Network Seventh Level Agreement (OpenSteminterConnection), referred to as OSI, is an open access system interconnect reference model, which is a very good protocol specification. The OSI model has a 7-layer structure, and there are several sub-layers per layer. The 7th floor of the OSI is from top to bottom, respectively, 7 application layer 6 represents the layer 5 session layer 4 Transport layer 3 network layer 2 data link layer 1 physical layer where the high layer, that is, the 7, 6, 5, 4 layers define the application Function, the following 3, ie 3, 2, 1 layer mainly facing the end-to-end data stream through the network.
Conference layer, representation layer, application layer constitutes a high level 3 floor of open system, facing the application process provides distribution processing, dialog management, information representation, restoring the final error Wait. The session layer also should be responsible for the application process service requirements, and the part of the transportation layer cannot be completed, giving the transportation layer functional gap to make up. The main function is to dialog management, data stream synchronization and resynchronization. To complete these features, there is a need for a large number of service unit functions, and dozens of functional units have been developed.. If you want to remember this 5th floor with as few words, it is "dialogue and conversation."
(1) Establish connection between session entities
to establish a session connection to two peer session service users, should do the following work
1 map the session address to the transport address.
2 Select the required transportation service quality parameter (QoS).
3 to negotiate the session parameters.
4 identify each session connection.
5 Transparent transparent user data.
(2) Data transfer phase
This stage is There is an organized, synchronized data transfer between two session users. The user data unit is SSDU, and the protocol data unit is SPDU. The data transfer process between the session user is converted to the SPDU.
(3) Connection release
Connection is released by "Order Release", "Abandoned", "Fewal Confucius" and other functional units to release session connections.
Conference layer standard In order to make the session connection establishment phase, 12 functional units are also defined for other international standard references and references. Each system can be based on its own situation and need, and the core functional service unit is selected to form a reasonable session service subset of other functional units.
The main criteria of the session layer have "DIS8236: Session Service Definition" and "DIS8237: Session Protocol Specifications".
ConferenceLayer Allow Establish a session relationship between users on different machines. The session layer sequentially performs the transmission of the normal data of a similar transport layer, and some useful enhanced services are provided in some occasions. Allow users to log in to the remote system on the remote system using a session, or deliver a file between two machines. One of the services provided by the session layer is management dialogue control. The session layer allows information to be transmitted two-way transmission, or only one-way transmission is available at any time. If it belongs to the latter, similar to the half-duplex mode on the physical channel, the session layer will record which side of this round. A service related to dialog control is token management. Some agreements will ensure that both sides cannot do the same operation at the same time, this is important. In order to manage these activities, the session layer provides token, which can be moved between the sessions, and only one of the token can perform some key operation. Another session layer service is synchronized. If there is an average of a large fault in a large fault, two machines make a two-hour file transfer, what is the situation? After each transmission fails, you have to re-transfer this file. When the network has a big fault again, it may be used for halfway. To solve this problem, the session layer provides a method, that is, insert the synchronization point in the data. After each network fails, only the data after the last synchronization point is retransmitted (this is actually the principle of breakpoint download).
Session hijacking and security
Since the session is transmitted, session hijacking may occur when a session occurs. Session hijacking occurs when an attacker tries to take over the TCP session established between two computers. The basic steps of session hijack include: looking for sessions, guessing serial numbers, forcing users to drop the line and take over the session. The purpose of session hijack is to steal an authorized connection of a valid system. If the hacker is successful, then he can perform a local order. If he hijacked a privileged account, hackers have the same access as privileged users. The hazard of session hijack is because it allows you to control existing accounts, which makes attacks almost no traces. Two tools that can be used for sessions are ettercap and hunt.
Blocking and testing session hijacking
There are two main mechanisms to resolve hijacking problems: blocking and detection. Blocking methods include limiting the number of connections to the connection, and configuring the network rejection from the Internet, but claims to be from the local address.
encryption will also help. If you have to allow connections from external trusted hosts, then use Kerberos or IPSec to encrypt. FTP and Telnet are quite fragile and we need to use a safer protocol. SecureShell (SSH) is a good choice. SSH builds an encrypted channel on the local and remote hosts. Use IDS or IPS systems can improve detection. Use switches, security protocols such as SSH, and more random initial serial numbers will increase the difficulty of session hijacking.