Computer Systems Security Planning for Success

The diagram shows three entities: a "User" depicted on the left, a "Man in the Middle" in the center, and a "Web Server" on the right. An "Old Connection" is shown as a dashed grey line with arrows at both ends, directly connecting the "User" and the "Web Server", representing their original, direct communication path. Below this, a "New Connection" illustrates the MitM attack. This path shows a solid black line with an arrow from the "User" pointing to the "Man in the Middle", and another solid black line with an arrow from the "Man in the Middle" pointing to the "Web Server". This indicates that the "Man in the Middle" is positioned to intercept and potentially alter the communication flowing between the "User" and the "Web Server".

The diagram depicts a sequence of communications involving "Bob" on the left, "Alice" on the right, and a "MitM" (Man-in-the-Middle) attacker positioned centrally. Initially, Bob requests Alice’s public key by sending a message, "Send me your public key so I can send a secret," indicated by an arrow from Bob to Alice. Alice attempts to respond with her public key, "My public key is ABCD"; however, this message, shown as an arrow from Alice towards Bob, is intercepted by the MitM attacker. The attacker then deceives Bob by sending their own public key, "My public key is WXGZ," as if it came from Alice (arrow from MitM to Bob). Consequently, when Bob sends his "Secret (encrypted w/WXGZ)," believing he is communicating securely with Alice, the message (arrow from Bob towards Alice) is actually intercepted by the MitM. The MitM, possessing the corresponding private key to WXGZ, can decrypt this secret. Finally, the diagram shows the MitM forwarding a message "Secret (encrypted w/ABCD)" to Alice (arrow from MitM to Alice), implying the attacker has decrypted Bob’s original secret, possibly altered it, and then re-encrypted it using Alice’s genuine public key (ABCD) to complete the deception and maintain the flow of communication.

The diagram shows a Man-in-the-Browser attack involving a "User," their "Work Station," a "Browser" (represented by a Chrome-like icon), an "Attacker" (icon of a figure in a hat and trench coat), and a "Web Server." The attack unfolds as follows: First, malware is downloaded to the "User’s" "Work Station," indicated by an arrow from the "User" to the "Work Station." The "User" then attempts a transaction; an arrow from the "Work Station" to the "Browser" shows an "approved $1,000" payment, and a corresponding arrow from the "Browser" back to the "Work Station" shows "transfer $1,000," representing the user’s intended action and what they believe is happening. However, due to the malware, the "Browser" is compromised. An "Attacker" is depicted above the "Browser" with a bidirectional arrow, signifying control or interaction. The compromised "Browser" then communicates with the "Web Server." An arrow from the "Browser" to the "Web Server" shows a modified request for an "approved $10,000 to Attacker," and a corresponding arrow from the "Web Server" back to the "Browser" indicates "transfer $10,000 to Attacker." This illustrates that the attacker, through the malware in the browser, has secretly changed the transaction details, redirecting a larger sum of money to themselves, while the user remains unaware of the alteration.

The diagram shows interactions between a "Victim," an "Attacker," and a "Server" to illustrate an SSL circumvention attack. The Victim initiates a connection by sending a "GET http://njit.edu" request, which is intercepted by the Attacker. The Attacker forwards this GET request to the Server. The Server responds with a "301 Moved" redirect, typically indicating a move to HTTPS. The Attacker receives this redirect but does not forward it to the Victim. Instead, the Attacker initiates its own "GET https://njit.edu" request to the Server, establishing a secure HTTPS connection. The Server responds to the Attacker with "200 OK (HTTPS)". The Attacker then sends a "200 OK (HTTP)" response back to the Victim, deceiving the Victim into believing they are communicating over a standard HTTP connection with the server and that no HTTPS upgrade occurred. Subsequently, the Victim sends their credentials, "POST http://njit.edu username=admin password=admin," over this unencrypted HTTP connection to the Attacker. The Attacker, having captured the plaintext credentials, can then forward this POST request, potentially over a secure HTTPS connection ("POST https://njit.edu username=admin password=admin"), to the legitimate Server. This allows the attacker to intercept sensitive information while the victim believes their session is normal, albeit unencrypted as presented by the attacker.