The OSI Model and You Part 5: Stopping Threats at the OSI Session Layer

In our journey through the Open Systems Interconnection (OSI) seven layers of networking, the OSI session layer is a gatekeeper that manages the connection between applications. In other words, we are past just connecting devices. Now, we need to do something with that connection, which at this stage is called a session. This part of the OSI model gets into the ‘why’ of data movement. Think of everything done so far in the previous four layers as getting everyone to the party. What do you need to look out for in terms of threats now that they’re here?

What Is the Session Layer?

The OSI session layer is responsible for syncing everything up for action. For example, you can’t just ‘view’ a web page. You need to establish a connection to the web server. The session layer therefore creates, manages, accepts, opens and closes these sessions. On occasion, it’s even responsible for sessions failing, especially if your computer is managing a whole bunch of them. Therefore, not only is performance important at the session layer, so is security.

Connected Threats

Management of the OSI session layer is critical to success. You’ve probably heard of session hijacking as a type of attack. As you would correctly guess, those attacks happen in the session layer. Session hijacking can happen in different ways, including cross-site scripting, sidejacking, fixation, cookie theft and brute force attempts.

How do you stop these types of attacks? Here are some tips:

  • Force the use of HTTPS or some other protocol that ensures encryption.
  • Prevent access to cookies from client-side scripts.
  • Configure your system to regenerate the session key after it has established authentication.
  • In general, layers five through seven are all vulnerable due to bad coding practices.

Another way to protect the OSI session layer is through management of the session. Encryption is vital to session safety, so if you need some help on standards, reference NIST Special Publication 800-175B Revision 1.

Restricting failed session attempts and adding timing methods can also protect sessions. This is where your business operations matter. Being too restrictive could impede business; too loose and you take on more risk. Remember, you need to browse safely, but cybersecurity is only part of the larger picture.

Finally, watch out for FTP sniffing on the OSI session layer as well. FTP, on its own, is not secure. And while many organizations have moved to some type of secure FTP solution such as SFTP (securing with SSH) or FTPS (securing with SSL), it’s easy to miss that vanilla FTP is still out there.

Next, we’ll take a look at what that gate opens onto. 

The post The OSI Model and You Part 5: Stopping Threats at the OSI Session Layer appeared first on Security Intelligence.