How To Prevent MITM Attacks?

MITM attacks can really overwhelm you just by hearing its basic concept, but that doesn’t mean they are impossible to avoid. PKI technology can help protect you from some of the types of attacks we discussed above.

S/MIME

Secure/Multipurpose Internet Mail Extensions, or S/MIME for short, encrypts your emails at rest or in transit, ensuring only intended recipients can read them and leaving no spaces for hackers to slip their way in and alter your messages.
Additionally, S/MIME lets you digitally sign your email with a Digital Certificate unique to every person. This ties your virtual identity to your email and gives your recipients the assurance that the email they received actually came from you (as opposed to a hacker who access your mail server). You can see how this could have been helpful in the Europol example discussed earlier. While the hackers had access to the companies’ mail servers, in order to digitally sign the messages, they would have also needed access to employee private keys, which are generally securely stored elsewhere. Standardizing on digitally signing messages and educating recipients to only trust messages from your company that have been signed can help differentiate legitimate emails from those that have been spoofed.

Authentication Certificates

Hackers will never go away, but one thing you can do is make it virtually impossible to penetrate your systems (e.g. Wi-Fi networks, email systems, internal networks) by implementing Certificate-Based Authentication for all employee machines and devices. This means only endpoints with properly configured certificates can access your systems and networks. Certificates are user-friendly (there is no additional hardware to manage or much user training needed) and deployments can be automated to make things simple for IT and make them hackers split their hair, as the cool kids would say.

What Is HTTP Interception?

HTTP is the most common internet protocol. Most of the things we do online are implemented on HTTP, from the usual web browsing to instant messaging. Unfortunately, HTTP communications are unprotected and relatively easy to intercept, making them a prime target for MITM attacks. As mentioned earlier, hackers can sit between end users and the website they’re connected to and eavesdrop on their communications, including any information they submit to the website, without them having any idea.
How Do You Prevent HTTP Interception?

SSL/TLS Certificates

If your website still uses the more vulnerable HTTP protocol, it’s time to upgrade to the safer HTTPS protocol through SSL/TLS Certificates. A TLS Certificate will activate the HTTPS protocol, which is the safer version of HTTP. This allows an encrypted, secure connection between your server and your clients’ computers, keeping all information from prying hackers.
TLS Certificates can also bind together your domain name and your organizational identity if you get an Organization Validated (OV) or Extended Validation (EV) level certificate. EV Certificates bring your identity information front and center by displaying your organization name right in the URL bar. This can boost trust among your visitors that your site is legitimately operated by your company and not an imposter site.

System and Server Configurations

Don’t sit on your laurels just yet. Once TLS is up and running, you need to do some configuring. Make sure your website doesn’t have any mixed content or any page element loading over an HTTP protocol (e.g. photos, scripts, widgets) to avoid leaving a backdoor for aspiring hackers. It’s also good practice to make sure any links you are pulling in from other sites are via HTTPS. Make sure your login forms are HTTPS-protected to avoid credential hijacking. Mozilla is already doing a great job preventing users from filling up forms under HTTP protocols by “unsecure connection” warning prompts and a slashed padlock icon. Make sure all hyperlinks contained in your website all use the HTTPS protocol.
It’s also important to make sure you have your server configured correctly (e.g. using the current best practices for protocols, algorithms, etc.). For example, you should make sure you have SSL2, SSL3, and TLS1 protocols disabled; only TLS 1.1 and 1.2 should be enabled. There are many other configuration items to consider and recommended best practices are continually changing as new vulnerabilities are discovered. GlobalSign’s SSL Server Test is an easy-to-use and thorough tool for making sure your server is properly configured.

HSTS over HTTPS

As discussed above, hackers have found ways to get around TLS. For example, even if you request an HTTPS connection (e.g. you type in https://www.example.com), they can change the request to HTTP so you go to http://www.example.com, preventing the encrypted connection. Implementing HTTP Strict Transport Security or HSTS can help prevent this type of attack. This web server directive forces any web browser or app to connect to HTTPS and block any content that uses HTTP as its protocol. HSTS will also prevent hackers from extracting information from your browser cookies, effectively defending your website from session hijackers.

Comments

Post a Comment

Popular posts from this blog

HOW TO BUILD YOUR OWN BAD USB

Image
Make Your Own Bad USB Introduction Most common USB flash drives are exploitable due to the "BadUSB" vulnerability. This allows us hackers to reprogram the microcontroller in them to act as a human interface device (HID), e.g., a keyboard, and perform custom keystrokes on our target machine. This scenario is often called an "HID Payload Attack," since you have to hand over your script to the Bad USB for the execution (more on that later). Even though almost every USB flash drive is exploitable, the only released reprogramming method is for "Phison" microcontrollers. In this tutorial, we are going to determine the microcontroller of your USB flash drive, compile the source code published in GitHub for the tools we need, and move over to building a custom firmware with an embedded HID payload that will turn our harmless USB flash drive into a malicious keyboard designed to help us compromise our victim machine. The process is kind of like compiling a...
Read more

CLASSIFICATION OF COLLOIDS

Comparisons of multimolecular, macromolecular and associated colloids are as follows: MULTIMOLECULAR COLLOIDS MACROMOLECULAR COLLOIDS ACCOCIATED COLLOIDS They are formed by the aggregate of a large number of atoms or molecules which generally have diameters less than 1nm, e.g. Sols of gold, sulpher etc. They are molecules of large size e.g. polymers like rubber, nylon, starch. They are formed by of aggregation of a large number of ions in concentrated solution e.g. soap sol. Their molecular masses are not very high. They have high molecular masses. Their molecular masses are generally high. Their atoms or molecules are held together by weak vander Waal’s forces. Due to long chain, the vander Waal’s forces holding them are comparatively stronger. Higher is the concentration; greater are the vander Waal’s forces. They usually have lyophilic character. They usually have lyophobic character. Their molecules contain both lyophobic and lyophilic ch...
Read more