Essential Computer Security

12 Smart Ways to Save Time and Effort with Enterprise VoIP Software. http://bit.ly/dl4ETn about 6 minutes ago from API

Burned by the Windows XP Downgrade? Don't Blame Microsoft. http://bit.ly/crHlJ1 about 1 hour ago from API

Unified Communications for Dummies is here. http://bit.ly/5VS4ef #ucoms about 3 hours ago from API

Cisco Unveils AnyConnect Secure Mobility at RSA. http://bit.ly/carmNP about 5 hours ago from API

RT @Twitter_Tips: New Microsoft vulnerability bypasses major Windows security protections: http://j.mp/bJQc6N about 5 hours ago from TweetDeck

UC Security Threats: Man-in-the-Middle Attack

Posted on July 18th, 2009 by Tony Bradley

Did you ever play ‘monkey in the middle’ when you were a kid? That’s the game where one kid stands in the middle while two or more other kids pass a ball back and forth and try to ensure that the kid in the middle doesn’t intercept it. Well, the man-in-the-middle (MitM) attack works on a similar premise. Basically, two parties pass communications data back and forth and try to ensure that the attacker in the middle doesn’t intercept it.

By its nature, an MitM attack is most likely to be successful when the attacker has access to the internal network. If executed successfully, all communications between the two parties in both directions are rerouted to flow through the attacker’s computer without the knowledge of the communicating users. The attacker is then able to capture, read (or listen to), or modify the data. The attacker can then do any of the following with the data:

eavesdrop, or listen to the conversation
redirect the data to another recipient
alter the conversation (delete content, add content, replaying content)
cause a denial-of-service (simply don’t allow the data to flow between the parties)

An attacker can initiate an MitM attack if they are able to modify Active Directory and add their PC as a trusted server, or if they can modify DNS to direct traffic to be routed through their PC en route to the destination. With Microsoft OCS 2007, an MitM attack between two clients is less likely because the media streams between the two points are encrypted with SRTP, using cryptographic keys negotiated between the two clients using SIP over TLS.

Follow me on Twitter

Tags: Blog // 3 Comments »

3 Comments to “UC Security Threats: Man-in-the-Middle Attack”

Essential Computer Security » SIP Over TLS
July 18th, 2009 at 7:47 am
[...] Layer Security). Encrypting SIP transmissions with TLS helps to protect communications from man-in-the-middle attacks, eavesdropping, or unauthorized [...]
Essential Computer Security » UC Security Threats: Call Redirection
July 18th, 2009 at 7:50 am
[...] an attacker is able to monitor or intercept the SIP INVITE requests (by executing a MitM attack for example), they can then spoof the INVITE response and get the initiating SIP device to reroute [...]
Essential Computer Security » Who Is Responsible for VoIP Security?
July 18th, 2009 at 8:03 am
[...] it possible to do it faster or on a much larger scale. Call redirection, denial-of-service attacks, man-in-the-middle attacks and more are all potential threats that exist for VoIP [...]

Computer Security In Plain English For Normal People

Tony_BradleyPCW

My Sites

UC Security Threats: Man-in-the-Middle Attack

3 Comments to “UC Security Threats: Man-in-the-Middle Attack”

Recent Posts