Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u540484907/domains/icssindia.in/public_html/blogs/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the hueman domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u540484907/domains/icssindia.in/public_html/blogs/wp-includes/functions.php on line 6114
What is MITM ? How to Attack & Prevent ? - ICSS BLOG

What is MITM ? How to Attack & Prevent ?

Man-in-the-Middle Attack

The MITM or Man in the middle attack is considered an active attack where an attacker creates a connection between the targets. Man in the middle attack is a risk to your privacy.

In this attack, victims think that they are communicating with each other, but in reality the attacker control and monitor all the traffic. Attacker impersonates a legitimate user to both the targets. The attacker sits between the victims and all the traffic goes through him so he can do whatever he wants with the data.

The purpose of this attack is to steal private information like passwords, Account information, Credit card details, etc.

MITM attack gives privilege to the attacker to intercept the information and send any information to the victims.

For making our communication secure we must ensure the following three attributes.

  1. Confidentiality – Only the authorized user is able to access the information.
  2. Integrity – Information should not be altered by an unauthorized person.
  3. Authenticity – Only authentic users are able to communicate.

Following are some software which is used for Man in the middle.

  • Ettercap
  • Air Jack
  • Cain and Abel
  • WinSniff
  • Evilgrade

Prevention

  • Man-In-The-Middle can be prevented by using SSL/TLS. This allows a secure encrypted connection between your system and your server, transmit all information in an encrypted way.
  • Do not perform any sensitive or financial transaction while using an open or public Wi-Fi connection because most of the times open connection are not safe.
  • Sign off immediately from your account when you are not using it. If you left it open then your session can be hijacked.
  • Do not use any website if you see any alerts or warning pop up message that the website is not secure.
  • Always verify “HTTPS” with “S” in URL of the website that you want to surf.

Following are some types of Man in the middle attack

  • IP spoofing
  • DNS spoofing
  • HTTPS spoofing
  • Wi-Fi Eavesdropping
  • Email Hijacking
  • SSL Hijacking

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *