Network Eavesdropping Attack

From Guidance Share

Jump to: navigation, search

Description

The HTTP data for Web application travels across networks in plaintext and is subject to network eavesdropping attacks, where an attacker uses network monitoring software to capture and potentially modify sensitive data.


Vulnerabilities

  • Communication channel is insecure (lacking confidentiality and integrity protection)


Countermeasures

  • Utilize SSL or IPSec w/ Encryption to establish a secure communication channel
Personal tools