Man-in-the-middle attack

In this blog post the reader will come across information on Man-in-the-middle attack. I have chosen this topic because I find attacks interesting, and people must know about them in order to prevent from them. I think that this topic is highly relevant to the IT security, because it is an action which might be taken for breaking the network security to bring the performer with a lot of benefits.

The man-in-the-middle attack (often called MITM), bucket-brigade attack, or sometimes Janus attack is part from the cryptography. It represents a form of active eavesdropping¨, where the attacker makes independent connections with his victims and changes the messages in their conversation, making the victims believe that they are talking directly to each other, when actually the entire conversation is controlled by the attacker. The performer of the attack must be able to control and change all the messages exchanged between the victims in the progress of conversation. As an example of man-in-the-middle attack, is the situation where the attacker is in the range of an unencrypted Wi-Fi wireless access of a reception and intercepts it, inserting him as a man-in-the-middle.

A man-in-the-middle attack is an attack on mutual authentication, meaning that it can only succeed when the attacker tricks (if decided) and satisfies the both endpoints of the conversation. For preventing MITM attacks, most cryptographic protocols have some kind of form of endpoint authentication. As an example, SSL authenticates the server using a mutually trusted certification authority.

¨Eavesdropping is the act of secretly listening to the private conversation of others without their consent   

References:

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

 http://technet.microsoft.com/en-us/library/cc959354.aspx

Advertisements
This entry was posted in IT Security, Week 17. Bookmark the permalink.