How to protect ad hoc ws discovery network from man-in-the-middle attacks

Question

How to protect ad hoc ws discovery network from man-in-the-middle attacks

the ws-discovery spec explains how to protect your network from

message change
Denial of service
replay
Substitution

but what about a man-in-the-middle attack?

+1

security man-in-the-middle web-services ws-security ws-discovery

ahmed Dec 10. '08 at 20:49

source to share

3 answers

Igal Serban · Answer 1 · 2008-12-10T22:49:53+0000

It is my understanding that the "message change" mitigation that signs messages protects the interaction from a man-in-the-middle attack. If you can verify the origin of a message and its authenticity against the unique subscriber of the sender, then anyone who tries to pretend to be the legitimate sender cannot.

Floppydisk · Answer 2 · 2009-05-09T22:27:04+0000

The idea behind Man in Medium Attack (Wikipedia.org) is that your network is compromised and an attacker can intercept, view and modify traffic between all participants. The easiest step to prevent this is to encrypt the network with WPA (at a minimum) and block the access points. Your goal should be to prevent an attacker from entering the network first. The second layer of protection you can use is to use some form of encryption for all traffic between parties on the network (possibly something other than public / private), so even if the network is compromised, there will still be no traffic the cracker is understandable.

Hector · Answer 3 · 2010-03-13T00:53:55+0000

WS security ensures that when you sign a message. It uses the private key for encryption and then the receiver decrypts with the public key. Thus, the person in the middle cannot interfere.

How to protect ad hoc ws discovery network from man-in-the-middle attacks

More articles: