Difference between revisions of "Deal with a Man in the Middle Attack"
(importing article from wikihow) |
m (Text replacement - "[[Category:K" to "[[Category: K") |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
The terminology man-in-the-middle attack (MTM) in internet security, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. For example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle. You'll come to terms with what this attack involves and how to deal with it by reading through this article. | The terminology man-in-the-middle attack (MTM) in internet security, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. For example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle. You'll come to terms with what this attack involves and how to deal with it by reading through this article. | ||
| − | [[Category:Keeping Safe Online]] | + | [[Category: Keeping Safe Online]] |
== Steps == | == Steps == | ||
# Understand how to counteract this type of attack. Since a man-in-the-middle attack (MTM) can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other, the two crucial points in defending against MTM are authentication and encryption. A number of cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority. However, SSL is still not supported by many websites yet. Fortunately, there are three effective ways to defend against a man-in-the-middle attack even without SSL. These methods are able to encrypt the data traffic between you and the server you are connecting to, and also include some kind of end-point authentication. Each method is broken down in the following sections. | # Understand how to counteract this type of attack. Since a man-in-the-middle attack (MTM) can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other, the two crucial points in defending against MTM are authentication and encryption. A number of cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority. However, SSL is still not supported by many websites yet. Fortunately, there are three effective ways to defend against a man-in-the-middle attack even without SSL. These methods are able to encrypt the data traffic between you and the server you are connecting to, and also include some kind of end-point authentication. Each method is broken down in the following sections. | ||
