Question

A close friend of yours watched a few episodes of a cybersecurity TV show and has become the resident expert on all things cybersecurity-related. They point out that you should never use public Wi-Fi as all traffic sent over the Wi-Fi network can be viewed by an attacker.

1) Do you agree with their assessment?

2) Which protocol sends data in cleartext? Which sends it encrypted?

3) What would happen if an attacker tries to passively view TLS encrypted traffic?

4) What would happen if an attacker actively tried to intercept TLS encrypted traffic. What is this attack called?

Answer 1

1.)
Yes, I agree with the assessment as below are the risk in a public wifi:
- Might be spoofed. Means your network requests can be transferred to a different website where the data you have provided can be compromised.
- Generally, most people use same password across multiple sites over the internet. If you sign in to a public wifi, it might be so possible that someone is having a silent look at your sign in details and steals your password to get hold of many other websites.

2.)
FTP -> File transfer protocol.
SNMP -> Simple netwrok management protocol
The above two establishes connection with other machines by sending plain text data i.e. without encryption

HTTPS -> Hyper Text Transfer Protocol Secure
SSL -> Secure Sockets Layer.
The above two encrypts the data and then sends in a network.


3.)
In case, the attacker is passively viewing the TLS packets, IP spoofing attack can happen. In this type of attack, when a user tries to access a web URL, the information that the user sends to that URL is redirected to the attackers defined address (may be his URL or website). From this, he can get hold of my data as my request never reached the actual URL but went to SPOOFED URL.

4.)
In case, the attacker is actively viewing the TLS packets, he can listen or view the information being sent from my system to the URL where I am making some request.

ME ----------------> Server -> This has
Server ---------------> ME no issues


In case of active viewing or eavesdropping (secretly viewing):-

ME --------------> Attacker ----------------->SERVER (Before going to actual destination, the request is intercepted by the attacker) MAN IN THE MIDDLE ATTACK







Kindly upvote if this helped