A man-in-the-middle attack occurs when an intruder convinces the legitimate parties involved in an email communication that they are communicating with each other.
An email attacker positions themselves between the sender and recipient(s) and steals any information shared among them, such as unencrypted data. The attacker intercepts incoming traffic, collects information and forwards it to the original recipient without notifying the sender that there is an unknown receiver trying to retrieve or alter the message before resending to the receiver.
Man-in-the-middle attack defense is difficult because the interceptor uses a legitimate account in ways that would not be identified by automated systems.
The target must identify that something is potentially suspicious and take action, such as contacting IT to investigate or contacting the sender via an out-of-band method -- if the specified sender actually sent the email message. IT administrators should check the source IP address for the Simple Mail Transfer Protocol connection or where the sender logged in. Then determine if the source IP address was potentially compromised by the attacker.
Man-in-the-middle attack defense includes implementing strong encryption between the sender and the server, and only connecting to secure Wi-Fi routers. Browser plug-ins also form a secure connection and provide a strong man-in-the-middle attack defense.
Step up your man-in-the-middle attack defense and then learn to stop denial of service attacks.
Text by Nick Lewis (CISSP), a Program Manager for Trust and Identity at Internet2.