Man-in-the-middle is a type of cybersecurity attack in which a bogus or malicious person slides into a conversation between two parties without knowing them. The attacker will pretend as sender and receiver for both the parties and gets the access to the confidential information without either parties knowing. An attacker can hijack the session-id which should be unique for sender and receiver, and the attacker will target the unofficial or uncertified information on the web server.
Types of Man-in-the-Middle (MITM) Attacks
Rogue Access Point
In this attack, attackers try to set up wireless access point and stratagem the nearby wireless devices to connect to its domain. The attacker does not need to be on a trusted network to manipulate the traffic of the network unless the attacker is physically close enough to the target.
ARP Spoofing
Address Resolution Protocol (ARP) can be used in spoofing on LAN (Local Area Network) which resolves the Internet Protocol (IP) addresses to Physical or Media Access Control (MAC) addresses. An attacker will act as another host which will reply to requests. The private traffic between two hosts can be attacked easily by an attacker. The extraction of intimate information from the private traffic, for instance, session tokens interchanging.
Multicast DNS Spoofing
Multicast Domain Name Server (mDNS) Spoofing is done on LAN by broadcasting. Unless the user is using and connecting to wireless devices, the spoofing attacks can occur anytime because the wireless devices such as printers, TVs and other entrainment appliances use this protocol when these devices are connected to trusted networks. The attacker will attack the devices and reply to the request of imitation information. The attacker’s device will be shown as trusted device unless local cache of addresses remain in the devices.
DNS Spoofing
Domain Name Server (DNS) Spoofing is alike ARP Spoofing. In this attack, the attacker will attack the victim by corrupting the information of the DNS cache in between two hosts by using their domain name where one host is trying to respond to another host. This will help an attacker to receive the intimate information from the victim whereas the victim does not know about sending the sensitive information to a malicious host. Now the DNS server’s address can be easily resolved on the attacker’s address by attacker because the IP address of the victim’ network has already been spoofed.
Solutions to prevent MITM Attacks
Encryption of WEP/WPA
Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA) is the standard for encryption. These standards are used on access points and it prevents from the unwelcomed users to connect to your network. The implemented encryption must be strong enough which helps to protect the network from attackers by attempting brute-force attack.
Virtual Private Network (VPN)
Virtual Private Network (VPN) is used in local area network to secure the network. It involves the key-based encryption to secure the network by creating a subnet. The attacker will not be able to decipher the traffic while VPN is enabled.
HTTPS
Hyper-Text Transfer Protocol Security is use to secure the communication by exchanging the public-private key. Most of the companies use HTTPS for their websites because it will prevent their data from attackers.