Ahmet EFE, Gizem KALKANCI, Mehmet DONK, Serhat CİHANGİR, Ziya UYSAL

4320

A Hidden Hazard: Man-In-The-Middle Attack in Networks

The most critical subject in information communication technologies is information security. Information security is defined as the prevention of access, use, modification, disclosure, removal, alteration and damage of information as an entity type without permission or in an unauthorized manner. Threats to information security continue to increase with today's evolving technology. Protecting our data is not an easy task these days when attackers are constantly discovering new techniques and exploits to steal our data. One of the most used of these techniques is the Man in the middle (MITM) attack. Attackers can use this attack to listen to local network traffic and steal end-user data from traffic flowing without malicious software or virus. In addition, passwords can be obtained by bypassing SSL. There are many common ways of starting an MITM attack. The simplest of these will be to create a fake node in an open computer network like Coffee Shops WiFi network. In this study, the concept of information security has been emphasized and the necessary criteria have been explained. Then, a popular type of attack, the MITM attack, has been implemented in various ways over the Linux operating system. After prevention methods for this attack, which was performed by various methods, have been described. As a result, the MITM attack, one of the popular types of attacks that threaten information security, has been introduced, the various forms of application have been shown both in technical and practical terms, and the methods of prevention have been described. With this study, it is aimed to establish an awareness in this issue and to take precautions against the threats that may arise with developing technology.
Anahtar Kelimeler:

Man-in-the-middle (MITM) attack, Information security, ARP poisoning, e-government security

PDF

___

  • Hekim, H. (2015). Oltalama (Phishing) Saldirilari. Retrieved from academia: http://www.academia.edu/35136881/Oltalama_Phishing_Saldirilari
  • Hugo, E. (2016, March 28). Performing Man-In-The-Middle Attack with ARPSpoof. Retrieved from myhackingjournal.blogspot: http://myhackingjournal.blogspot.com/2016/03/performing-man-in-middle-attack-with-arpspoof.html
  • Infosec Guide: Defending Against Man-in-the-Middle Attacks. (2017, July 27). Retrieved from trendmicro: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks
  • Man-in-the-Middle (MITM) Attacks. (2018, May 1). Retrieved from rapid7: https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
  • Man-in-the-middle attack. (2018, May 1). Retrieved from wikipedia: https://tr.wikipedia.org/wiki/Man-in-the-middle_attack
  • Ramadhan, F. B. (2018, January 25). Kali Linux: Social Engineering Toolkit. Retrieved from linuxhint: https://linuxhint.com/kali-linux-set/
  • Rangwala, S. (2015, May 10). Fake Website with DNS Spoofing in Kali Linux. Retrieved from linux-hacking-guide.blogspot: http://linux-hacking-guide.blogspot.com/2015/05/fake-website-with-dns-spoofing-in-kali.html
  • Rouse, M., & Cobb, M. (2015, December 8). Man-in-the-middle attack (MitM). Retrieved from internetofthingsagenda.techtarget: https://internetofthingsagenda.techtarget.com/definition/man-in-the-middle-attack-MitM
  • Sultana, N., Chilamkurti, N., Peng, W., & Alhadad, R. (2018, January 18). Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Networking and Applications.
  • Tanmay. (2013, April 12). How to defend yourself against MITM or Man-in-the-middle attack. Retrieved from thewindowsclub: http://www.thewindowsclub.com/man-in-the-middle-attack
  • Tekdoğan, R., & Efe, A. (2018). Prevention Techniques for SSL Hacking Threats to E-Government Services. Ankara: International Journal of Information Security Sciences.
  • Toward More Resilient Cyber Infrastructure: A Practical Approach. (2016). In B. Tanceska, M. Bogdanoski, & A. Risteski, Handbook of Research on Civil Society and National Security in the Era of Cyber Warfare (pp. 305-351). IGI Global.
  • Yeahhub Corporation. (2017, August 15). Sniff HTTPS/FTP Packets Using SSLSTRIP And DSNIFF – ARP Spoofing MITM Attack. Retrieved from yeahhub: https://www.yeahhub.com/sniff-https-ftp-packets-using-sslstrip-dsniff-arp-spoofing-mitm-attack/
Bilgisayar Bilimleri-Cover
  • ISSN: 2548-1304
  • Yayın Aralığı: Yılda 2 Sayı
  • Başlangıç: 2016
  • Yayıncı: Ali KARCI
Arşiv
Sayıdaki Diğer Makaleler

Konvolüsyonel Sinir Ağına Sahip Akıllı Kontrol Cihazları

Zainab MAHMOOD

Evrişimsel Sinir Ağlarında Kullanılan Transfer Öğrenme Yaklaşımlarının İncelenmesi

Kazım FIRILDAK, Muhammed Fatih TALU

A Hidden Hazard: Man-In-The-Middle Attack in Networks

Ahmet EFE, Gizem KALKANCI, Mehmet DONK, Serhat CİHANGİR, Ziya UYSAL

Bir Üniversite Hastanesi Acil Servisinin Elektromanyetik Kirlilik Seviyelerinin Ölçülmesi ve Değerlendirilmesi

Teoman KARADAĞ

Destek Vektör Makinasi Algoritması ile Kalp Hastalıklarının Tahmini

İrem OZCAN, Beyda TASAR, Ahmet Burak TATAR, Oguz YAKUT

Implementation of Fuzzy Controller for Mobile Robot Navigation on NI’s Embedded- FPGA Robotic Platform

Mahmut DİRİK, Adnan Fatih KOCAMAZ, Emrah DONMEZ

Optimal Coverage of Wireless Sensor Networks Based On Artificial Algae Algorithm (AAA)

Ersin KAYA, Wakass Saad JABER

Karcı ve Shannon Entropilerin Karşılaştırılması

Ali KARCİ, Feyza BİLGİÇ