Best Practices to Prevent Man in the Middle Attacks

The prevention and detection of man in the middle attacks is a difficult task, but there are ways that you can help protect yourself and your company against common vulnerabilities and exploits.

None of these methods are entirely foolproof. The wide array of techniques that fall under the umbrella of a MitM attack means that many layers of protection are required to defend against this threat.

This next section will overview steps that you can take to defend against MitM attacks.

Use Encryption

Ensuring that you have an encrypted connection is a critical first step to reducing the damage that a MitM attack could cause. By encrypting your web traffic you can protect your session against network sniffing attacks by making your network packets illegible. 

Ensure that all of your connections are secured using the latest encryption technology 

1. Verify that the websites you visit are encrypted
2. Websites are encrypted using SSL/TLS certificates. You can tell that these encryption protocols are in use as they will either have “https” at the start of the URL or a padlock icon to indicate that the website uses encryption. To verify that the certificates are legitimate you can inspect the certificate in your browser. 
3. Use end-to-end encryption for your digital communications
4. When sending sensitive information over the network you should ensure that the email platform or video conferencing app you use support end-to-end encryption.
5. Use a private, encrypted internet connection
6. Ensure that the network you are using is protected with a unique, strong password and encrypted with WPA2 or greater. You must also avoid using publicly accessible WiFi hotspots to avoid falling victim to a rogue access point or having your traffic sniffed by someone else on the network.

It’s important to note that encryption does not guarantee safety from MitM attacks. Attacks such as SSL stripping can force you to unknowingly browse the internet unencrypted. 

Though it is a rare occurrence, there is also the possibility that the trusted certificate authorities that verify SSL/TLS certificates could become compromised themselves, such as with the Diginotar incident.

DigiNotar was a Dutch certificate authority that was forced to declare bankruptcy after a security breach resulted in the fraudulent issuing of certificates. This security incident resulted in 300,000 Iranian Gmail users becoming victims to MitM attacks.