How would you prevent session hijacking attacks?
A.
Using biometrics access tokens secures sessions against hijacking
B.
Using non-Internet protocols like http secures sessions against hijacking
C.
Using hardware-based authentication secures sessions against hijacking
D.
Using unpredictable sequence numbers secures sessions against hijacking
Explanation:
Protection of a session needs to focus on the unique session identifier because it is
the only thing that distinguishes users. If the session ID is compromised,attackers canimpersonate
other users on the system. The first thing is to ensure that the sequence of identification numbers
issued by the session management system is unpredictable; otherwise,it’s trivial to hijack another
user’s session. Having a large number of possible session IDs (meaning that they should be very
long) means that there are a lot more permutations for an attacker to try.
d
D