Man-in-the-middle attacks

Securing Storage: A Practical Guide to SAN and NAS Security By Himanshu Dwivedi 560 pages; $44.99 Addison Wesley Professional

Before we can begin to understand the idea about a Fibre Channel man-in-the-middle attack, let's first understand the concept using the IP protocol. An entity using IP, such as a switch or an operating system, will send out ARP requests when it is trying to communicate with other entities. For example, if server A wanted to communicate with server B, which has the IP address of 172.16.1.1 and the MAC address of 00-0A-CC-69-89-74, server A would send out an ARP request asking, "Who is 172.16.1.1?" Then the switch or the operating system would respond, replying with its MAC address, which is 00-0A-CC-69-89-74. The issue with ARP, which we will also address with Fibre Channel name servers, is that any malicious entity could send out an ARP reply instead of the actual server. For example, if you stepped outside your home and yelled out, "What is the address of the post-office," a malicious neighbor could say, "I am the post-office; please send your mail to me." If you believed this malicious neighbor without asking for proof, then your mail would be compromised. This is how ARP works, without any authentication. A malicious user could send out ARP replies with the incorrect information.

More Information Download the chapter to learn Fibre Channel SAN Security risks and to receive FREE self-assessment tests. Learn how to defend against  back-up server hacks Visit our resource center for news, tips and advice on how to mitigate application attacks.

Since there is no authentication with ARP, similar to how there is no authentication with PLOGI in Fibre Channel fabrics, an entity receiving an ARP reply from an attacker would update their routing table with the incorrect information. Furthermore, even if a node did not send out an ARP request, which would request the MAC address of a specific IP address, it doesn't mean it won't receive an ARP reply and update its own routing table. For example, a malicious user could send out ARP replies to the entire network segment, telling each entity that the MAC address of the router, which is 172.16.1.1, is actually the MAC address of the malicious entity. When one node tries to communicate to any other node by going through the default router, it will actually be going to the malicious entity first, since it is using the MAC address of the malicious entity for layer 2 routing.

Attempt an IP man-in-the-middle attack with an Assessment Exercise when you download the rest of Chapter 2

Assessment Exercise:

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Yahoo, McAfee to warn users of dangerous websites Botnets and ethics SQL injection attack infects hundreds of thousands of websites HP customers vulnerable to software update tool flaw New hacking technique exploits common NULL programming error What are the dangers of cross-site request forgery attacks (CSRF)? Stopping malware in its tracks Shrewd attackers bypass old security defenses with Web attacks What software development best practices can prevent input validation attacks? What is the most secure way for application developers to manage cookies? Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Enterprise Data Protection Are open recursive DNS servers inherently insecure? Penetration testing: Helping your compliance efforts Worst practices: Learning from bad security tips The ins and outs of database encryption RSA attendees see data classification, rights management projects stumble Worst practices: Encryption conniptions Does FTPS encrypt data packets at the hardware or software level? Should disks be encrypted at the hardware level? Is Triple DES a more secure encryption scheme than DUKPT? Will a platform-as-a-service (PaaS) environment put data at risk? TCP/IP Are open recursive DNS servers inherently insecure? How to protect DNS servers What to consider before opening a port What is the relationship between open port range and overall security risk? Will iptables screen UDP traffic? Troubleshooting proxy firewall connections Admins run into trouble with Microsoft updates Microsoft to release DNS patch Tuesday Database security undermined by protocol loopholes, lax defenses 'Worm' targets Sun Solaris Telnet flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) script kiddy  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary