Man-in-the-middle attacks

Securing Storage: A Practical Guide to SAN and NAS Security By Himanshu Dwivedi 560 pages; $44.99 Addison Wesley Professional

Before we can begin to understand the idea about a Fibre Channel man-in-the-middle attack, let's first understand the concept using the IP protocol. An entity using IP, such as a switch or an operating system, will send out ARP requests when it is trying to communicate with other entities. For example, if server A wanted to communicate with server B, which has the IP address of 172.16.1.1 and the MAC address of 00-0A-CC-69-89-74, server A would send out an ARP request asking, "Who is 172.16.1.1?" Then the switch or the operating system would respond, replying with its MAC address, which is 00-0A-CC-69-89-74. The issue with ARP, which we will also address with Fibre Channel name servers, is that any malicious entity could send out an ARP reply instead of the actual server. For example, if you stepped outside your home and yelled out, "What is the address of the post-office," a malicious neighbor could say, "I am the post-office; please send your mail to me." If you believed this malicious neighbor without asking for proof, then your mail would be compromised. This is how ARP works, without any authentication. A malicious user could send out ARP replies with the incorrect information.

More Information Download the chapter to learn Fibre Channel SAN Security risks and to receive FREE self-assessment tests. Learn how to defend against  back-up server hacks Visit our resource center for news, tips and advice on how to mitigate application attacks.

Since there is no authentication with ARP, similar to how there is no authentication with PLOGI in Fibre Channel fabrics, an entity receiving an ARP reply from an attacker would update their routing table with the incorrect information. Furthermore, even if a node did not send out an ARP request, which would request the MAC address of a specific IP address, it doesn't mean it won't receive an ARP reply and update its own routing table. For example, a malicious user could send out ARP replies to the entire network segment, telling each entity that the MAC address of the router, which is 172.16.1.1, is actually the MAC address of the malicious entity. When one node tries to communicate to any other node by going through the default router, it will actually be going to the malicious entity first, since it is using the MAC address of the malicious entity for layer 2 routing.

Attempt an IP man-in-the-middle attack with an Assessment Exercise when you download the rest of Chapter 2

Assessment Exercise:

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) SaaS startups enter Web security gateway market How can an enterprise-wide network remain resilient against denial-of-service (DoS) attacks? Microsoft warns of attacks against Microsoft Access zero-day flaw Tips for SQL injection protection Microsoft addresses XSS in Internet Explorer Internet Explorer open to spoofing, scripting attacks Software still plagued with security holes, researcher says Microsoft tools won't be quick fix for SQL injection attacks Microsoft identifies tools to address SQL injection attacks New defenses for automated SQL injection attacks Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Enterprise Data Protection How to avoid DLP implementation pitfalls Quiz: Data loss prevention PCI DSS 1.2 clarifies wireless, antivirus use Sophos to acquire mobile data protection company Utimaco Should users have a removable boot drive for online banking? Unified communications trigger data leakage dangers, survey finds NitroSecurity covers its bases with RippleTech deal Easing e-discovery preparation by mapping enterprise data Quiz:: E-discovery and security in the enterprise Growing Mac use prompts call for better security TCP/IP Are open recursive DNS servers inherently insecure? How to protect DNS servers What to consider before opening a port What is the relationship between open port range and overall security risk? Will iptables screen UDP traffic? Troubleshooting proxy firewall connections Admins run into trouble with Microsoft updates Microsoft to release DNS patch Tuesday Database security undermined by protocol loopholes, lax defenses 'Worm' targets Sun Solaris Telnet flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) script kiddy  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary