Man-in-the-middle attack & amp; defense methods

Man-in-the-middle attack & defense methods

One very interesting thing about network security is that, as technology changes, the old network attack methods will be used again. Just like MiTM ). The objective of this attack is to put an attacker in the middle of a wired or wireless connection. However, with the development of cloud computing, Internet of Things (IoT), BYOT, and other network technologies, attackers have begun to find new ways to reuse old attacks. Below are various methods of MiTM attacks that every professional network engineer should know.

MiT-cloud (MiTC)

Over the past few years, cloud computing has become increasingly popular. A common cloud service is cloud storage, which is widely used by many enterprises. These cloud services make data transmission and storage very simple. Participants in this field include Dropbox, OneDrive, and Google Drive. In general, these services do not require you to log on again every time you use the service, because after verification, it retains the session token (token) on your local system ). MiTC is the session management used. If attackers obtain your tokens, they can access your account, so that they can steal your data and change file information, or upload malware to infect your computer.

MiT-browser (MiTB)

When was the last time you wrote a check? I mean, most people today use online banking. When the MiTB attack occurs, attackers will induce you to download the Trojan horse (Trojan ). Once you access a specific financial or banking website, malware will inject new HTML code into the page you visit, then you are induced to enter the SSN, atm pin, or bank route code. MiTB will directly integrate itself into the web page and maintain the original domain name and SSL settings, which looks the same as the real web page.

MiT-mobile (MiTMO)

Attackers not only target desktops and laptops. Many users may perform transfers and payments on their smart phones, which creates more opportunities for attackers. This is why MiTMO is getting more and more attention. This attack focuses on mobile transaction verification codes (mTANs) and other types of transaction verification codes. This type of man-in-the-middle attack intercepts SMS traffic, captures the code, and forwards it to attackers. MiTMO brings great challenges to the out-of-band authentication system.

MiT-app (MiTA)

I don't know if you are the same as me. I still remember the previous life of a smart phone. At that time, you may have a lot of inspiration. Now these ideas have been replaced by smart phones. With the development of smartphones, applications surge rapidly. If the application does not perform valid certificate verification, it will give the MiTA attack opportunity. MiTA will allow attackers to insert a self-signed certificate to communicate with the application. The principle is to extend the MiTM attack mode by using applications to Process Trust.

MiT-IoT

As more and more users and enterprises begin to adopt IoT, more and more attention is being paid to MiTM attacks. One type of attack is MiT-IoT, which uses passing trust and poor certificate verification. For example, an IoT refrigerator that displays users' Google calendars finds that the SSL certificate is not verified. Attackers can exploit this vulnerability to install an MiTM attack and steal users' Google certificates.

Each attack mentioned above is a challenge for network security professionals. However, there are some ways to reduce these attacks. The specific method is as follows:

• Strengthen network infrastructure through dynamic ARP detection, DHCP Snooping, and other control operations

• Transmission encryption: SSL and TLS can prevent attackers from using and analyzing network traffic. Companies like Google Now have advanced website search engine optimization, and HTTPS is provided by default.

• Use CASBs (cloud Access Security Proxy): CASBs provides a range of functions such as encryption, access control, exception protection, and data loss protection.

• Create RASP (Real-time application self-protection): This is a new concept built into applications to prevent real-time attacks.

• Prevent Self-signed certificates: Self-signed certificates are easily forged. However, there is no mechanism to revoke them. Therefore, use a certificate provided by a valid certificate authority.

• Force use of SSL pinning: This is another way to defend against MiTM attacks. Using a certificate provided by a valid certificate authority is the first step. It verifies the validity of the certificate provided by the server by returning a trusted root certificate and matching the host name. SSL pinning can be used to verify that the client checks the validity of the server certificate.

• Install DAM (database activity monitoring): DAM can monitor database activities and detect tampered data.

The MiTM attack is a great challenge. It uses the trust between the user and the server that the user connects. The danger of such attacks lies in the fact that users think their connection is safe. Only when we begin to realize that the danger of such an attack actually exists and spend a lot of time controlling it, for example, encryption, proper verification, powerful application verification, and system tampering detection can defend against MiTM attacks.