I'm looking for the best way to protect my enterprise against man in the middle attacks, because a lot of people connect to the same network.
So I was thinking of creating a VPN. Is this really the best solution against MitM attacks?
Asked
Active
Viewed 482 times
1
-
3You haven't given *nearly* enough information. What's the nature of this network? Is it a corporate network with access only given to employees? Who would be performing attacks (otherwise legitimate users, or people who shouldn't have *any* access)? How is access to the network controlled? – cpast Mar 29 '15 at 22:56
-
Thanks for the reply. Its a WPA protected network. But we all need to be connected to the network because of the internet and sharing information. But you know. You never know who is behinf every employee... – NathanWay Mar 29 '15 at 23:01
-
Does it use a pre-shared key (like most home networks), or do you log on with your personal username and password (like most enterprise networks)? – cpast Mar 29 '15 at 23:02
-
Everybody is connected with the same Key, the key is 16 digits long. – NathanWay Mar 29 '15 at 23:03
2 Answers
2
Setup proper 802.1X authentication / WPA-Enterprise to connect to the network. So each client will have their own credentials and they'll be logged accordingly.
VPN could also be set up in the same manner if you need remote access. All of these protocols are designed with security in mind and thus inherently prevents any form of MITM attacks if implemented correctly. Basically, it creates a secure tunnel to communicate between client and server which coupled with secure authentication protocols would prevent anyone from monitoring, modifying or impersonating your communication.
Pavin Joseph
- 706
- 7
- 10
1
If you want to ensure you have your employees taking to you, and not some third party, you need to create a set of keys you distribute securely, and the tool you use depends on both ends having keys. Some few VPNs may do that, but not many. I think ssh can do so.
davecb
- 313
- 1
- 6