A Hidden Hazard: Man-In-The-Middle Attack in Networks
Authors : Ahmet Efe, Gizem Kalkanci, Mehmet Donk, Serhat Cihangir, Ziya Uysal
Pages : 96-116
View : 14 | Download : 7
Publication Date : 2019-12-01
Article Type : Research
Abstract :The most critical subject in information communication technologies is information security. Information security is defined as the prevention of access, use, modification, disclosure, removal, alteration and damage of information as an entity type without permission or in an unauthorized manner. Threats to information security continue to increase with today's evolving technology. Protecting our data is not an easy task these days when attackers are constantly discovering new techniques and exploits to steal our data. One of the most used of these techniques is the Man in the middle (MITM) attack. Attackers can use this attack to listen to local network traffic and steal end-user data from traffic flowing without malicious software or virus. In addition, passwords can be obtained by bypassing SSL. There are many common ways of starting an MITM attack. The simplest of these will be to create a fake node in an open computer network like Coffee Shops WiFi network. In this study, the concept of information security has been emphasized and the necessary criteria have been explained. Then, a popular type of attack, the MITM attack, has been implemented in various ways over the Linux operating system. After prevention methods for this attack, which was performed by various methods, have been described. As a result, the MITM attack, one of the popular types of attacks that threaten information security, has been introduced, the various forms of application have been shown both in technical and practical terms, and the methods of prevention have been described. With this study, it is aimed to establish an awareness in this issue and to take precautions against the threats that may arise with developing technology.Keywords : Man-in-the-middle (MITM) attack, Information security, ARP poisoning, e-government security