1

Is there a way to encrypt HTTP traffic to avoid man-in-the-middle attacks?

I use Google Chrome.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Spyros Chiotakis
  • 93
  • 8
  • use a secure proxy – ratchet freak Oct 06 '12 at 18:13
  • What about a MITM who is further away than your router. You can only encrypt traffic to an end point who will operate the same encryption scheme - what browser you use is irrelevant. But that you mention it suggests you're talking about web access - in which case use HTTPS – symcbean Oct 06 '12 at 22:19

2 Answers2

3

Is there a way to encrypt traffic to avoid MITM attacks?

Many! Almost every good method for this involves a public/private keypair. To ensure that you are corrected to the correct endpoint, you must know trust the other side's key. If you don't somehow verify the key on the other end of the connection, the value is very limited as an attack can substitute themselves during the connection setup.

As long as your endpoint is verified, you can make a safe connection from open WiFi at DEFCON and have a safe connection (so far as we know, but the researchers do like to play there). SSL, SSH, IPSEC... they all follow these rules.

Since you mentioned a secure connection to your router, there are two things to look at. The first is that if you're trying to protect against people who aren't authorized to connect to your network and you're wireless, WPA2 with a strong passphrase will keep you from associating with the wrong access point or them associating with your access point... as long as you have WiFi protected setup turned off, anyway.

The second thing is back to the "uniform" setup that should work even with mischief on your own network: a VPN. Enable an appropriate VPN (IPSEC or other; there are a few) on your router and connect to that when you come online.

Community
  • 1
Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
0

If you use SSL and only work with sites that use SSL certificates that are trusted by your browser (pass validation by your browsers trusted certificate authorities) your traffic should be safe from main-in-the-middle attacks.

By validating the SSL certificate as signed by the trusted CA you know that the session encryption key is valid and only known by you and the site you are communicating with.

Host authentication provides this same protection when using SSH.

HeatfanJohn
  • 320
  • 2
  • 12
  • SSL is end-to-end. To provide protection between a compter and a router the IPSEC or WPA2 for wireless (with WPS disabled) – symcbean Oct 06 '12 at 22:17
  • The question was unclear to me. If the OP is only concerned with traffic to he router then SSH will secure that traffic. – HeatfanJohn Oct 07 '12 at 00:02