*>>What is the most common way to initiate a MITM attack? Phishing e-mail with a link?*
**** That would depend entirely on the technologies involved. You could wait in the right place, you could phish to get in the right place, you could spoof or poison DNS to send the users to the "right" place... You really need to focus your risk mitigation on specific, credible threats that you wish to address, and then determine if it is worth it for any particular mitigation approach. Otherwise, not only might you miss low hanging fruit that is less sexy, but more damaging in the aggregate, you might end up spending $100K to prevent a loss of $50K *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Thu, Aug 1, 2013 at 10:43 AM, David Lum <[email protected]> wrote: > Oh hey, maybe I should get caught up in the tread before replying…**** > > ** ** > > **· **Remote user goes to ADFS to leverage SSO to get to 3rdparty for > travel expenses, etc. which includes entering credit card data > **** > > **· **Focus on MITM because the discussion became centered around > TLS 1.2 after I requested to turn off Extended Protection in IIS7 ( > http://support.microsoft.com/kb/973917/en-us) which is only supported by > IE**** > > **· **See bullet 1**** > > ** ** > > What is the most common way to initiate a MITM attack? Phishing e-mail > with a link?**** > > ** ** > > Dave**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Andrew S. Baker > *Sent:* Thursday, August 01, 2013 6:43 AM > *To:* ntsysadm > > *Subject:* Re: [NTSysADM] man-in-the-middle attack**** > > ** ** > > I think you missed Ken's point, Micheal.**** > > ** ** > > For any given scenario, the likelihood of it happening has to be > considered AS WELL AS (not independently of) the consequences if it happens. > **** > > ** ** > > His last paragraph is instructive here:**** > > ** ** > > Using your method results in too much attention being paid to extreme > events, and inadequate supervision of more mundane, even boring, events > that result in small losses. Except lots of small losses can be just as > crippling to a business.**** > > ** ** > > ** ** > > As to the original question of "In short, what are the odds of a MITM > attack actually happening between my remote employee and our ADFS server?" > **** > > ** ** > > I would respond that there is insufficient information in the thread thus > far to actually answer that question.**** > > ** ** > > David's question begs a few questions from me:**** > > -- How are the ADFS servers being used as relates to these remote devices? > **** > > -- Why the focus on man-in-the-middle attacks? (Is this the only > perceived risk of remote and mobile systems?)**** > > -- What apps will the users be accessing after authentication?**** > > ** ** > > Regards,**** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > ** ** >
