State of the art security technology solutions (software, hardware, appliances and gadgets--including HOWTOs and guidelines) for computer and network defense, perimeter protection and environment security and safety.
Learn Internet Security Science Learn Internet Security Science
Provides superior security education on how to counter attack security risks, threats and vulnerabilities by using the most advanced techniques practiced and put into application by professional hackers, forensics, investigators and penetration testers.
Grokker - Technology Encyclopedia Hackopedia
A free security encyclopedia for computer, Internet and security terms and definitions created, researched, reviewed and maintained by Security-Science.
Internet Security Experts - Knowledge Exchange Internet Security Experts
An avenue for exchanging knowledge and KNOW-HOWs which allows users to interact with each other for mutual assistance and support by collaborating, asking, answering and sharing information about security related issues and concerns that benefit everyone.