<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=698042&amp;fmt=gif">
EnvisionIT Solutions Blog Logo
Back to posts

August 14, 2019

How Managed IT Services Can Prevent and Manage a Man in the Middle Attack

How Managed IT Services Can Prevent and Manage a Man in the Middle Attack

man-in-the-middle-attackA Clark School study found that hackers attempt to get access to connected PCs every 39 seconds. One type of malicious attack they use is the man in the middle attack.

 

Yeah, this attack sounds like that game you played when you were a kid. Monkey in the Middle. You and a friend toss a ball back and forth. And your little brother is jumping to intercept.The difference is that in this “game,” the two throwers don’t know the monkey is there. The monkey can intercept the ball, take a good look at it, and toss it to either thrower. Find out more about the MITM attack, its purpose, and how to avoid it.

 

The Man in the Middle Attack

In a man in the middle attack, a hacker puts himself in a conversation between a user and an application. The attacker impersonates one of them. And he tries to make the conversation seem like a normal information exchange.

 

Related Post: What's a Network Security Audit and Why Is It Necessary?

what's-a-network-security-audit

 

The main goal of the attack is to steal some type of personal information. Login credentials, credit card information, or other account details are likely targets. Attackers target financial applications, e-commerce sites, or other sites that host sensitive information. He may attempt to use that data for identity theft, fund transfers, or to change the victim’s password.

 

Phases of the MITM Attack

What does a MITM attack look like? There are two phases: interception and decryption. We'll break down both phases of the attack below. 

 

Interception

An attacker must first intercept traffic before it reaches its destination. In each of the following cases, the attacker uses the method to get between the victim and an application.

IP (Internet Protocol) spoofing involves having the attacker disguise himself as an application. Users attempting to connect to a certain web address are sent to the attacker’s IP address instead.

 

ARP (Address Resolution Protocol) spoofing links the attacker’s hardware address to the IP address of a user on a network using fake ARP messages. Data sent from the victim to the application is sent to the attacker instead.

 

DNS (Domain Name System) cache poisoning requires the infiltration of a DNS server. The attacker alters a website’s address record on a DNS server. Users who try to access the site are instead sent to the attacker’s site.

 

Decryption

New Call-to-ActionOnce the traffic is intercepted, two-way SSL traffic must be decrypted. And the user and application can’t find out about the attack. There are some ways to accomplish this deceit.

HTTPS spoofing involves sending a phony certificate to a victim’s browser. The user’s browser is fooled into thinking it’s in a secure conversation with the application.

 

SSL hijacking requires passing a forged authentication key to the user and application. The two think they are communicating directly, but the man in the middle controls the session.

 

SSL stripping downgrades the HTTPS connection to HTTP. The victim receives an unsecured version of the site while the man in the middle keeps a secure session. The attacker can view all the data on the unsecured side of the connection.

Preventing Man in the Middle Attacks

MITM attacks often occur because of poor SSL and TLS implementations. Managed IT services provide users with optimized end-to-end encryption. Certificates are hosted on the service’s content delivery network. The certificates are optimized to prevent SSL/TLS attacks. Configurations are kept up to date by professional security to counter new threats.

IT security services also help to avoid MITM attacks with remote takeover protection. The service identifies that your screen is being captured by a man in the middle. And the service shows the hacker an isolated virtual screen.

 

The virtual screen is a visual display simulated by the security software. It denies hackers the ability to see your real desktop and shows a warning message instead. You’ve basically put up a partition with “Keep Out” scrawled across it.

Avoid Man in the Middle Attacks

Don’t let a hacker force you into a game of monkey in the middle. A man in the middle attack can result in loss of sensitive data, stolen assets, and even identity theft. Why worry about having your data compromised? Call Envision and ask about our managed IT services.

Kevin Gray
ABOUT THE AUTHOR | Kevin Gray
Hello! I am the Managing Principal @ EnvisionIT Solutions. | Technology Expert | Author | Speaker | Small & Medium Business IT Support - We founded EnvisionIT Solutions in 2007 to provide IT services and support for business owners/CEOs who value the necessity of technology to drive their success and growth.
Find me on: