I'm looking for the best way to protect my enterprise against man in the middle attacks, because a lot of people connect to the same network.
So I was thinking of creating a VPN. Is this really the best solution against MitM attacks?
I'm looking for the best way to protect my enterprise against man in the middle attacks, because a lot of people connect to the same network.
So I was thinking of creating a VPN. Is this really the best solution against MitM attacks?
Setup proper 802.1X authentication / WPA-Enterprise to connect to the network. So each client will have their own credentials and they'll be logged accordingly.
VPN could also be set up in the same manner if you need remote access. All of these protocols are designed with security in mind and thus inherently prevents any form of MITM attacks if implemented correctly. Basically, it creates a secure tunnel to communicate between client and server which coupled with secure authentication protocols would prevent anyone from monitoring, modifying or impersonating your communication.
If you want to ensure you have your employees taking to you, and not some third party, you need to create a set of keys you distribute securely, and the tool you use depends on both ends having keys. Some few VPNs may do that, but not many. I think ssh can do so.