Cyber threats seem to be everywhere. Viruses, malware, ransomware, and phishing all receive a lot of attention, but risk often overlooked is a Man-In-the-Middle (MITM) attack. This is despite the alarming fact that they are one of the most prevalent threats out there.
网络威胁似乎无处不在 。 病毒,恶意软件,勒索软件和网络钓鱼都引起了很多关注,但通常被忽视的是中间人(MITM)攻击。 尽管令人震惊的事实是,它们是目前最普遍的威胁之一。
什么是中间人攻击? (What is a Man-In-the-Middle attack?)
A MITM attack is essentially an eavesdropping situation in which, as it sounds, a third party secretly inserts itself into a two-party conversation to gather or alter information. Unauthorized access can occur because of inadequate network protections, phishing, or lousy user habits. When MITM malware installs itself onto your computer or network, it gains the ability to spy on and record sensitive information.
MITM攻击本质上是一种窃听的情况,在这种情况下,第三方听起来像秘密地将自己插入两方对话中以收集或更改信息。 由于网络保护不足,网络钓鱼或用户习惯不良,可能会发生未经授权的访问。 当MITM恶意软件自行安装到您的计算机或网络上时,它便具有监视和记录敏感信息的能力。
MITM malware is also sometimes responsible for altering information between servers. For example, if an employee logs onto a network using their usual username and password, the MITM software could change that information and lock the employee out of their account. The malware can go on to further infiltrate, steal data, or in cases where the hijacked account has access to finances, assets such as money or goods.
MITM恶意软件有时还负责更改服务器之间的信息。 例如,如果员工使用其通常的用户名和密码登录网络,则MITM软件可以更改该信息并将该员工锁定在其帐户之外。 该恶意软件可以继续渗透,窃取数据,或者在被劫持的帐户可以使用财务,资产(例如金钱或商品)的情况下。
Speaking of finances, by using MITM tools, a hacker could spoof a DNS address for a bank and reroute employee attempts to log in to a legitimate bank account and send those login attempts to a fake site. From there, account usernames and password data can be collected for later (or immediate) exploitation.
说到财务,黑客可以使用MITM工具欺骗银行的DNS地址,然后将员工尝试重新登录到合法银行帐户的路由重新发送到假站点。 从那里,可以收集帐户用户名和密码数据,以供以后(或立即)利用。
MITM attacks within your network have the potential to cause serious trouble. Here are some methods for handling Man-In-the-Middle situations.
网络中的MITM攻击有可能造成严重麻烦。 这是一些处理中间人情况的方法。
检测是第一道防线 (Detection as a first line of defence)
Detection is one of the best ways to protect yourself from MITM attacks. Unfortunately, detection can be tricky sometimes. The most effective way to handle security breaches would be to avoid allowing a MITM attack to begin at all. This means putting up a proper defence.
检测是保护自己免受MITM攻击的最佳方法之一。 不幸的是,有时检测可能很棘手。 处理安全漏洞的最有效方法是完全避免允许MITM攻击。 这意味着要进行适当的防御。
An intrusion detection system (IDS) is an excellent place to start. An IDS will watch over your network, and should unauthorized entities infiltrate the traffic flow, send you an immediate alert. While some users have noted that IDS will occasionally send false alerts and be tempted to turn off the system, a false alarm is better than no alarms. For that reason alone, an intrusion detection system should be allowed to continue running. As smart computing and artificial intelligence improve, notifications will become more reliable and timely — leading to greater security overall.
入侵检测系统(IDS)是一个很好的起点。 IDS将监视您的网络,如果未经授权的实体渗透到流量中,则会立即向您发送警报。 尽管一些用户已经注意到IDS偶尔会发送错误警报并倾向于关闭系统,但错误警报总比没有警报要好。 仅出于这个原因,应该允许入侵检测系统继续运行。 随着智能计算和人工智能的改进,通知将变得更加可靠和及时,从而总体上提高了安全性。
最佳电子邮件安全做法 (Best email security practices)
A common way for MITM attacks to occur is through phishing expeditions. Malicious hackers employ fraudulent emails to trick recipients into downloading files or clicking links, which then install dodgy malware onto the victim’s computer or network.
发生MITM攻击的常见方式是通过网络钓鱼。 恶意黑客利用欺诈性电子邮件诱使收件人下载文件或单击链接,然后将狡猾的恶意软件安装到受害者的计算机或网络上。
You should always be wary of any email that asks you to reply with sensitive login info or download unknown files. Examine the source email addresses to see if they’re correct. Check for misspellings of well-known sites such for example, eBai.com or Amezon.com. If you spot something like this, delete that email right away!
您应该始终警惕任何要求您提供敏感登录信息或下载未知文件的电子邮件。 检查源电子邮件地址,看是否正确。 检查知名网站的拼写错误,例如eBai.com或Amezon.com。 如果您发现类似内容,请立即删除该电子邮件!
Similarly, it would help if you cast a suspicious eye on unexpected text messages. No financial institution or utility is going to require sensitive information via text or email. Smartphones are a frequent target for MITM attacks, so respond with care to any messages that seem suspicious.
同样,如果您对意外的文本消息持怀疑态度,也会有所帮助。 没有金融机构或公用事业公司会要求通过文本或电子邮件发送敏感信息。 智能手机经常成为MITM攻击的目标,因此请谨慎对待任何可疑的消息。
避免使用公共网络 (Avoid using public networks)
Discretion is good advice anytime you’re working with sensitive information. By avoiding the use of public networks, you deny hackers the opportunity to place their malware into your communications path. If you’re going to use a public network or WiFi, limit your activities to less security-conscious pursuits such as general web surfing, news, or viewing entertainment media.
当您使用敏感信息时,自由裁量权是一个很好的建议。 通过避免使用公共网络,您可以拒绝黑客将恶意软件放入您的通信路径的机会。 如果您要使用公共网络或WiFi,请将您的活动限制在对安全性要求不高的活动中,例如一般的网上冲浪,新闻或观看娱乐媒体。
采用虚拟专用网(VPN) (Adopting a virtual private network (VPN))
VPN’s built-in encryption adds more layers of protection when it comes to how people access your company’s networks. One of the best uses for a virtual private network involves remote employees who need to connect through a WiFi network. A VPN keeps that connect more secure — even over a third-party WiFi connection.
VPN的内置加密在人们访问公司网络的方式上增加了更多保护。 虚拟专用网络的最佳用途之一是需要通过WiFi网络进行连接的远程员工。 VPN使连接更加安全-即使通过第三方WiFi连接也是如此。
Furthermore, VPNs allow you to monitor and audit all activity. If suspicious network behaviour occurs, you are in a better position to trace the problem’s cause and put a stop to it.
此外,VPN允许您监视和审核所有活动。 如果发生可疑的网络行为,则可以更好地跟踪问题的原因并加以制止。
加强您的内部网络 (Strengthening your inhouse network)
If using a VPN to stay secure while using WiFi makes good sense, then taking steps to protect your inhouse network makes even more sense. Robust firewalls, end-to-end encryption, two-step authentications, and smart auditing are all processes you should adopt. These steps will help keep outside parties from gaining access to your systems and inserting the nefarious tools used for MITM attacks.
如果在使用WiFi的同时使用VPN保持安全性是很有意义的,那么采取措施保护内部网络就更有意义了。 健壮的防火墙,端到端加密,两步身份验证和智能审核都是您应该采用的过程。 这些步骤将帮助防止外部团体访问您的系统,并插入用于MITM攻击的邪恶工具。
不要让MITM攻击使您失望 (Don’t let a MITM attack bring you down)
Staying vigilant and taking pre-emptive measures will go far in protecting your business’s network from MITM exploitation. Staying on top of the latest news involving cyber threats is an effective way to protect yourself, your company, and your clients.
保持警惕并采取先发制人的措施将大大保护您的企业网络免受MITM的利用。 掌握有关网络威胁的最新消息是保护自己,公司和客户的有效方法。
Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.
感谢您的阅读。 我希望通过 每个星期天发送给订阅者的 每周Word综述 新闻稿 与您分享更多信息 。 它将包含新闻,生产力提示,生活技巧以及指向互联网上的热门话题的链接。 您可以随时取消订阅。
翻译自: https://medium.com/swlh/all-about-man-in-the-middle-mitm-attacks-7d3196dbcbda