Eavesdropping

Eavesdropping is a web security threat in which intermediate servers or sniffer programs intercept and read HTTP data packets as they traverse intermediate servers en route to their destination.

Web applications use the Hypertext Transfer Protocol (HTTP) as a communication protocol between servers and clients. Because the HTTP requests and responses are sent in plain text, they can be easily read and analyzed. Moreover, the internet transfers data by traversing many intermediary computers and routers, increasing the number of nodes where data packets can be intercepted and read.

For example, Ethernet is the most commonly used physical network technology used in the Internet. Data transmitted on Ethernet are broadcast to all nodes within the same network segment, even if they are sent to a specific node. Data packets can be observed not only by the sending and receiving peers, but also by all other peers in the same network segment. You can legitimately use this feature to monitor the data packets between a client and server for development purposes or failure detection, but attackers can do the same for malicious purposes.

Eavesdropping can be done by means of:

  • Man-in-the-middle attacks—an intermediary server is used to trace and relay messages between the client and server.
  • Sniffing software—programs that intercept and interpret data transmitted on a computer or over a network.

Defense

To prevent eavesdropping use the Hypertext Transfer protocol Secure (HTTPS). HTTPS secures the data packet by encrypting it. Even if eavesdroppers intercept the message, they cannot read it.

HTTPS

When using HTTPS, you should ensure that cookies are secure. Do not set "secure=F" when creating the cookies. You can rely on Uniface default behavior to ensure that your cookies are protected.

Using HTTPS has some disadvantages:

  • Encrypting and decrypting data can negatively affect performance.
  • Additional costs may be incurred to acquire the web certificate required for HTTPS. Without a valid certificate, HTTPS is still vulnerable to man-in-the-middle attacks because there is no guarantee that you are connected to the right server.

For more information, see Authentication for Web Applications and HTTPS Protocol. For additional information about this subject and alternative authentication realms, consult your web server documentation.

TLS

To prevent eavesdropping, Uniface provides a TLS connector that can be used on top of the TCP connector to provide an encrypted network connection between the client application or browser and the Uniface Router and Uniface Server.

Related Topics