Interface Blogs

In relation to security, one of my favorite concepts to educate on is MITM (man in the middle) attacks. The message is powerful... deliberate and exacting - you can capture all of the logins https or not, rdp traffic, I love it! When showing this everything is encapsulated within a small network with a switch, router a few clients going out to the web. I have found though, one of the critical pieces of information that I am trying to illustrate is not being made with all alacrity. Many assume that this is only if the attacker is on their network. This is a extremely incorrect assumption and dangerous as well. The attacker system can be on their network, the server's network and any network between the two. If an attacker is not in control of a system or network en-route, a sophisticated network attack can be used to reroute traffic through the networks that are under their influences. These attacks maybe route table poisoning, network redirection using ICMP or loose source routing. With packets being forwarded through where they can administer MITM attacks, they can perform authentication or application layer attacks without the detection of IDS/IPS that are present on the networks that client and server are attached. Even with TLS MITM there is little detecting the forging of a SSL authentication. We seriously can only help to stop this by educating users as to the appropriate rejection of certificates whose properties do not match through our organization security policies and user awareness training.

Happy Holidays