Your assignment is to prepare and submit a paper on penetration testing and advanced hacking techniques. In this scenario, in a DDoS attack, a target is attacked through heavy data traffic flooding the target coming from a large number of different locations and systems. In fact, sometimes these attacks are launched using thousands of compromised computer systems. As a result, it becomes almost impossible for the system administrator to avoid the attack by not allowing a single system. In addition, as a result of this attack, a system administrator cannot differentiate between attack traffic and authentic user traffic because of a large number of points of origin.
There are many countermeasures that can be adopted by a system administrator to deal with this attack. A system administrator can apply a variety of restrictions on the amount of traffic that can be processed by their server. However, it also makes it difficult for a system administrator to differentiate between legal and illegal traffic. Additionally, the system administrator can also filter the traffic if they can identify the source of the attacks. In addition, a variety of other techniques can also be applied such as the use of intrusion detection systems, firewalls, and so on (Webopedia, 2014. Strickland, 2014).
Session hijacking is also a very common security threat in which an attacker takes control over the session of a Web user by secretly attaining the session ID and using their ID to demonstrate themselves as an owner of that ID. The basic purpose of this attack is to access a legal account illegally and making use of this account to carry out illegal activities. For instance, once an attacker is able to access an account illegally, he can use this account to conduct different acts such as using the network services, copying or destroying data and a wide variety of other tasks. Basically, an attacker gets this session ID from URL (universal resource locator) in which a cookie stores this session ID. Whenever a communication procedure is launched between a client and a server, an authentication process is established and an attacker takes advantage of this process by interfering online.