A man-in-the-middle (MitM) attack occurs when an attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly. The attacker reads and sometimes modifies messages in transit without either party’s knowledge.
Common MitM techniques include ARP poisoning on local networks, rogue Wi-Fi hotspots that intercept traffic, and SSL stripping attacks that downgrade HTTPS connections to HTTP. TLS with proper certificate validation is the primary defense.
CISSP Relevance
Man-in-the-middle attacks are addressed in Domain 4 (Communications and Network Security) and Domain 3 (Security Architecture and Engineering). CISSP candidates must understand how MitM attacks work, which protocols prevent them, and how to design networks that minimize interception exposure.
External reference: NIST Glossary Man-in-the-Middle Attack
Related terms: Encryption, Public Key Infrastructure