Session Layer Protocols and Known Security Issues
Description
The session layer allows users on different machines to establish sessions between them. Sessions offer various services, including dialog control (keeping track of whose turn it is to transmit), token management (preventing two parties from attempting the same critical operation simultaneously), and synchronisation (checkpointing long transmissions to allow them to pick up from where they left off in the event of a crash and subsequent recovery).
Session Data Unit
Data
Main Security Issues
- Session Hijacking
- Man in the Middle
- Sniffing
- Session Downgrade Attacks
Protocol Examples
- ADSP, AppleTalk Data Stream Protocol
- ASP, AppleTalk Session Protocol
- H.245, Call Control Protocol for Multimedia Communication
- ISO-SP, OSI session-layer protocol (X.225, ISO 8327)
- iSNS, Internet Storage Name Service
- L2F, Layer 2 Forwarding Protocol
- L2TP, Layer 2 Tunneling Protocol
- NetBIOS, Network Basic Input Output System
- PAP, Password Authentication Protocol
- PPTP, Point-to-Point Tunnelling Protocol
- RPC, Remote Procedure Call Protocol
- RTCP, Real-time Transport Control Protocol
- SMPP, Short Message Peer-to-Peer
- SCP, Session Control Protocol
- SOCKS, the SOCKS internet protocol, see Internet socket
- ZIP, Zone Information Protocol
- SDP, Sockets Direct Protocol
Session Layer OpSec
This is quite in-depth and will be posted in a special blog on securing later 5.