Man-In-The-Middle is an attack whereby the attacker intercepts the message when the public keys are being exchanged and replaces the original key with his own public key, so that it the 2 parties still appear to be communicating with each other.
Let us understand this whole concept with the help of an example. Suppose, you are an employee of a MNC will a billion dollar turnover. The company has strict policies with regard to its employees and monitors every mail message of its employees, or tracks the traffic for presence of malware or other secure information related to the company.
In order to monitor the traffic, the company breaks into the SSL/TLS connection with the use of a SSL proxy, such as ProxySG. The proxy intercepts the traffic between a user and the outside world. When the user browses to a secure connection, the proxy fetches the digital certificate on the behalf of the user and creates a fake digital certificate dynamically and presents it to the user. The user receives an error message, notifying that the digital certificate is not legitimate. The user clicks on the message even without knowing what actually happened.
However, if the company had taken steps to ensure that the user’s browser sees the digital certificate as a trusted one, then the user would not have seen the message. Behind the scenes, 2 successful and secure SSL/TLS connections have been established; one between the proxy and the server, other between the user and the proxy. On the proxy, the information can be viewed as a plain text. This information is then searched for predefined keywords or malware.
Similarly, the attackers could intercept a secure web connection using a proxy tool. A single tool available for free can help an attacker, intercept a secure web connection.
How to Protect from SSL Interception Attacks
Digital certificates can prove to be dangerous, if not handled carefully. A user can follow the key points given below and prevent an attacker from intercepting his/her secure connection over the web.
- While surfing the internet, make sure that the computer you are using to surf is secure and has not been compromised.
- If you detect changes in the computer or feel that your system has been compromised, you can use the rollback feature to revert to the original changes.
- Customize your web browser to automatically reject un-trusted certificates or you can also set your browser to ask you, every time a certificate is downloaded to your computer.
- While browsing, read the error messages that appear and think before you browse to a website that you feel might not be safe. Websites that seem to be secure, sometimes fall prey to attackers.
This post is part of the series: How SSL encrypted web connections are intercepted
In this series, we will see what role do digital certificates play, how much secure are they and how SSL encrypted web connections are intercepted with the help tools along with on the fly creation of digital certificates.