How to Prevent Man in The Middle Attacks

Sharing confidential information and data is an essential part of modern business – quickly and easily sending emails, accessing online business applications, and retrieving data from internal databases all enable maximum productivity and competitive advantage.

However, relying on these data transmissions across internal networks and the internet presents an opportunity for hackers to intercept that traffic and access your sensitive business information.

These traffic interceptions are known as man in the middle or MiTM attacks.

Let’s explore what these attacks are, some key vulnerabilities, and steps you can take to prevent man in the middle attacks.

What is a Man in the Middle Attack?

A man in the middle (MiTM) attack is just like it sounds: a hacker uses one of a handful of methods to secretly intercept and relay communications, typically between two users or users and internal or external business applications.

When successfully executed, the hacker will be able to send fraudulent messages, eavesdrop on conversations, access private business accounts and data, or route data to third-parties who are in on the scheme.

MiTM attacks pose a serious threat to online security because, without proper protection measures, they’re easy to execute, hard to detect, and give the attacker the real-time access to sensitive information.

Given the amount of damage they can do, it’s critical for modern businesses to understand their vulnerabilities and take preventative measures to keep their IT infrastructure secure against these attacks.

MiTM Attacks: Key Vulnerabilities

Man in the middle attacks rely on a hacker’s ability to impersonate users and/or business applications both technically (“convincing” IT equipment that they’re a legitimate part of your network) and through messaging (fraudulent emails, fake websites, etc.) in order access private communications and manipulate users into sharing sensitive data.

Common threat vectors for MiTM attacks include:

• Phishing Scams

In this version of an MiTM attack, hackers will send fake emails from trusted sources like upper management or banking websites in order to manipulate users into sharing passwords and other authentication details.

A classic example of this is a fraudulent email from an attacker posing as a bank who requests login access for some seemingly valid reason (e.g. “we’ve experienced a security breach, please log in here to change your password”)

That login link then takes users to a fake version of the actual bank’s website, where the attacker can capture authentication details in order to make fraudulent withdrawals from the actual bank.

• Router Spoofing

In this method, the hacker configures his laptop as a Wifi hotspot, choosing a name commonly used in the area in order to trick users into connecting to him, thinking it’s a normal router.

Once connected, the hacker can then monitor all traffic to and from the unwitting user and capture sensitive login details, emails, and more.

This tends to be the most common form of MiTM attack.

• Malware Infections

Hackers can also initiate man in the middle attacks through malware infections – either of a user’s web browser, personal computer, or networking hardware like WiFi routers.

This is similar to router spoofing, though it can be done from remote locations and by compromising existing, trusted IT infrastructure, this method is harder to detect after the fact.

• Malicious Employees

Larger enterprises invaluable industries such as finance are especially at risk from highly-skilled internal IT personnel with malicious intents.

While this method is the least common form of MiTM attack, it’s potentially the most dangerous as it involves an attacker with intimate knowledge of a business’s security systems, policies, and procedures – meaning hacking infrastructure and faking communications is much easier.

With these vulnerability points in mind, let’s look at a few steps you can take to limit your risk of suffering from an MiTM attack.

How to Prevent Man in The Middle Attacks

Depending on the vulnerability point used, existing IT security infrastructure, and users’ knowledge of potential IT security threats, detecting man in the middle attacks can be very difficult – in this case, prevention is much better than cure.

While it’s important for larger businesses who will attract active hacking attempts  to have the right IT partner to ensure their security policies and systems protect them from MiTM attacks, here are a few steps businesses of any size can take to reduce their risk:

• Don’t allow employees to use public networks for any confidential work, or
• Implement virtual private networks (VPNs) to secure connections from your business to online applications and enable employees to securely connect to your internal private network from remote locations.
• Ensure sensitive online transactions/logins are secure with HTTPS using browser plugins like HTTPS Everywhere or Force TLS.
• Use the latest version of high-security web browsers such as Chrome, Internet Explorer, Firefox, or Safari.
• Create separate wifi networks for guests, internal use, and business application data transfers.
• Utilize authentication credentials such as tokens and other forms of two-factor authentication for sensitive accounts.
• Secure your email using SSL/TLS to protect messages in transit, and consider using PGP/GPG encryption to protect them at rest as well.
• Install an intrusion detection system (IDS) to monitor your network and alert you to unusual events like attempts to hijack traffic flow.
• Regularly audit and monitor your networks to maintain awareness of normal and unusual activities.

• Educate your employees about common IT security threats and attack vectors such as those outlined above.

Ensure Your Business is Protected from MiTM Attacks

While the protection measures above are good first steps, preventing man in the middle attacks involves securing many more vulnerabilities and implementing other highly-technical solutions – especially for large, multi-site organizations.

For example, other ways that attackers often carry out man-in-the-middle attacks include:

• Address Resolution Protocol (ARP) spoofing
• Domain Name System (DNS) spoofing
• Dynamic Host Configuration Protocol (DHCP) spoofing
• Internet Control Message Protocol (ICMP) redirection
• Spanning Tree Protocol (STP) mangling
• Route mangling
• Port stealing
• Traffic tunneling

And state-of-the-art methods and tools for securing your business against these attacks, like Advanced Address Resolution Protocol (XARP/ARPOn), Dynamic Host Configuration Protocol (DHCP), and IDSs are best implemented and managed by IT professionals.

If your in-house team lacks the resources to conduct a thorough security audit and implement more advanced measures, contact an IT consulting firm to ensure your business is protected against man in the middle and other common IT security threats.

 

 

---

Also published on Medium.