Man in the middle attacks, Idea – Comtrol Hub DeviceMaster User Manual
Page 72
72 - DeviceMaster Security
DeviceMaster Installation and Configuration Guide: 2000594 Rev. A
Understanding Security Methods and Terminology
TLS
(Transport
Layer
Security)
Transport Layer Security (TLS) is a protocol that ensures privacy between
communicating applications and their users on the Internet. When a server
and client communicate, TLS ensures that no third party may eavesdrop or
tamper with any message. TLS is the successor to the Secure Sockets Layer
(SSL).
TLS and SSL are not interoperable. The TLS protocol does contain a
mechanism that allows TLS implementation to back down to SSL 3.0.
Secure Data
Mode
TCP connections that carry data to/from the DeviceMaster serial ports are
encrypted using SSL or TLS security protocols. See
and
Configure/Enable Security Features Overview
on Page 83 for more
information.
Secure Config
Mode
Unencrypted access to administrative and diagnostic functions are disabled.
See
Configure/Enable Security Features
on Page 83 for more information.
Secure Monitor
Data Mode via
Telnet
Allows monitoring of a single serial port on the DeviceMaster while the port is
configured for Secure Data Mode. For more information see, the Enable
Monitoring Secure Data via Telnet option on Page 84.
Man in the
Middle attack
A man in the middle attack is one in which the attacker intercepts messages
in a public key exchange and then retransmits them, substituting his own
public key for the requested one, so that the two original parties still appear to
be communicating with each other.
The attack gets its name from the ball game where two people try to throw a
ball directly to each other while one person in between them attempts to catch
it. In a man in the middle attack, the intruder uses a program that appears to
be the server to the client and appears to be the client to the server. The attack
may be used simply to gain access to the message, or enable the attacker to
modify the message before retransmitting it.
How Public
and Private
Key
Cryptography
Works
In public key cryptography, a public and private key are created
simultaneously using the same algorithm (a popular one is known as RSA) by
a certificate authority (CA).
The private key is given only to the requesting party and the public key is
made publicly available (as part of a digital certificate) in a directory that all
parties can access.
The private key is never shared with anyone or sent across the Internet. You
use the private key to decrypt text that has been encrypted with your public
key by someone else (who can find out what your public key is from a public
directory).
Thus, if User A sends User B a message, User A can find out User B’s public
key (but not User B’s private key) from a central administrator and encrypt a
message to User B using User B’s public key. When User B receives it, User B
decrypts it with User B’s private key. In addition to encrypting messages
(which ensures privacy), User B can authenticate User B to User A (so User A
knows that it is really User B who sent the message) by using User B’s private
key to encrypt a digital certificate. When User A receives it, User A can use
User B’s public key to decrypt it.
Term or
Issue
Explanation