CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید











  • Mitigating Man-In-The-Middle Attacks


    Man-in-the-middle attacks can be mitigated effectively only through cryptography. If communication is encrypted, the attacker can capture only the cipher text. If, however, the attacker can determine or capture the session key, man-in-the-middle attacks become possible. A man-in-the-middle attack against an encrypted session can succeed only if attackers can insert themselves into the key-exchange process. Before an encrypted session can be set up, both parties must agree on a session key that will be used to encrypt traffic in both directions. To do so, both parties must either perform a Diffie-Hellman key exchange, whereby the session key is derived from a combination of private and public encryption keys, or communicate in some other fashion (preferably out-of-band) to agree on the session key. An attacker can insert themselves between the two parties in a man-in-the-middle attack in such a way that the attacker negotiates a separate session key with both parties and relays the communication sufficiently fast enough to keep up with the other two computers, as shown in Figure 9-2.

    Figure 9-2. Man-In-The-Middle Attack During Session Setup

    In


    • / 290