Man in the Middle attack

wsnellwsnell Member Posts: 10 ■□□□□□□□□□
in Security+
Can someone explain countermeasures to prevent a man in the middle attack?
· Share on FacebookShare on Twitter

Comments

  • WebmasterWebmaster Admin Posts: 10,292 Admin
    It's basically using encryption to either encrypt the data so if it is intercepted it can't be read, or use hash encryption so the receiver can verify the data hasn't been tampered with. Dynamically changing session keys can also be used, in combination with a VPN (tunnel with only two ends, so noone 'in the middle') for example. Server authentication through SSL and certificates is also an option (so if you want to connect with a server you can verify its certificate first to be sure it is actually the server you think it is.)
    LinkedIn - FaceBook
    · Share on FacebookShare on Twitter
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Your best route is to go with a VPN if you have very valuable data. Other methods can still be exploited. It is possible to create fake certificates and perform a MITM attack against SSL, though it takes advantage of less knowledgable users who click "Ok", after their browser tells them the certificate isn't valid.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.