Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

With regard to network security, what is a man-in-the-middle attack?

In a man-in-the-middle attack, a malicious user somehow manages to sniff out network traffic between two computers and then attacks either end of the transmission. The phrase "man-in-the-middle" comes not from any physical placement (the "man" can be a thousand miles away from the two "ends" that sit within feet of each other in the same room or building) but rather from the fact that communications from one end go through the malicious user's computer before proceeding to the other end.

The man-in-the-middle scenario is dangerous because the malicious user can either invisibly gather information flowing between the two endpoints, or suddenly pretend to be one of the endpoints and fool the other into passing sensitive information to what the endpoint user thinks is a trusted computer. For example, if a bank or credit card web site doesn't implement good security precautions, a man-in-the-middle attack could intercept the bank or credit card information from a user communicating with the site.

The man-in-the-middle scenario is an old one; the following defenses have been developed:

  • Encryption: If the traffic is well encrypted, and only the endpoint users or computers have the necessary keys to decrypt the information, the man-in-the-middle attack becomes useless, as any intercepted information will be unreadable.

  • SSL/TLS: SSL (Secure Sockets Layer) and TLS (Transmission Layer Security) are two protocols for securing data transmitted between two computers. They work by authenticating clients and servers to each other via certificates issued by trusted certificate authorities, and by encrypting the traffic between them. (For more about these protocols, see What are secure web sites and SSL certificates? and What is the difference between SSL and TLS?)

  • Secure routing: The use of secure routing practices, such as assembling Access Control Lists and enabling routing filtering to sensitive or critical servers, can deter external malicious users.

  • Securing connections: Connections can be secured in several ways. At Indiana University, for example, the wireless network is secured by requiring VPN connections, which encrypt traffic and require users to authenticate.
This is document atxg in domain all.
Last modified on May 13, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.