2

I know that certificates and signatures are really important for preventing Man-in-the-middle attacks, among other things.

I am not concerned about a third party reading the transmission, only altering it. Imagine data that is nowhere confidential, just has to be accurate.

If an application is running on a user computer on the intranet and is communicating with another intranet endpoint. And for the sake of the question, you can assume that everyone on the inside is trustable. Is a man-in-the-middle attack a real risk? Could someone on the outside somehow see the request and fake a response?

I am interested in the intranet part of it. Intuitively, I would guess that it is not possible, let alone risky, but I could be wrong.

So first of all, is it possible? Second of all, is it reasonably risky?

An explanation of how it could be done, if it can, would be appreciated.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Kaito Kid
  • 135
  • 4
  • @schroeder I **think** that nothing outside can access it, since it's an intranet. My question is basically "Is my assumption right?". I want to know if it's possible, and if so, if it is likely. basically I'm looking for a confirmation of my assumption, or for an explanation why I'm wrong. – Kaito Kid Oct 12 '18 at 15:27
  • Is my edit more what you wanted to ask? – schroeder Oct 12 '18 at 15:31
  • 1
    As soon as you add users into the mix, a lot is possible. An outside attacker just needs to take over the user machine. – schroeder Oct 12 '18 at 15:32
  • *"And for the sake of the question, you can assume that everyone on the inside is trustable."* - trustable is one thing. But infallible too? And no security issues somewhere which might allow access from outside? And how about the vendors of the network equipment - are they fully trustable and infallible too? What makes you sure that nobody except your trustable users has access to the network? – Steffen Ullrich Oct 12 '18 at 15:35
  • I can't tell if this question is theoretical, or it it's about how something would work in the real world. – Daisetsu Oct 12 '18 at 23:16

1 Answers1

5

Could someone on the outside somehow see the request and fake a response?

Someone who is both physically and logically outside the network cannot fiddle with the intranet. But while keeping an attacker physically outside is comparatively easy to guarantee, keeping the attacker logically out of the internal network is much harder.

And for the sake of the question, you can assume that everyone on the inside is trustable.

I don't think that you actually mean "everyone on the inside" but more "everyone who is legally allowed to be on the inside". While you hope that these are the same users this is not necessarily the case.

But have a look at the users who should be legally in the network: even fully trustable users are not infallible and might be tricked into letting the attacker accidentally and unknowingly into the network. Typical current ways are phishing attacks where the user gets for example a mail from a seemingly trusted person with an office document (containing macros) or some executable which looks like an office document or PDF. By "opening" this document the attacker gets access to the internal network and the user might not even have noticed anything unusual. Also, internal systems might be vulnerable in a way that they might be infected if the user visits an external site from inside the same network. Or how about an attacker taking over the networked printer and from there the network just by tricking someone inside to print some document.

As a result your network might now contain users who should not be legally there and who you can not trust. You cannot really be sure who really has access to your local network unless it is fully separated (physically and logically, i.e. no data exchange by USB sticks or similar) from potentially dangerous networks.

How big is the man in the middle threat from outside the network when communicating on an intranet?

How big the risk really is depends on the network. The less you know how your network works and what should happen in the network, the more likely some attacker knows more about it and makes use of this knowledge. On the other hand if you spend lots of money to protect your network it is usually since it is really valuable - in which case an attacker will probably also invest more resources to get into it.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424