I remember as a child trying to eavesdrop on conversations I would hear in school. They usually were centered around who kissed whom or who had a crush on someone. As an adult, like most others, I still listen in on other people’s conversations from time-to-time. Usually this happens when you’re standing in line somewhere, and it is hard to not listen in on the people next to you. After talking with a colleague over the weekend about man-in-the-middle (MITM) attacks, I found some similarities to the more typical activity of eavesdropping on others conversations.
MITM attacks occur when a
hacker steps in front of the data being transmitted and intercepts the
communication without anyone noticing. Think of it like the old wiretapping you
would see in spy movies: most of the time, each party would share the
information on the phone without any knowledge of the person listening in.
You might not think that
you are transmitting data worth intercepting, but you are.
Everyone is.
Protect Your Neck
In the old days, if
someone were to manipulate your secrets, it could earn you a one-way ticket to
the chopping block, or at least a giant red letter sewn into your clothes. Sure, humiliation is nothing new, but
death? You’ve got me there, but if someone
has access to your private data, they could still cause you a great deal of
pain. There are, however, many methods of man in the middle attack defense that
you can use to protect your data from those on the hunt for a good MITM treasure-trove.
SSL
SSL (Secure Sockets Layer)
is a security standard that is widely used as a barrier designed to protect
information that is being transmitted over the internet. This standard creates an encrypted link amidst
the server and client, and is typically seen used in websites and email.
SSL
is enabled to protect sensitive data like credit card numbers, social security
numbers, and login information. With SSL, this information can be transmitted
freely with a level of security that encrypts the data from prying eyes. When
SSL is not in use, the information is being sent from browser to server in
plain text, which is very easy to manipulate and steal. If the hacker wishes,
they are able to intercept the unencrypted information very easily.
Recently
there was news of Microsoft blacklisting improperly used SSL certificate
for the Finnish site “live.fi”. Microsoft pointed out that this domain was
issued to an unauthorized third party and feared that the certificate could be
used to launch unforeseen attacks.
Certificate-Based Authentication
Certificate-based
authentication is another great way to secure information. This form of
authentication managed in-house on premises. Typically, Certificate-based
authentication is done via Active Directory. This set-up ensures that the end
user is registered to access the protected information associated with the
certificate. Furthermore, the site you
are inputting the data into will not see the login information, which prevents
your identity from being revealed to the website.
Certificates are substantially more secure than just
passwords because they are portrayed as an array of characters that are
calculated and often too complex to memorize. This form of authentication is
often performed by the registered device or USB token and activated when the
registered user enters their information correctly. As a result of this process,
a computer must perform the authentication. Fortunately all popular browsers
handle certificates and the associated math.
Antivirus Software
Antivirus software is the
classic go to when protecting any device against a slew of threats. Most
antivirus software is attached to a continually updating database, and will
protect you against the obvious known viruses, malware, and spyware. This is an
excellent way to protect the device itself against hacking attacks and should
always be installed and enabled. It is also important to be sure that any and
all mobile devices or tablets are also running antivirus software for
protection.
It is best to talk to a
security expert about your individual authentication needs. Everyone’s
situation is different, and proper security often varies on a case-by-case
basis. A security expert will be able to
discuss potential vulnerabilities, and solutions for defending them. You may benefit from implementing an inclusive turnkey solution with
customizable options. The choice is
yours, but security must be a priority.
MITM attacks can cost citizens
and businesses thousands, if not millions or billions of dollars in lost funds
and information. Unfortunately, there is
no way to protect your conversation from my wandering ears while standing in
line at the grocery store. There are
definitely methods of man in the middle attack defense, however, that you can
implement to protect your data online from ending up in the wrong hands.
No comments:
Post a Comment