Man in the Middle - Hacker's Playground

Abstract

AbstractThere has been an increase in potential sources of threats to the security of information systems and dataof governments, companies and individuals in the present day, due to the growing number ofinformation systems types and devices, the expanding availability of freely-downloadable open sourcetools, the degree of interconnectivity made possible by the internet, and the concentration of more selfhelppower in the hands of individual end users. A numerically-insignificant number of the totalpopulation of information systems end users is made up of black hat users who have caused significanteconomic losses and reputational damages for organizations and governments through exploitation ofsecurity vulnerabilities. One of the most common and widespread security threats is that of Man-in-the-Middle (MitM), which has remained a major source of concern to security professionals for many years,and continues to pose a threat to information security as the focus of attack continues to be data, and theblack hat users continue to look for new ways to circumvent security safeguards implemented forexisting technologies and countermeasures planned for new and emerging technologies. Many papershave been written about Man-in-the-Middle attack, that have described different kinds of such attacksand explained solutions to the attacks but not illustrated how the attack can be carried out and showedhow the risks arising from such attacks can be mitigated. This paper presents a step-by-step account ofone way in which MitM attack can be realized and how the confidentiality and integrity of data can beprevented from being compromised through use of PKI (Public Key Infrastructure).