Security & Compliance(MITM)

Controls that a company implements to protect its assets and meeting the standards that a third-party has set forth as best practices.

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application — either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required.

Attacks:

  • IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.

  • ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.

  • DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.

Prevention

  • Paying attention to browser notifications reporting a website as being unsecured.

  • Avoiding WiFi connections that aren’t password protected.

  • Immediately logging out of a secure application when it’s not in use.

  • Not using public networks