What is a man-in-the-middle attack and how to prevent it

Question

QA Hub Editorial · Accepted Answer

What is a man-in-the-middle attack and how to prevent it

What Is a MITM Attack?

A man-in-the-middle (MITM) attack occurs when an attacker secretly intercepts and potentially alters communication between two parties. Common vectors include unencrypted Wi-Fi, compromised routers, and DNS spoofing.

Attack Vectors

ARP Spoofing: Poisoning ARP tables to redirect traffic.
DNS Hijacking: Redirecting domain resolution to attacker-controlled servers.
SSL Stripping: Downgrading HTTPS connections to HTTP.

Prevention

Enforce TLS everywhere: See how to set up SSL/TLS certificates for a web server. Disable weak cipher suites.
HSTS: Instructs browsers to always use HTTPS.
Certificate Pinning: Hardcode expected certificates in mobile apps.
VPNs: Encrypt traffic on untrusted networks; learn more in what is a VPN and how does it work.

Detection

Monitor for unexpected certificate changes and use DNSSEC to validate DNS responses. Defense in depth is essential because a single control may fail.

What is a man-in-the-middle attack and how to prevent it

What Is a MITM Attack?

Attack Vectors

Prevention

Detection

Related Questions

How to implement role-based access control

What are the OWASP Top 10 security risks

How to set up a WAF (Web Application Firewall)

How to secure a REST API

How to implement secure password hashing

What is the difference between encryption at rest and encryption in transit