1

Understand how to counteract this type of attack. Since a man-in-the-middle attack (MTM) can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other, the two crucial points in defending against MTM are authentication and encryption. A number of cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority. However, SSL is still not supported by many websites yet. Fortunately, there are three effective ways to defend against a man-in-the-middle attack even without SSL. These methods are able to encrypt the data traffic between you and the server you are connecting to, and also include some kind of end-point authentication. Each method is broken down in the following sections.