Introduction To Cyber Security(VIII): The OSI Model.
Session Layer
This is the fifth layer of the OSI Model, it’s called the Session Layer.
The session layer creates the setup, controls the connections, and ends the teardown, between two or more computers, this is called a "session". The session layer establish, manage and terminate sessions between local and remote application. It also maintains any connection it establishes and is responsible for the control of both ports and sessions. In case a connection is open for too long, the session layer closes and re-opens it.
Name resolution protocols like DNS, exist in the session layer. And since it does, some of its functions include;
User logins(establishment of session)
Name Lookup (management of session)
User logoff(termination of sessions)
An example of the session layer is the X.225.
Some functions of the session layer are;
Connection Establishment and Release: The session layer allows two sides to establish a connection and this connection is known as a session.
Dialogue Control: This provides a mechanism to negotiate the type of dialogue and control which side has the turn or the token to send data or to perform some specific actions.
Synchronization and re-synchronization: This can be used to create a point at which the application already recognizes and when the system becomes faulty and leads to failure or a crash, the application reads the point at which it stops and reboots from that point.
etc.
The session layer is prone to various cyber-attacks, some of which are;
Cross-Site Scripting
Session Hijacking
Malware and unwanted application installation
DDoS
Brute Force attacks
One of the ways to protect this layer from such attacks is by enforcing the use of encryption tools, especially HTTPS.
Some of its protocols are;