Educational and Laboratory System for Studying Man-in-the-Middle Attacks and Ways to Protect against Them

For the implementation of the Master’s program “Business Continuity and Information Security Maintenance” in the field of specialty 10.04.01 “Information Security”, a software shell of the educational laboratory complex (ELC) designed to study the “Man in the middle” network attacks has been developed in the NRNU MEPhI. In the framework of the ELC four basic attacks of this type are modeled: UDP Hijacking, Session Hijacking, TCP Hijacking and Bucket brigade attack. The paper presents two ELC applications: the instructor’s application and the student’s application. To assess the students’ knowledge after performing laboratory work, the “Testing” module for assessing progress testing has been created, which includes questions for testing using the ELC software shell. Methodical instructions on performance of laboratory work have been written. Within the framework of the “Protected Information Systems” discipline of the Information Security of Banking Systems Department of the NNIU MEPhI, implementing the above-mentioned Mastre’s program, a successful approbation of the developed ELC has been carried out. In conclusion the ways to further improvement of the ELC are suggested

Automated Man-in-the-Middle Attack Against Wi‑Fi Networks

Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated should raise public awareness about the state of wireless security