Many threats lurk right outside your network just waiting to exploit even the tiniest weakness or vulnerability. Of all of them, the man in the middle attack (mitm) is one of the worst. Just what is man in the middle attack, and what steps can you take to prevent it in order to protect your data?


When a MITM occurs, an unauthorized person or entity finds a way to intercept your communications with another party. They then monitor and/or manipulate the exchanges for their own purposes. Once they infiltrate your device, computer or server, criminals often use this intrusion strategy to steal sensitive data or, under the guise of the party you are legitimately communicating with, they can send you files or applications that are tainted with malware.


The only way to keep your information secure from an attacker is to understand the various types of MITM incidents that commonly occur. They include the following:

  • IP spoofing. Each computer on your network has a unique internet protocol (IP) address that is used when it communicates with other inter-network devices. In IP spoofing, a bad actor targets your network packets, manipulating them in order to “pretend” to be from a legitimate IP address on your system. Once they insert themselves in this way, they can launch DDoS attacks during which your network is inundated with so much traffic that it becomes paralyzed. 

Encryption of communications so that only the communicating parties hold the key to their information is the best way to defend against these destructive activities. Identity authentication can also make a positive difference.

  • DNS spoofing. The domain name system (DNS) is technology that connects the domain name of a website to the IP address of the corresponding server. Thanks to DNS, people can simply type a domain name into their browser in order to reach a particular website. 

However, a DNS server is behind the scenes to look up the domain name and return the corresponding IP address. In DNS spoofing, an attacker intercepts this look-up request and returns a bogus address that takes the hapless user to an entirely different address. They may also choose to monitor data traffic and steal sensitive information at their whim. 

To minimize the chances of this attack, be sure you have installed tight perimeter security. Also, use encrypted HTTPS communications that prevent criminals from spoofing the digital certificate that verifies your website’s encryption keys.

  • HTTPS spoofing. Although HTTPS sites are very secure, bad actors can still make look-alikes that are extremely difficult to detect. To do this, criminals launch homograph attacks that replace characters in your domain name with similar ones. They register a domain name very much like yours and obtain an SSL certificate to make it appear legitimate. 

Even the most security-conscious users can be fooled by this vicious attack, leaving them open to fraud and identity theft. The best protection against HTTPS spoofing is to turn off the punycode display support in your browser so that non-ascii characters in the domain name are no longer accepted. Password managers are also helpful since they automatically insert usernames and web addresses when users visit the legitimate site.

  • Man-in-the-browser. Commonly seen with internet banking, MITB compromises the web browser of one of the communicating parties. As a result, eavesdropping, monitoring, data tampering and stealing can occur.
  • SSL stripping. This MITM incident also involves HTTP traffic and happens when a hacker reduces data into an unencrypted format and is then able to exploit it. This type of attack does not work on users who have downloaded HTTPS Everywhere, software that prevents the downgrading of information into unencrypted format. 

Since access to your local area network is required for SSL hijacking to be possible, taking strict security precautions, including firewalls for example, can be an effective deterrent.

  • Email hijacking. A hacker accesses a user’s email account, usually through a phishing scheme that tricks a user into installing a key log or a piece of malware, and preys upon it for malicious purposes. Insisting that all people on the network use two-factor authentication that requires that users have a second token in addition to their password when logging in can minimize the likelihood of this type of attack.
  • Evil twin attacks. These trick users into connecting to a malicious Wi-Fi network. This is accomplished when the hacker names their Wi-Fi network in such a way as to confuse the victim into thinking that it is actually the trusted one they are seeking. Once this strategy is successful, the victim can be redirected to bogus sites and their sensitive information compromised. 

Encouraging users to disable automatic Wi-Fi connections and to use virtual private networks (VPNs) that create a secure channel for and encrypt all internet traffic can neutralize evil twin attacks.

  • Cookie side-jacking. Also called session hijacking, this MITM attack involves the hacker stealing a user’s session cookie, the chunk of data received upon logging in that provides access to the account. Using encrypted HTTPS and VPN communications tools helps to provide protection against these as does frequent logging out of accounts.

Unfortunately, you cannot totally shield your network from all outside contact nor can you guarantee that even the most robust security and detection solution can intercept all hacking attempts and eavesdropping techniques. 

The best your organization can do is to learn about available products and applications in order to find the optimal combination that intercepts most cyber attacks and uses new, upgraded application systems to do its work. Monitoring the cybersecurity of your business might be one of the most difficult tasks that management must implement, but it is also the most crucial. That is because there is no commodity more precious than being trusted by your customers.