Biz Blogs

Discover more about ERP and business management
technologies, as well as recent news, trends, and innovations.

What is ‘Man in the Middle’ and what threat does it pose to a company’s website and network?

In this blog, Jason Brown, our IT business partner from Lakes Networking, spoke to us about a rapidly exploding security threat of 2018 and what are some of the measures that can be taken to secure your website and network against it. So let’s get straight into it.

If you like this blog, we request you to share it with anyone you think will benefit from this. Right-click to copy the link.

We publish blogs every week on business news, latest trends, tips and tricks to work smarter and other key areas affecting your business. If you don't want to miss out on them, please sign up below:

In this blog, Jason Brown, one of our IT business partner from Lakes Networking, spoke to us about a rapidly exploding virus threat and what are some of the measures that can be taken to secure your website and network against it. So let's get straight into it. 

AlphaBiz: This is going to be a long conversation!
For people who only have a few seconds to spare, can you give a shorter version of what this security threat is and what can we do about it? 

Jason: So, hackers have now turned their attention to vulnerable websites and are exploiting HTTPS to bypass firewalls and Antivirus to install things like crypto-miners on your devices. Despite the websites getting infected at a fast rate, they continue to function normally, leaving users completely unaware of the fact that their website may be contaminating their computers. 

Sophos has released a new Deep Packet Inspection (DPI) mechanism to address the issue. The only cost involved is the system admin's time to deploy. Most sites require somewhere between 3 to 5 hours each, depending on the number of users at each site. We may need to reconfigure their WiFi. 

AlphaBiz: Tell us a bit more. 

Jason: Basically, hackers are using millions of vulnerable websites and the new HTTPS enforcement to bypass firewalls and AV to infect the PCs and then the entire networks.

AlphaBiz: What is HTTPS enforcement? 

Jason: Ever since the internet started transmitting sensitive information like passwords, credit card and bank details, hackers have been using an attack called 'Man in the Middle'.  This is where the hacker injects himself into the stream of data going between a website and your PC or smart device and reads the text going back and forth. Websites often transmit data in what we refer to as clear text, which means the hacker just sits back and waits for you to type your password and he can read it in clear text as it passes between your PC and the website.  Think of it in the same way as tapping an old analogue phone line and just listening to conversations.

AlphaBiz: So, how do we stop Man in the Middle attacks?

Jason: Well, that’s a great question and one that tech giants have been wrestling with for a while.  The answer that Silicon Valley came up with, some time ago, was a new internet standard called HTTPS.  The “S” stands for secure and how it works is by installing a certificate on the website. When you browse a particular website, your internet browser (Explorer, Chrome or Firefox) checks the address of the site and compares it to the certificate. If everything looks ok, your browser and the website set up a secure encrypted session. This means that even if a hacker is using a 'man in the middle attack', all he sees is encrypted data. Because every connection to the website uses a unique and randomly generated encryption key, decrypting the text is very hard.  Banks and the like have been using HTTPS for a while now.

In 2017 internet browsers started to highlight websites not using HTTPS by default, as insecure. These days if you browse a site that's not using HTTPS, you are likely to get a big warning rather than just a red padlock telling you the site is not secure.  This has pushed everyone to use HTTPS for their website even if they don’t transmit any data.  The good news is there has been a dramatic drop in 'Man in the Middle attacks'.

AlphaBiz: If HTTPS is making the web more secure, then where is the problem?

Jason: Well, all the hackers using 'Man in the middle attacks' have suddenly found themselves without a revenue stream. And, unfortunately,  they haven't changed their occupation to a landscape gardener or an ice-cream vendor, as Silicon Valley had hoped.  Instead, they have turned their attention to websites that can be hacked themselves. Just like windows updates, there is a constant stream of updates that get released for most CMS platforms. If the CMS platform doesn’t get updated, it becomes vulnerable to hackers who infect these websites with their code, then bypass network Firewalls and Antivirus to infect networks.  The evil genius behind this new attack is that the website owners have no idea that their website is actually infecting end users PCs and networks.  This means every website running HTTPS is now a potential threat as end users have no way of knowing if the sites CMS is up-to-date with its security patches.  By the way, those of you whose website is hosted with Lakes and are on a maintenance plan – we are keeping your CMS updated.

AlphaBiz: OK, so how do we stop this new threat?

Jason: Well ironically, the answer is 'Man in the middle'.  What Sophos has released is a system whereby the Firewall sets itself up as a man in the middle between the secure website and your PC.  This allows the Firewall to decrypt the data, inspect it for nasties and if safe, pass the data back to the PC.  If the data is bad and contains infections, the site gets blocked.

AlphaBiz: And what is the cost to deploy this new security measure?

Jason: The good news is that Sophos has made this new technology available as part of its existing licensing. However, we will need to discuss how a company's WiFi works and will need to deploy a Sophos certificate to all PC’s and Laptops on the network.  Our test sites have also experienced a few hiccups that need to be ironed out, so we are allowing 3-5 hours to deploy the new setup (depending on network size and complexity).

AlphaBiz: So, how do companies get started?

Jason: All they need to do is get in touch with me or anyone at Lakes Networking, and one of our System Admins will get in touch to plan the rollout. Our phone number is 08 9417 2230, and email address is support@thelakesgroup.com.au

AlphaBiz: Thank you, Jason. That was very well-explained. I am sure our readers will see why it is crucial for them to secure their websites. 

Table of Contents

Elevate Your Business Success with MYOB Advanced

Join the ranks of successful businesses across WA and Australia that have benefited from our MYOB ERP solutions expertise.

 

Latest Blogs to Know More
About Business Management Solutions

  • Fill out the form below and we’ll quickly get in touch

  • This field is for validation purposes and should be left unchanged.

  • SIGN UP HERE TO DOWNLOAD.

  • This field is for validation purposes and should be left unchanged.

Scroll to Top

Thank You for Registering!

Your Seat is Reserved for the Webinar

We’re excited to have you join us for the upcoming webinar on “Prepare for Mandatory Two-Factor Authentication: Essential Webinar for MYOB Acumatica Users”. 

The webinar is scheduled for
22 August 2024, from 10:00 am to 10:45 am AWST

Keep an eye on your inbox for the confirmation email, which includes all the details you’ll need to join the session. If you can’t attend the live event, no worries—we’ll send you a recording afterward.

Questions?

If you have any questions before the webinar,
feel free to reach out to us at:

admin@alphabiz.com.au

We look forward to seeing you at the webinar!

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

Thank you for your interest!

Please check your email for the downloaded file.

Should you require further assistance, don’t hesitate to contact one of our expert ERP consultants.

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

Thank You for Registering!

Your Seat is Reserved for the TRAILD Webinar

We’re excited to have you join us for the upcoming webinar on “Streamlining, Automating, and Protecting Your Accounts Payable with TRAILD”. 
 
The webinar is scheduled for August 18, 2023, from 10am to 11am Perth Time. 

What's Next?

You will receive a confirmation email shortly with the webinar details and a calendar invite. Please check your spam folder if you don’t see it in your inbox. 
 
If you can’t attend live, don’t worry! We’ll send a recorded version of the webinar to your email once it’s available. 

Questions?

If you have any questions before the webinar,
feel free to reach out to us at:

admin@alphabiz.com.au

We look forward to seeing you at the webinar!

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

SIGN UP HERE TO DOWNLOAD

Experience the MYOB Advanced Difference

Explore tailored MYOB Advanced demos demonstrating how these ERP solutions uniquely enhance your business processes. 

Please fill out your details below to get started

Schedule Your Free
No-Obligation Consultation

Discover how our tailored solutions can meet your specific business process needs. Submit your information below, our MYOB Advanced expert will reach out to you: 

Get started today

Embark on your journey towards streamlined delivery management with AlphaPOD. Easy integration, customizable features, and dedicated support await. 
 
Please fill out the field below:

SIGN UP HERE TO DOWNLOAD

Thank you for reaching out!

One of our specialized consultants will be in touch soon to assist with your query