Man-in-the-Middle Attacks

For you to see this web page, your web browser asked a web server for the appropriate information, received it, and presented it to you. Do you know who owns the web server? Where there any witnesses to the transaction?

When you’re reading a blog, questions such as these are generally irrelevant, but that changes when you visit your bank account online. Similarly, in a corporate environment, access credentials and trade secrets are compromised if unfriendly eyes can see network activity.

How it Works

A Man-in-the-Middle attack involves a hostile computer placing itself in the line of communication between you and the other, and impersonating each to the other. It sees everything the two computers send to each other, and can either modify the content or retain it for future reference. Encryption wouldn’t solve the problem because each of the legitimate computers would be carefully ensuring the privacy of its communication with that hostile computer.

Note that the hostile computer can be a pseudo-computer within a legitimate one. All it takes is the wrong software.

What to Do

When using a web browser, the first step in protecting yourself is to ensure that when you are entering or viewing sensitive information, your web browser is using a secure protocol. You can do this by looking at the address bar. Do not proceed if you see http:// before the web site name. If on the other hand, you see https://, your web browser has established an encrypted connection and, if using certain web browsers, has ascertained that the other computer is a web server belonging to the owner of the website.

It is vital that such websites are disallowed in a corporate environment. Software such as BrowseControl can effectively eliminate such threats and enforce IT policies regarding choice of web browsers and email clients.

Be wary of any WiFi signal that is unexpectedly strong, such as at a significant distance from your home router, or weak such as in close proximity to it. A hacker may be using their computer to emulate the router.

Don’t use any WiFi hotspot unless you can identify the owner.

Sai Kit Chu
Sai Kit Chu
Sai Kit Chu is a Product Manager with CurrentWare. He enjoys helping businesses improve their employee productivity & data loss prevention efforts through the deployment of the CurrentWare solutions.
Get Your Free Removable Media Policy Template

Get Your Free Removable Media Policy Template

Download this FREE removable media policy template to help protect the sensitive data in your custody.

👉 Set data security standards for portable storage

👉 Define the acceptable use of removable media

👉 Inform your users about their security responsibilities

Here's Your Free Template!

Pin It on Pinterest