1 00:00:01,740 --> 00:00:06,050 Generally speaking daily transfer is done also through the protocols of the session layer. 2 00:00:07,830 --> 00:00:13,590 Here however various functions are not so clearly distributed among different protocols as was the case 3 00:00:13,590 --> 00:00:14,620 in the lower layers 4 00:00:17,850 --> 00:00:23,080 is generally accepted that all user authentication protocols operate in a session layer. 5 00:00:23,170 --> 00:00:24,920 We will talk about that later. 6 00:00:26,860 --> 00:00:34,790 Either way this fact concerns both operating systems and individual apps. 7 00:00:34,860 --> 00:00:40,520 The typical attack of a session layer consists of taking the identity of an already authenticated user 8 00:00:44,070 --> 00:00:51,850 in the picture above you can see a Firefox add on Coldfire sheet some time ago it was a real hit. 9 00:00:52,030 --> 00:00:57,160 After downloading and starting it you were able to see pictures and personal information of people who 10 00:00:57,160 --> 00:01:02,530 were connected to the same Wi-Fi network as you and happened to be using social networking sites. 11 00:01:04,330 --> 00:01:11,650 To transfer data all network services use the HTP protocol which is stateless. 12 00:01:11,710 --> 00:01:16,240 This means that a server does not know whether an incoming request was sent by the same user or as the 13 00:01:16,240 --> 00:01:17,010 one before 14 00:01:20,190 --> 00:01:22,530 to enable users to browse a Web site. 15 00:01:22,590 --> 00:01:27,140 The server must emulate a stateful protocol. 16 00:01:27,190 --> 00:01:30,860 It does so by attaching a session identifier to each packet. 17 00:01:31,820 --> 00:01:38,530 Usually this is a short text file called a cookie if the cookie is sent back and already authenticated 18 00:01:38,530 --> 00:01:40,160 user will be identified. 19 00:01:42,470 --> 00:01:47,570 The user will then be able to switch through subpage is within one session. 20 00:01:47,720 --> 00:01:52,730 If someone managed to intercept the cookie and send it back to the server you'd be able to impersonate 21 00:01:52,730 --> 00:01:58,150 the user perfectly the attacker wouldn't even have to know log in and password. 22 00:01:58,630 --> 00:02:00,310 That's how fire works. 23 00:02:02,110 --> 00:02:08,340 The main threats connected to the session layer are identity and credentials spoofing. 24 00:02:08,480 --> 00:02:13,790 The latter may include Kerberos tickets and to mail passwords or web cookies 25 00:02:16,210 --> 00:02:21,020 administrators and other people responsible for security can do little to counter these threats. 26 00:02:23,170 --> 00:02:27,420 This is the job of the people that create applications that employ these mechanisms. 27 00:02:29,080 --> 00:02:38,440 Applications should offer secure ways of user authentication or at least use secure authentication protocols. 28 00:02:38,440 --> 00:02:45,750 Let's get back to the picture in the fire she banged on if the communication took place to the TTP as 29 00:02:45,750 --> 00:02:46,860 protocol. 30 00:02:46,860 --> 00:02:54,340 It wasn't so easy to use the cookie anymore because it was encrypted with a session key. 31 00:02:54,580 --> 00:02:59,290 During this lecture we have learned about the threats and vulnerabilities of transport in-session layers 32 00:02:59,290 --> 00:03:07,220 of the OSA model in the transport layer protocols TCAP and UDP provide a lot of information that can 33 00:03:07,220 --> 00:03:13,180 be used to take control over a weekly protected operating system. 34 00:03:13,230 --> 00:03:18,160 It's more difficult to enlist protocols that are specifically connected with the session layer. 35 00:03:18,270 --> 00:03:22,390 Generally this layer is responsible for authentication. 36 00:03:22,520 --> 00:03:28,510 The main threat connected with this layer consists of stealing the identity of Web users. 37 00:03:28,740 --> 00:03:30,140 Thank you for your attention.