Common Network Attack Strategies: Man in the Middle
The man-in-the-middle network attack strategy is a type of masquerade attack that works like this: If the network attacker places herself between you and the server to which you are talking, the attacker can see all the data (encrypted or not) that you are sending to the server.
This particular attack is very disconcerting because they can easily see the data that you expect is 100-percent secure, even your HTTPS dealings with your bank.
In this attack, the attacker takes over the role of a device between you and the system you are talking to. This device could be a router, where the attacker confuses the switch ARP table and has data destined for the router to be sent to her. Then she relays the data to the router.
In this way, the attacker can still deal with the router and the server on the other side of the router, but the attacker sees all the traffic. This setup allows an attacker to capture passwords, even for secure sites, such as banking.
Tools that can conduct this type of attack are freely available. One such tool is Cain & Abel.
Man in the middle is one of the most insidious attacks, because you may not even know it is happening. For this reason, any unsecured network should be considered hostile or even broken.
Cloud Computing Glossary
cloud computing
A networking solution in which everything — from computing power to computing infrastructure, applications, business processes to personal collaboration — is delivered as a service wherever and whenever you need.
Cloud Computing Glossary
cloud service
The delivery of software, infrastructure, or storage that has been packaged so it can be automated and delivered to customers in a consistent and repeatable manner.
Cloud Computing Glossary
deprovision
The release of cloud services that are no longer needed.
Cloud Computing Glossary
federating
Linking distributed resources together over the cloud.
Cloud Computing Glossary
hypervisor
An operating system that acts as a traffic cop, managing the various virtualization tasks in the cloud to ensure that they make things happen in an orderly manner.
Cloud Computing Glossary
multi-tenancy
The sharing of underlying resources by multiple companies over a cloud.
Cloud Computing Glossary
network attached store
Storage that has its own network address through which it is accessed by the network's workstation users. Acronym: NAS
Cloud Computing Glossary
service level agreement
A contract that stipulates the type of service you need from providers and what type of penalties would result from an unexpected business interruption. Acronym: SLA
Cloud Computing Glossary
solution stack
An integrated set of software that provides everything a developer needs to build an application.
Cloud Computing Glossary
storage area network
A storage systems that is flexible and scalable because it's available to multiple hosts at the same time. Acronym: SAN
Cloud Computing Glossary
vertical industry groups
Workgroups comprised of members from a particular industry such as technology and retail.
Cloud Computing Glossary
virtual memory
The portion of your hard drive that Windows uses to expand the available RAM
Cloud Computing Glossary
virtualization
Using computer resources to imitate other computer resources or whole computers to maximize performance and flexibility.
