Oh hey, maybe I should get caught up in the tread before replying...
* Remote user goes to ADFS to leverage SSO to get to 3rd party for travel expenses, etc. which includes entering credit card data * Focus on MITM because the discussion became centered around TLS 1.2 after I requested to turn off Extended Protection in IIS7 (http://support.microsoft.com/kb/973917/en-us) which is only supported by IE * See bullet 1 What is the most common way to initiate a MITM attack? Phishing e-mail with a link? Dave From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Thursday, August 01, 2013 6:43 AM To: ntsysadm Subject: Re: [NTSysADM] man-in-the-middle attack I think you missed Ken's point, Micheal. For any given scenario, the likelihood of it happening has to be considered AS WELL AS (not independently of) the consequences if it happens. His last paragraph is instructive here: Using your method results in too much attention being paid to extreme events, and inadequate supervision of more mundane, even boring, events that result in small losses. Except lots of small losses can be just as crippling to a business. As to the original question of "In short, what are the odds of a MITM attack actually happening between my remote employee and our ADFS server?" I would respond that there is insufficient information in the thread thus far to actually answer that question. David's question begs a few questions from me: -- How are the ADFS servers being used as relates to these remote devices? -- Why the focus on man-in-the-middle attacks? (Is this the only perceived risk of remote and mobile systems?) -- What apps will the users be accessing after authentication? Regards, ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...
