man-in-the-middle attack
vahendusrünne
olemus
suhtluspoolte teabevahetust manipuleeriv rünne
ISO/IEC 29115:
rünne, mille sooritaja saab kahe poole vahelisi
sõnumeid salaja lugeda, lisada ja muuta
näide
autentimisprotseduuri aktiivne pealtkuulamisrünne:
- ründaja muudab edastatavaid andmeid ja
- teeskleb tundliku teabe saamiseks üht sidepooltest
- kui ta vahetab ühe poole avaliku võtme enda omaga,
saab ta dekrüpteerida tollele saadetud krüptogrammi
ülevaateid
https://www.slideshare.net/DeepakUpadhyay14/man-in-the-middle-attack-73983358
https://www.slideshare.net/apurv_verma007/man-in-the-middle-35374464
https://www.owasp.org/index.php/Man-in-the-middle_attack
https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
https://www.sans.org/reading-room/whitepapers/threats/ssl-man-in-the-middle-attacks-480
https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html
https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-ornaghi-valleri.pdf
http://www.cs.ru.nl/bachelorscripties/2015/Ronnie_Swanink___4382838___Persistent-effects-of-man-in-the-middle-attacks.pdf
tõrje
http://www.computerweekly.com/tip/Man-in-the-middle-attack-prevention-strategies
https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks
https://www.slideshare.net/nowsecure/cutting-out-the-middleman-maninthemiddle-attacks-and-prevention-for-mobile-apps
https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
https://securitygladiators.com/man-in-the-middle-attacks/
https://www.clickssl.net/blog/how-to-stay-safe-against-the-man-in-the-middle-attack
vt ka
- brauseripete
- mobiilipete