2 cissp ® Official Study Guide Eighth Edition


Man-in-the-Middle Attacks



Download 19,3 Mb.
Pdf ko'rish
bet701/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   697   698   699   700   701   702   703   704   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Man-in-the-Middle Attacks 
A
man-in-the-middle (MITM) attack
occurs when a malicious user can gain a position 
logically between the two endpoints of an ongoing communication. There are two types of 
man-in-the-middle attacks. One involves copying or sniffi ng the traffi c between two par-
ties, which is basically a sniffer attack as described in Chapter 14. The other type involves 
attackers positioning themselves in the line of communication where they act as a store-
and-forward or proxy mechanism, as shown in Figure 17.3 . The client and server think 
they are connected directly to each other. However, the attacker captures and forwards all 
data between the two systems. An attacker can collect logon credentials and other sensitive 
data as well as change the content of messages exchanged between the two systems. 
Man-in-the-middle attacks require more technical sophistication than many other 
attacks because the attacker needs to successfully impersonate a server from the perspec-
tive of the client and impersonate the client from the perspective of the server. A man-in-
the-middle attack will often require a combination of multiple attacks. For example, the 
attacker may alter routing information and DNS values, acquire and install encryption 
certifi cates to break into an encrypted tunnel, or falsify Address Resolution Protocol (ARP) 
lookups as a part of the attack. 

Implementing Detective and Preventive Measures 
755
F I g u R e 17. 3
A man-in-the-middle attack
MITM Attacker
Client
Server
Perceived Connection
Some man-in-the-middle attacks are thwarted by keeping systems up-to-date with 
patches. An intrusion detection system cannot usually detect man-in-the-middle or hijack 
attacks, but it can detect abnormal activities occurring over communication links and raise 
alerts on suspicious activity. Many users often use virtual private networks (VPNs) to avoid 
these attacks. Some VPNs are hosted by an employee’s organization, but there are also sev-
eral commercially available VPNs that anyone can use, typically at a cost.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   697   698   699   700   701   702   703   704   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish