How would you prevent session hijacking attacks?
A.
Using biometrics access tokens secures sessions against hijacking
B.
Using non-Internet protocols like http secures sessions against hijacking
C.
Using hardware-based authentication secures sessions against hijacking
D.
Using unpredictable sequence numbers secures sessions against hijacking
Explanation:
Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised, attackers can impersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise, it’s trivial to hijack another user’s session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try.