Mitigating the 'firesheep' attack at the network layer?
Posted
by
pobk
on Server Fault
See other posts from Server Fault
or by pobk
Published on 2010-10-25T17:37:15Z
Indexed on
2011/01/07
15:55 UTC
Read the original article
Hit count: 220
What are the sysadmin's thoughts on mitigating the 'firesheep' attack for servers they manage?
Firesheep is a new firefox extension that allows anyone who installs it to sidejack session it can discover. It does it's discovery by sniffing packets on the network and looking for session cookies from known sites. It is relatively easy to write plugins for the extension to listen for cookies from additional sites.
From a systems/network perspective, we've discussed the possibility of encrypting the whole site, but this introduces additional load on servers and screws with site-indexing, assets and general performance.
One option we've investigated is to use our firewalls to do SSL Offload, but as I mentioned earlier, this would require all of the site to be encrypted.
What's the general thoughts on protecting against this attack vector?
I've asked a similar question on StackOverflow, however, it would be interesting to see what the systems engineers thought.
© Server Fault or respective owner