如何保护 ws discovery ad hoc 网络免受中间人攻击
The ws-discovery specifications explains how to protect your network from
- message alteration
- Denial of service
- replay
- spoofing
but what about man-in-the-middle attack?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
当您签署消息时,WS 安全性会确保这一点。 它使用私钥进行加密,然后接收者使用公钥进行解密。 这样一来,中间的人就无法干涉了。
WS security secures that when you sign the message. It uses the private key to encrypt and then the receiver decrypts using the public key. This way, a man in the middle wont be able to interfere.
中间人攻击背后的想法(Wikipedia.org) ,是指您的网络受到威胁,攻击者可以拦截、查看和修改所有成员之间的流量。 防止这种情况的最基本步骤是使用 WPA(至少)加密网络并锁定接入点。 您的目标应该是首先阻止攻击者进入网络。 您可以采用的第二层防御是对网络上各方之间的所有流量(可能不是公共/私有)使用某种形式的加密,因此即使网络受到损害,流量仍然无法被其他人理解。攻击者。
The idea behind a Man in the Middle Attack(Wikipedia.org), is that your network is compromised and the attacker can intercept, view, and modify traffic between all members. The most basic step towards preventing this is to encrypt the network with WPA (at the minimum) and keep the access points locked down. Your goal should be to first prevent an attacker from getting into the network. The second layer of defense you could employ is to use some form of encryption for all the traffic between parties on the network (perhaps something other than public/private) so even if the network is compromised, the traffic will still not be intelligible to the attacker.
据我了解,“消息更改”缓解措施(即对消息进行签名)正在保护交互免受中间人攻击。 如果您可以通过发件人的唯一签名来验证消息的来源及其真实性,那么任何试图冒充合法发件人的人都将无法做到这一点。
As far as I understand, The "message alteration" mitigation, that is signing the messages, is protecting the interaction from man-in-the-middle attack. If you can verify the source of the message and it authenticity by the sender unique signature, then any one trying to pretend to be legitimate sender wan't be able to do so.