_Man In Middle Attack
A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.
The attack gets its name from the ball game where two people try to throw a ball directly to each other while one person in between them attempts to catch it. In a man in the middle attack, the intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it. Man in the middle attacks are sometimes known as fire brigade attacks. The term derives from the bucket brigade method of putting out a fire by handing buckets of water from one person to another between a water source and the fire. There are plenty of attacks that can happen which will expose the data on your computer but a man in the middle attack is one of the simplest to pull off. All you have to do is to know the right software to use and be at the right place at the right time. And that is the key to the whole situation. This type of attack is known as a physical attack. The person has to be there to be able to intercept the data.The attack starts off by having a person go to a place where there is wireless data transmitting. While there are man in the middle attacks for wired networks most of the man in the middle attacks these days focus on wireless networks. So once they are there, they set up their own access point that looks like the access point that the person who is sending the data usually connects to. Since most people are used to a routine, that person is not going to do a thorough check on whether it is the right access point or not. They just need the name to be the same. Once they connect the fake access point in the middle, the access point takes the data, siphons it, and then sends it to the real destination. That way they have a copy of the data that is being sent but it is also going to the real destination so that the person sending it does not get suspicious. To their eyes, the data is being sent back and forth just like it normally would. They are not aware that someone is in the middle taking the data for their own purposes. Article source: http://searchsecurity.techtarget.com/definition/man-in-the-middle-attack Article source: http://www.security-faqs.com/your-company-may-be-vulnerable-to-a-man-in-the-middle-attack-how-can-you-stop-it.html |
|
