When surfing the Internet we can suffer many types of attacks. There are many threats that can compromise our security and jeopardize the proper functioning of our equipment. However, there are also logically tools and methods for users to protect themselves. In this article we are going to talk about what is a Man in the Middle attack or, an intermediary attack. Of course we will also talk about how we can protect ourselves.
Table of Contents
What are Man in the Middle attacks?
If we translate literally into Spanish, Man in the Middle means “man in the middle.” Basically that tells us what this type of attack is. It consists of a person who is able to place himself in the middle of two communications and steal the information that is sent. A kind of “pinganillo” able to hear everything that is transferred between two points.
A Man in the Middle attack can be both online and offline . Hackers can carry out different types of attacks to achieve their objective. They will always try to intercept the messages going unnoticed.
If we talk about one of the most common and clear examples, we can mention when using a Wi-Fi router. In this case, the attacker is setting up a malicious device to look legitimate. In this way, it will seek to intercept all the information that passes through it, all the data that the user sends. You can use a computer, for example, to create a Wi-Fi network to which the victim connects.
This is something that is usually present in crowded places. For example in airports, shopping centers, train stations … Sites where users are going to connect to wireless networks in order to have Internet. The problem is that they are not really connecting to a legitimate router, but are entering a network configured on a computer or other device maliciously.
Another example of Man in the Middle attack is the one carried out in browsers. What attackers do is insert malicious code into the victim’s system and act as an intermediary. The objective here is to collect all the data that is entered in the browser, the pages visited, etc. We are, once again, in an intermediary.
How to protect us from Man in the Middle attacks
Luckily, users can carry out different actions or use tools to protect us from Man in the Middle attacks. In this way we can maintain the security of our systems and not correct any risk. We will explain what are the most advisable and usual methods to protect ourselves from such attacks.
Avoid public and open networks
As we have seen, one of the most used techniques to carry out Man in the Middle attacks is through maliciously configured networks . Therefore, we must try to avoid public networks and those that have weak encryption or are open. This way we will have more guarantees that our connections are secured.
We must ensure that the networks we access are real, secure and that they will not be a problem for our security. This way we can protect the information when browsing.
If we browse HTTP pages our information can be intercepted. This makes something basic to avoid being victims of this type of attacks is to navigate only through HTTPS pages, which are those encrypted sites.
Now, we can make use of tools that help us. There are extensions that allow us to navigate only through HTTPS sites and thus not compromise our data.
Use VPN services
The use of VPN services can help prevent Man in the Middle attacks when we browse pages that are not encrypted or from public Wi-Fi networks. There are many free and paid options and they are intended to encrypt our connections. It is a type of tools that we should consider.
Protect our accounts
To avoid intruders who can carry out these types of attacks, something that we must take into account is the protection of our accounts. By this we mean using passwords that are strong and complex , but also using methods such as two-step authentication to prevent anyone from accessing.
It is important that our Internet accounts are perfectly protected. Only then can we avoid intruders who can intercept our communications.
Beware of emails
An email attack could be carried out of this type. They could, for example, send a document posing as the other party simply to obtain information on a particular subject.
We must take precautions when opening, reading or answering emails we receive. Always make sure that the issuer is really who he says he is and is not an imposter who can collect our information.
Keep systems up to date
Of course something that can not be missing is to have the systems and applications updated . By this we mean the operating system, the browser, as well as any other type of tools we use. Keep in mind that sometimes vulnerabilities arise that can be exploited by hackers to carry out their attacks.