25 2
Cy ber Se c urit y E s sen ti a l s
Exhibit 4-30.â•… An untrusted connection in Firefox (top) and Internet Explorer (bottom).
nonsecure HTTP counterparts, provided the user accesses at least one HTTP page during the session. For this reason, financial institutions should offer websites with HTTPS-only options and encourage users to connect to HTTPS versions of their websites before entering user credentials. Even one unsecured page could allow attackers to perform a MITM attack or perform an action on behalf of the user after he or she logs on. Some websites only use HTTPS when the user supplies credentials but do not protect other session information, which can be just as valuable to attackers using MITM attacks. Users must authenticate the servers with which they wish to communicate and use cryptographically strong protocols to communicate. HTTPS and secure shell (SSH) are preferable to HTTP and telnet when exchanging critical information. Software clients for protocols like SSH cache the server’s signature after the user first connects. If the signature differs from the locally cached version, then the client will raise a warning, indicating that the server’s certificate changed and possibly that a MITM attack is taking place. 4.2.3.2╇ Conclusionâ•… Using encryption and certificates are effective
ways to prevent MITM attacks from being successful, provided users authenticate servers appropriately. While administrators can make changes to their own networks to prevent ARP and DNS © 2011 by Taylor & Francis Group, LLC