Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

With regard to network security, what is a man-in-the-middle attack?

A man-in-the-middle attack is an abstract concept wherein a malicious user, or process, listens to a communication channel shared between two parties. The phrase "man-in-the-middle" derives from the mental model of a person listening in on a communications line without either endpoints (e.g. the caller and callee) recognizing this.

The man-in-the-middle scenario is quite dangerous in terms of network security, as it opens up two possible attack vectors on a compromised system. First, it allows a malicious user to monitor all information flowing out of a particular machine, whether credit card information, personal identification numbers, or social security numbers. Second, the malicious user can mimic the compromised machine on a network, and thus impersonate the original user in hopes of obtaining private information.

The man-in-the-middle scenario is an old one; the following defenses have been developed:

  • Encryption: If the traffic is well encrypted, and only the endpoint users or computers have the necessary keys to decrypt the information, the man-in-the-middle attack becomes useless, as any intercepted information will be unreadable.

  • SSL/TLS: SSL (Secure Sockets Layer) and TLS (Transmission Layer Security) are two protocols for securing data transmitted between two computers. They work by authenticating clients and servers to each other via certificates issued by trusted certificate authorities, and by encrypting the traffic between them. For more about these protocols, see What are secure web sites and SSL certificates? and What is the difference between SSL and TLS?

  • Secure routing: The use of secure routing practices, such as assembling Access Control Lists and enabling routing filtering to sensitive or critical servers, can deter external malicious users.

  • Securing connections: Connections can be secured in several ways. At Indiana University, for example, the wireless network is secured by requiring WPA2-Enterprise encryption and strong authentication.

  • VPN (Virtual Private Network): Connections can be further secured using a VPN connection. For more information on VPN service at IU, see The basics of VPN at IU.
This is document atxg in domain all.
Last modified on February 01, 2011.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.