Description

The session layer allows users on different machines to establish sessions between them. Sessions offer various services, including dialog control (keeping track of whose turn it is to transmit), token management (preventing two parties from attempting the same critical operation simultaneously), and synchronisation (checkpointing long transmissions to allow them to pick up from where they left off in the event of a crash and subsequent recovery).

Session Data Unit

Data

Main Security Issues

  • Session Hijacking
  • Man in the Middle
  • Sniffing
  • Session Downgrade Attacks

Protocol Examples

Session Layer OpSec

This is quite in-depth and will be posted in a special blog on securing later 5.