In our journey through the Open Systems Interconnection (OSI) seven layers of networking, the OSI session layer is a gatekeeper that manages the connection between applications. In other words, we are past just connecting devices. Now, we need to do something with that connection, which at this stage is called a session. This part of the OSI model gets into the ‘why’ of data movement. Think of everything done so far in the previous four layers as getting everyone to the party. What do you need to look out for in terms of threats now that they’re here?

What Is the Session Layer?

The OSI session layer is responsible for syncing everything up for action. For example, you can’t just ‘view’ a web page. You need to establish a connection to the web server. The session layer therefore creates, manages, accepts, opens and closes these sessions. On occasion, it’s even responsible for sessions failing, especially if your computer is managing a whole bunch of them. Therefore, not only is performance important at the session layer, so is security.

Connected Threats

Management of the OSI session layer is critical to success. You’ve probably heard of session hijacking as a type of attack. As you would correctly guess, those attacks happen in the session layer. Session hijacking can happen in different ways, including cross-site scripting, sidejacking, fixation, cookie theft and brute force attempts.

How do you stop these types of attacks? Here are some tips:

  • Force the use of HTTPS or some other protocol that ensures encryption.
  • Prevent access to cookies from client-side scripts.
  • Configure your system to regenerate the session key after it has established authentication.
  • In general, layers five through seven are all vulnerable due to bad coding practices.

Another way to protect the OSI session layer is through management of the session. Encryption is vital to session safety, so if you need some help on standards, reference NIST Special Publication 800-175B Revision 1.

Restricting failed session attempts and adding timing methods can also protect sessions. This is where your business operations matter. Being too restrictive could impede business; too loose and you take on more risk. Remember, you need to browse safely, but cybersecurity is only part of the larger picture.

Finally, watch out for FTP sniffing on the OSI session layer as well. FTP, on its own, is not secure. And while many organizations have moved to some type of secure FTP solution such as SFTP (securing with SSH) or FTPS (securing with SSL), it’s easy to miss that vanilla FTP is still out there.

Next, we’ll take a look at what that gate opens onto.

More from Network

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today