enterprisesecuritymag

Safeguard from Data Breaches with Fortinet's Software Tool

Kennedi Gross, Manager, Cyber Security, Valvoline

How AI can be used in CybersecurityKennedi Gross, Manager, Cyber Security, Valvoline

FortiGate builds a protected tunnel from the device to the users' websites by combining Internet Protocol Protection (IPsec) and Secure Sockets Layer (SSL).

Hackers use several tactics to gain access to an organizations’ data when using public Wi-Fi. Here are a few of their preferred methods.

Man-in-the-Middle (MTM) Attacks)

A MITM attack allows a hacker to intercept the data when one is linked to the internet. The hacker can do many things to compromise the security when trying to access a particular website:

Shows Fake Websites: A hacker might use a fake website to trick one into providing personal information. They might, for example, make it seem as though a user must first present information before using the internet. A user will use the same password for several accounts, such as their email logins or trading accounts, in certain instances. The hacker will then gather this data and attempt to gain access to the target's digital life.

Collect User's Passwords: Even if one just logs in to a site or email service that a hacker is not interested in, if the user uses the same password—or one that is very similar—on other sites, they might make it easy for the attacker to impersonate on sites that are much more useful to them.

Access Data: A consumer can transmit sensitive personal information over the internet in some cases. In other cases, the user will be required to submit confidential details that the organization wishes to keep private. A MITM attack can be used to intercept this data.

Packet-Sniffing Software

Data is structured into packets as it flows across a network. Data packets can be intercepted and collected using packet sniffing tools. As a result, a hacker with packet-sniffing software will sit in a public Wi-Fi area and wait for users to send data from their computers. While this is going on, the packet-sniffing software is collecting data. The hacker then either transfers the information to their own computer, where a partner can access it, or they leave and study the information at home. They will then take their time searching for login information and personal information that they can use to gain access to the online life.

Hijacking a Session (Sidejacking)

Session hijacking, also known as sidejacking, includes gaining access to confidential information by using cookies, which are data files that the browser stores on the device. The browser stores information in the form of cookies when one searches the internet. This also involves login credentials, so users do not have to enter the same details every time they visit a website accessed before. Session hijacking allows a hacker to gain access to the cookies and retrieve the login credentials.

With the Fortinet FortiGate next-generation firewall, clients get a scalable crypto VPN that protects them from data breaches while connected to Wi-Fi hotspots.  When the firm links to a hotspot with FortiGate, its data is strongly encrypted. Even if a hacker manages to get between the organization and the hotspot, the hacker would be unable to read the data because FortiGate has encrypted it. FortiGate builds a protected tunnel from the device to the users' websites by combining Internet Protocol Protection (IPsec) and Secure Sockets Layer (SSL).

Weekly Brief

Read Also

In-Depth Network Visibility and Security Intelligence

In-Depth Network Visibility and Security Intelligence

Mike Potts, President and CEO, Lancope, Inc.
Threat Intelligence: The New Frontier

Threat Intelligence: The New Frontier

Wes Spencer, CIO, FNB Bank Inc.
Getting In Front: Thinking Differently about Threat Intelligence

Getting In Front: Thinking Differently about Threat Intelligence

Tim Callahan, SVP, Global Security, & Global CSO, Aflac [NYSE:AFL]
The Great Threat Intelligence Debate

The Great Threat Intelligence Debate

Dan Holden, Director-Security Research, Arbor Networks
Operationalizing Threat Intelligence

Operationalizing Threat Intelligence

Chuck Fishman, Media Entertainment and publishing Director, Acquia
Introduction to Security Video Analytics and Advancements

Introduction to Security Video Analytics and Advancements

David Waldron, CPP, Associate Principal and Project Executive, IMEG Corp