My question is regarding eavesdropping. A client machine (Computer A) communicates with 2 servers (X and Y). The...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
aim of the attacker is to gather the data sent to both servers. If an attacker wants to eavesdrop on both the connections (A - X and A - Y), I suspect he or she would most likely install a sniffer on Computer A. What other patterns of intercepting network data should our organization watch for?
You're correct: Installing monitoring software on the client system (Computer A in your example) is the easiest way to gather all of the information the attacker is seeking. However, there are several other ways this sort of information collection could take place. First, it would be possible to gather the same information by installing monitoring software on both of the servers. Second, the same information could be gathered by sniffing the network connection. Is the network between the client and servers entirely under your control? All of the network devices between the systems should also be considered as possible eavesdropping points.
How can these attacks be prevented? Protecting against monitoring software is a function of endpoint security: Be sure you know what devices are present on your network and that you carefully control the software that is installed on them. You can protect against network-based eavesdropping attacks by using encryption. For example, if the connection between the client and server is Web-based, use HTTPS-encrypted connections to prevent an eavesdropper from reading the content of the communication.
- Should software be used to monitor networks for blogging activity? Read more.
- Learn how to prevent eavesdropping on mobile devices in this expert response.
Dig Deeper on Monitoring Network Traffic and Network Forensics
Related Q&A from Mike Chapple
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. ...continue reading
Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you...continue reading
The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.