Cumberland County College Man in The Middle and Metasploit Attack Paper

User Generated

Nabalzbhf_14

Writing

Cumberland County College

Description

10 page Research paper on "man in the middle and Metasploit" attack - related to cybersecurity

Paper should include the following:

1. abstract

2. introduction

3. techniques

4. prevention

5. conclusion

6. reference- minimum of 5 peer reviewed article


Industry to be considered is the healthcare industry that processes medical claims.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

You are most welcome!The work is ready!😇 See the attached file and get back if you need assistance with edits.

Running Head: RESEARCH PAPER

1

Research Paper:
Man in the Middle and Metasploit Attack
Student’s Name
Professor
Course
Date

MAN IN THE MIDDLE AND METASPLOIT ATTACK
2

Abstract
This paper explores the various techniques used by the hackers in MITM and Metasploit
attacks, and the various methods the healthcare organizations should instill in their systems to
prevent such attacks. On particular occasions, the healthcare industry has been experiencing data
insecurities. Through various technological advancements, most healthcare institutions reinforce
means that are possible to secure healthcare information. Through different possibilities, various
protocols are used for the execution of rewriting and sniffing attacks. While stealing credentials
and injecting malware into pages, the attackers tend to tamper with the HTTP. These are some of
the techniques used to execute the Man in the Middle and Metasploit attacks. In cases where there
is a lack of countermeasures for Man in the middle and Metasploit attacks, an attacker can easily
spoof the DNS and collect information as it passes from the sender to the receiver. Standard
countermeasures against Man in the middle and Metasploit attacks are the IMAP, POP3, SMTP,
FTP, SSH, and TLS/SSL.

MAN IN THE MIDDLE AND METASPLOIT ATTACK
3
Man in the Middle and Metasploit Attack
The healthcare industry processes various types of medical information such as medical
billing information to clients and insurance claims to insurance companies and governments. A
medical coder then codes messages transferred from a licensed service provider to patients. The
healthcare industry is under high pressure to protect patients’ data and data to other stakeholders,
given the delicacy of the information. However, during transmission od data from one end to
another, intrusion may occur, and the data may fall in the wrong hands if not well protected. This
is accomplished by hackers and crackers use Man in the Middle and Metasploit attack techniques.
This paper explores the various techniques used by the hackers in MITM and Metasploit attacks,
and the various methods the healthcare organizations should instill in their systems to prevent such
attacks.

Techniques
Monkey in the middle attack or bucket brigade attack are names used to refer to the man
in the middle attack. In most occasions, hacking or intrusion by attackers in private information
has been conducted technologically. This has been on the basis of a man in the middle or
Metasploit attacks. Man in the middle attack is whereby a hacker intrudes the information between
two parties, therefore, obtaining their communication and at particular occasions interfering with
the message from the server. For the execution of the MITM, sniffing of the victim is a major
concern. In Sniffing, the man in the middle intrudes in the data linked layer, therefore, undermining
the security measures of the network layer. In the healthcare industry, an intruder tends to obtain
the IP address of the two parties communicating (Zahler & Steiner, n.d.). After obtaining the IP

MAN IN THE MIDDLE AND METASPLOIT ATTACK
4
address, hacking and obtaining their required information becomes easy as it can be performed by
the use of tools such as Dug Songs “dsniff” package, which is easily obtained from the internet. In
the case of the medical billing insurance claims with the healthcare providers using the MAC
address, the attackers replace the gateway hosts’ address with theirs, meaning the healthcare
providers now sends information through the attackers (Zahler & Steiner, n.d.). In case the
information is encrypted, it becomes hard for the attackers to intercept the exchange of
information, as they cannot decode the information (arpspoofing).
For the attackers to decode encrypted messages, they must place themselves between the
victim and the server. One of the agendas of the attacker is to make sure that none of the
information reaches the receiver because it is easy for the receiver to notice the different sender
and, therefore, terminate the connection (Zahler & Steiner, n.d.). The best way is masquerading
the attacker as the victim’s destination website. Additionally, there are tools for this that essentially
configure the attacker’s computer in a manner that when the victim tries resolving the URL, they
obtain a wrong IP- address, usually belonging to the attacker. At this instance, the attacker makes
the victim believe that they are in communication with the intended server, and at the same time
denies any form of information from reaching the victim (Zahler & Steiner, n.d.).
IP-Forwarding is essential and technically not complex. It is important to attach the IPaddress while sending the information to the intended addressee. Forgetting to attach the
attachment may cause certain intercepted traffic to be stopped (Zahler & Steiner, n.d.). Opting to
make the attachment gives assurance to the receiver that the information is as intended and so in
the healthcare industry whenever the payer is expecting billing claims from the healthcare
providers.

MAN IN THE MIDDLE AND METASPLOIT ATTACK
5
SSL protocols are used to ascertain the clients that they are talking to trusted servers. It
performs higher than IP/TCP and lower than higher levels like HTTP or IMAP and enables the
SSL server to authenticate to an SSL client. It then becomes easier for authentication between the
server and the client; therefore, their established connection becomes encrypted (Zahler & Steiner,
n.d.). The authentication process includes various steps such as; the client receiving the server’s
certificate, the client checking the certificate’s validity period, the client checking if the issuing of
the certificate authority is trusted with each SSL-enabled clients maintaining a list of trusted CA
certificates. The client then uses the public key from the CA’s certificate for the validity of the
CA’s digital signature on the server’s certificate is presented. If the information in the server
certificate has been altered with since the CA-signed or there is no correspondence between the
CA certificate’s public key and the private key used to sign the server certificate by the CA, the
client, therefore, is unable to authenticate the server’s identity (Zahler & Steiner, n.d.). The client
then checks whether or not the domain name in a server’s certificate matches the domain name of
the server itself. Despite the fact that this step is technically not part of the SSL protocol, it provides
protection against MITM and Metasploit attacks.
If the client does not check whether or not the domain name in a server’s certificate matches
the domain name of the server per se, SSL becomes useless against MITM and Metasploit attacks
(Swanink, Poll, & Schwabe, 2016). Most clients such as the browsers engage in this step which
means that the attacker requires an accepted certificate for authentication by the user. If the user,
CA and the software are all correct, then this is impossible. Despite the fact the attackers may fail
to obtain the intended information, they may create fake information that looks reasonably similar.
When the false certificate is not signed by the valid CA, the browser asks the user how to proceed.
The attack becomes successful when the user dismisses the warning but since the information is

MAN IN THE MIDDLE AND METASPLOIT ATTACK
6
faked and is reasonably similar to many browser warnings not formulated well, the user is likely
to accept the information (Swanink, Poll, & Schwabe, 2016).
Communication system users tend to be more careful in case they realize that they might
be risking by giving particular information. When the SSL user is not working properly, it
diminishes the risk of an attack and, therefore, acceptance of the forged certificate can easily be
attained without the user’s approval. A fault in various internet explorer versions 5.0, 5.5, and 6.0
serve as examples in this case. The attacker only requires the certificate signed by the CA with its
private key. Certificates associated with objects of https (like ) are not properly checked
and stored for the other sessions. The hacker ensures that the https-object and the bogus certificate
is loaded before the use...


Anonymous
Awesome! Made my life easier.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags