Session fingerprinting can help detect when a user's session has been hijacked by a malicious attacker. A fingerprint helps uniquely identify users, for example, by using their computer's IP address.
Session fingerprinting is a mitigating control to reduce the risk of session hijacking by a malicious attacker. Enabling this control is highly recommended by Blackboard. To properly enable this control, you must enable both "Enable session fingerprinting" and "Create New Session When Fingerprinting Changes."
Configure session fingerprinting
On the Administrator Panel, under Security, select Session Fingerprint Settings. The following table describes the available fields.
|Enable session fingerprinting||Select Yes to enable session fingerprinting.|
|Log Location||The location to which changes to users' fingerprints will be logged. To view the contents of the log, on the Administrator Panel, under Tools and Utilities, select Logs.|
|Fingerprint Value||Choose which values to include in the session fingerprint: IP address, User agent, or both. To minimize multiple login prompts, it is recommended to use the IP address only, since changes to the IP address should be less frequent than changes to the User Agent.
|Filter IP Addresses||If you select IP address or IP address and user agent in the Fingerprint Value field, select Yes to exclude ranges of IP addresses from being included in the session fingerprints. This is useful for excluding trusted IP ranges. Customize the IP ranges by modifying the bb-session-fingerprint-excluded-addresses.txt configuration file.|
|Create New Session When Fingerprint Changes||
Select Yes to force a new session to be created when a user's fingerprint changes. For valid hijacking attempts, this will cause the hijacker to see the login page while the user maintains the current session. However, if any false positives occur (as mentioned above in the Fingerprint value section), the user will have to log in again. This is a tradeoff between security and convenience.
A login prompt will appear when the multiple file applet loads when you set "Create new session when fingerprint changes" to Yes.