Changes

Jump to: navigation, search

An Overview of IT Security Threats and Attacks

1,394 bytes added, 19:28, 13 February 2008
Man in the Middle Attacks
== Man in the Middle Attacks ==
 
Man-in-the-middle attacks are perhaps one of the more complex and sophisticated forms of security breaching approaches. As the name implies, such an attack involves the surreptitious placement of a software agent between the client and server ends of a communication. In this scenario neither end of the communication is aware that the malicious agent is present in the line of communication. For the most part, the man in the middle simply relays the data transmissions between client and server as though nothing is happening. What is generally happening in parallel with this process is that the agent is also recording the data as it is passed through. This results in a third party having access to a variety of different types of data, from login and password credentials to proprietary and confidential information. It is also possible for the man-in-the-middle agent to modify data "on the fly" causing untold problems for the victim.
 
Man-in-middle attacks have increased considerable since the introduction of wireless networking. Now ther is no need for the rogue to connect to a wire, instead the data can simply be intercepted from anywhere within range of the wireless signal (such as in the parking lot outside an office or the road in front of a house).
 
The best way to avoid such attacks is to use encryption and secure protocols in all communications.
 
== Replay Attacks ==

Navigation menu