SOC Experts Community - Beta
0 like 0 dislike
in SOC by (1.2k points)

2 Answers

0 like 0 dislike
by (5k points)

While data transmission is taking place between a device (PC/Phone) and web server, an attacker using his skills and tools places him/herself between two endpoints and intercepts the data. While the two parties believe that they’re talking to each other, they’re communicating with (and through) the perpetrator in reality. That’s what a man-in-the-middle attack is.

Here are our recommended practices to protect against man-in-the-middle attack

  1. Make sure the website you visited is HTTPS 
  2. Before clicking on emails, check the sender of the email
  3. Do not make a purchase or send sensitive data on public wi-fi network
  4. if your website is using SSL, ,make sure you have disabled insecure SSL/TLS protocols. you should only have enabled TLS 1.1 and TLS 1.2
  5. Do not download pirated content   
0 like 0 dislike
by (5.4k points)

"MITM attack" stands for  "Man In The Middle attack".

MITM attack is an active eavesdropping. It uses a seperate computer that accepts traffic from each party in a conversation and forwards the traffic between user and server. They both maintain ARP cache table which consists of IP address and MAC address. The data exchange takes place between system and server, the attacker eavesdrop and corrupts ARP cache table of both the user and server by changing IP and MAC addresses. So the attacker will appear as user to the server and appear as server to the user, this is called ARP poisoning. Now attacker controls entire conversation.


  • always visit websites using HTTPS protocol will prevent attackers from intercepting data.
  • adding static ARP entities into the cache is one method of mitigating ARP cahe poisoning. this method prevents attackers from using ARP requests and replies as the devices in the network will rely on the local cache instead. 

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses