Man-in-the-middle attacks (MITM) attack occurs when a hacker inserts itself between the communications of two parties to gain access of private information. The attack usually takes place in between two communicating hosts, allowing the attacker to “listen” to a conversation they should not be able to listen to, consequently the name “man-in-the-middle.”
Example: Dr. David and his front desk representative Vickie are having a conversation about new patient; Jane the new hire from a rival practice wants to eavesdrop on the conversation and stay transparent. Jane could try to trick Dr. David that she was Vickie and tell Vickie that she was Dr. David. This would let Dr. David to believe that he’s speaking to Vickie, while revealing his side of the conversation to Jane. Jane could then gather info from this, and change the response, and pass the message along to Vickie (who thinks he’s talking to Dr. David). As a result, Jane can steal their conversation.
Best Practices to Prevent Man-in-the-Middle Attacks
- Use Strong WEP/WAP Encryption on Access Points
WEP/WAP has a strong encryption mechanism on wireless access that prevents unwanted users from joining your network.
- Use Strong Router Login Credentials
If a hacker can find your router login information, they can infect your router with malicious software.
- Use Virtual Private Network
VPNs can create a secure environment for sensitive information. They key-based encryption to create a subnet for secure communication.
- Force HTTPS
HTTPS can securely communicate over public-private key exchange. This prevents an attacker from sniffing data.
- Use Public Key Pair Based Authentication
Public key pair based authentication like RSA can be used to ensure the things you arelooking to communicating are actually been communicated.
- Don’t Join public or free WiFi connections