Network Security – so https and ssh are immune to arp spoofing right?
When a machine has been arp spoofed, ALL network traffic from it is likely passing through a “hostile” machine. So, NO, https and ssh traffic is not immune, it is travelling through a hostile machine. However, it should be encrypted. There are a few exceptions though. SSH version 1 is a broken encryption scheme and should be avoided like the plague. As far as I know SSH 2 should be safe. Pay attention to complaints about the host identification not being able to be verified….
HTTPS is also an encrypted protocol, usually used for online banking logins, etc. There is a problem though…. one of the responsibilities of certificate based authentication is that the end user has the ultimate call if a certificate doesn’t match. (You do look at those right?)… SO…. it’s possible that an ARP spoofing attacker machine decrypts the network data from the https:// protected website and then generates a forged certificate and a new encrypted stream to the client machine.
The client machine at this point will complain and say something along the lines that the certificate could not be verified do you still want to accept? So, if the end user supports the forged certificate, then all https passwords can be sniffed as well, because they’ve accepted a fake certificate. So the moral of this story is to be extremely cautious when accepting dubious certificates. HTTPS can be secure, but ultimately it’s up to the end user whether or not they accept a forged certificate.
So what hope is there against arp spoofing?
Popularity: 1% [?]
Related Posts - The security of remote tech support (ultravnc sc or x11vnc with wrapper script) Well, I've got a nice way of doing "easy" one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see......
- Using ssh to protect web browsing over wireless or other hostile networks This really could be used to encyrpt web traffic over any "hostile" network. Here's what I'm talking about. Laptop using wireless. Within our internal network we would LIKE all our web traffic to be encrypted at least from the laptop to a wired host. (From there to the outside world......
- Disappointing trend for online banking sites Given how easy it is for people to be fooled by phishing sites, you would think banks would try and keep as many "easy ways to identify a legitimate bank site" as possible wouldn't you? I mean, user-friendliness is certainly a big selling point in things software and even web......
Related Websites - Feb Edition of Hackin9 - Network Security Another exciting edition of Hackin9 is out and you can download it here. Information about this edition is located below: · Wuala – Secure Online Storage There are a lot of online storage/backup solutions available nowadays and it is hard to find differences between them, but I think Wuala from......
- Finovate Startup 2009 Live Twitter I am attending Finovate Startup 2009. It is an action packed 1 day format which I belive will lend itself perfectly to a live twitter. Stay tuned it should be an amazing day. http://twitter.com/BlogTrafficExch In the break I have scheduled some talks with SimplFi, Mint, and Calendar Budget. I am......
- Strength Training for a Triathlon Strength training is capable of being a vitally important part of the training program for all triathletes. Maximizing the quality of your workout should be your prime objective when it comes to developing a solid strength program that is going to benefit your triathlon progress. There are a wide variety......
Similar Posts
- Network security – what does arp spoofing mean for wireless?
- Network Security – Arp spoofing
- Using ssh to protect web browsing over wireless or other hostile networks
- Disappointing trend for online banking sites
- Network Security guide for the home or small business network – Part 19 – What about when you’re not on your home network?