by Evan Fitzgerald
Article filed in

Make a Plan for the Middle Man

by Evan Fitzgerald

Man in the middle (MITM) attacks are cybersecurity attacks that have been threatening the privacy and security of parties communicating with one another.

In fact, it’s one of the top 3 ways email gets hacked.

These attackers are intercepting communications between parties and compromising PHI and even altering the message before the receiving party gets ahold of it.

Many times the receiving party doesn’t realize that the message has been altered in one way or another.

Many organizations have implemented end to end encryption products as well as interception products to detect and monitor malicious behavior, however these products are leaving organizations vulnerable to the man in the middle.

HTTPS Interception Products

HTTPS interception products work by intercepting HTTPS web traffic decrypting it and scanning for suspicious activity. They will then report activity into a log and re-encrypt the activity back into the network.

The issue with these products is that they must download certificates to verify their legitimacy with the user’s web client. The organization will then only be able to verify the certificates of the interception product and not from the server.

The result is the HTTPS interception product does not properly verify the certificate chain before re-encrypting, which leaves the connection open to a MITM attack.

Imagine that you are taking a flight from Albuquerque to St. Louis and you check your bag in. The bag goes through a security scan to ensure that there isn’t any contraband being brought onto the plane. The bag is then placed on a cart where it is sent to be loaded onto the airplane.

During the time it takes to go from the security scan to the airplane, the bag is potentially in a vulnerable position just like the files being reloaded into the server.

Conclusion

Covered entities and business associates who plan to, or are currently using, interception products should evaluate the weak links in the chain and be aware of where are breach can occur.

Not all interception products are created equal. Research that your product makes the proper alerts and warning when un-secure connections are being made. When it comes to the livelihood of your business and customers make preventative decisions as opposed to reactive decisions.

Copy link
Powered by Social Snap