 |
Image courtesy of Blue Coat Photos at Flickr.com
|
The Man in the Middle attack is also known as a bucket-brigade attack, or Janus attack in cryptography. As its name explains, the attacker keeps himself between two parties, making them believe that they are talking directly to each other over a private connection, when actually the entire conversation is being controlled by the attacker. In a previous article, Don Burns explained all about the Man in the Middle attack, now you can learn about the defense. Since MITM attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other, the two crucial points in defending against it are authentication and encryption. A number of cryptographic protocols include some form of endpoint authentication specifically to prevent these attacks. For example, Secure Sockets Layer (SSL) can authenticate one or both parties using a mutually trusted certification authority. However, SSL is still not supported by many websites yet. Fortunately, there are three effective ways to defend against a man-in-the-middle attack even without SSL.
Virtual Private Network
A VPN extends a private network across a public network, e.g., the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network while benefiting from the functionality, security and management policies of the private network. You can start creating a virtual private network (VPN) by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols or traffic encryptions, such as PPTP (Point-to-point Tunneling Protocol) or Internet Protocol Security (IPsec). All data transmission is encrypted so that even if being intercepted, the attacker will have no idea about the content of the traffic. As a transfer station, the safety and reliability of the VPN server are very crucial to the security of your whole communication system. So, if you do not have a dedicated VPN server yourself, you are advised to only choose well-famed VPN server provider.
After establishing a remote VPN server, either manually or using some reliable online tool, you can follow these steps to create a Point to Point connection: First, Click “Control Panel” in the startup menu. Then, select “Network and Internet”. Go to “Network and Sharing Center” and Click “Set Up a new connection or network”. Once in the “Set Up a new connection or network” dialog, select “Connect to a workplace” and then press “Next”. In the “Connect to a Workplace” dialog, click “Use my Internet connection (VPN)”. Then, input the IP address of the VPN server and press “Next”. You will have to input your username and password, then press “Create”. And finally, Click “Connect Now”. After following these steps, all data transmission is encrypted so that even if being intercepted, the attacker will have no idea about the content of the traffic.
Proxy Server with Data Encryption
 |
Image courtesy of Defence Images at Flickr.com
|
Use a reliable proxy server and encrypt the transmission between you and the proxy. If you only want to conceal your IP address for a specific amount of time and are not concerned with the security and performance, go for the free web based proxy services. But if you have the necessity to hide IP address on a regular basis, need high security and performance, go for paid VPN services like HideMyAss VPN (one of the most popular and trusted VPN service that allows people to easily conceal IP address and protect their online privacy) or VyprVPN (world’s fastest VPN services that allows people to easily conceal their real IP)
If you want to make sure your IP is changed, type “my IP address” on Google before and after using any of the above services. Just compare both the IP addresses and make sure they are different. If yes, that means you have successfully changed your IP address.
Secure Shell Tunneling (Linux/Unix)
SSH tunnel consists of an encrypted tunnel created through SSH protocol connection. SSH tunnel can be used to transfer unencrypted traffic over a network through an encrypted channel. You can use SSH tunnel to securely transfer files between an FTP server and a client even though the FTP protocol itself is not encrypted. SSH tunnels also provide a means to bypass firewalls that prohibit or filter certain internet services.
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections. A Secure Shell (SSH) tunnel consists of an encrypted tunnel created through an SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel. Using a tool like OpenSSH on a Linux/Unix system you can tunnel all of the traffic from your local box to a remote box that you have an account on. SSH tunneling can be thought as a poor-man’s-VPN. It is handy in situations where you would like to hide your traffic from anybody who might be listening on the wire or eavesdropping. You can use such tunnel between your computer and your Unix/BSD/Linux server to bypass limits placed by a network.
No comments:
Post a Comment