\n<\/strong><\/p>\n
- \n
- IP Sahtekarl\u0131\u011f\u0131:<\/strong> Wi-Fi ba\u011flant\u0131l\u0131 her cihaz\u0131n, a\u011fa ba\u011fl\u0131 bilgisayarlar\u0131n ve cihazlar\u0131n nas\u0131l ileti\u015fim kurdu\u011funun merkezinde yer alan bir IP adresi vard\u0131r. IP\u00a0sahtekarl\u0131\u011f\u0131 , kurban\u0131n bilgisayar sisteminin kimli\u011fine b\u00fcr\u00fcnmek i\u00e7in bir sald\u0131rgan\u0131n IP adreslerini de\u011fi\u015ftirmesi anlam\u0131na gelir. Kullan\u0131c\u0131 o sisteme ba\u011fl\u0131 bir URL’ye eri\u015fmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131nda, farketmeden sald\u0131rgan\u0131n web sitesine girmi\u015f olur.<\/li>\n
- ARP Sahtekarl\u0131\u011f\u0131:<\/strong> Adres \u00c7\u00f6z\u00fcmleme Protokol\u00fc (ARP) sahtekarl\u0131\u011f\u0131 ile sald\u0131rgan, MAC adresini kurban\u0131n me\u015fru IP adresiyle ba\u011flamak i\u00e7in sahte ARP mesajlar\u0131 kullanabilir. Sald\u0131rgan, MAC adresini ger\u00e7ek bir IP adresine ba\u011flayarak, bu \u015fekilde ana bilgisayar IP adresine g\u00f6nderilen t\u00fcm verilere eri\u015fim elde eder.<\/li>\n
- DNS Sahtekarl\u0131\u011f\u0131:<\/strong> DNS \u00f6nbellek zehirlenmesi olarak da bilinen Domain Sunucusu (DNS) sahtekarl\u0131\u011f\u0131, bir sald\u0131rgan\u0131n kurban\u0131n web trafi\u011fini ama\u00e7lanan web sitesine \u00e7ok benzeyen sahte bir web sitesine y\u00f6nlendirmek i\u00e7in DNS sunucusunu de\u011fi\u015ftirmesi anlam\u0131na gelir. Kurban kendi hesab\u0131 sand\u0131\u011f\u0131 bir hesapta oturum a\u00e7arsa sald\u0131rganlar ki\u015fisel verilere ve di\u011fer bilgilere eri\u015febilir.<\/li>\n<\/ul>\n
![\"Ortadaki](\"https:\/\/www.turkticaret.net\/blog\/wp-content\/uploads\/2022\/04\/Ortadaki-Adam-MitM-Saldirisi-Nedir-1.jpg\")
Ortadaki Adam (MitM) Sald\u0131r\u0131s\u0131 Nedir 1<\/figcaption><\/figure>\n 2. \u015eifre \u00e7\u00f6zme<\/h3>\n
Sald\u0131rgan, kurban\u0131n \u015fifrelenmi\u015f verilerine eri\u015fim sa\u011flad\u0131ktan sonra, sald\u0131rgan\u0131n okuyabilmesi ve kullanabilmesi i\u00e7in \u015fifresinin \u00e7\u00f6z\u00fclmesi gerekir.<\/p>\n
- \n
- HTTPS Spoofing:<\/strong> HTTPS s\u0131zd\u0131rma, taray\u0131c\u0131n\u0131zda belirli bir web sitesi g\u00fcvenli de\u011fil olarak i\u015faretlense dahi g\u00fcvenli gibi g\u00f6stermek anlam\u0131na gelir. Kullan\u0131c\u0131 g\u00fcvenli bir web sitesine ba\u011flanmaya \u00e7al\u0131\u015f\u0131rken sahte bir sertifika ile sald\u0131ragan\u0131n web sitesine y\u00f6nlendirilir. Bu i\u015flem ile sald\u0131rgan, kurban\u0131n o sitede payla\u015ft\u0131\u011f\u0131 t\u00fcm verilere eri\u015febilir.<\/li>\n<\/ul>\n
- \n
- SSL Hijacking:<\/strong> URL’de “HTTP” ile ba\u015flayan g\u00fcvenli olmayan bir web sitesine ba\u011fland\u0131\u011f\u0131n\u0131zda sunucunuz\u00a0 otomatik olarak o sitenin g\u00fcvenli HTTPS ile ba\u015flayan url’ine y\u00f6nlendirir. SSL ele ge\u00e7irme ile sald\u0131rgan, yeniden y\u00f6nlendirmeyi engellemek i\u00e7in kendi bilgisayar\u0131n\u0131 ve sunucusunu kullan\u0131r ve kullan\u0131c\u0131n\u0131n bilgisayar\u0131 ile sunucusu aras\u0131nda ge\u00e7en bir bilgiyi kesmelerine izin verir. Bu izin ile\u00a0kullan\u0131c\u0131n\u0131n oturumlar\u0131 s\u0131ras\u0131nda kulland\u0131\u011f\u0131 t\u00fcm hassas bilgilere eri\u015fmelerini sa\u011flar.<\/li>\n
- SSL Soyma:<\/strong> SSL soyma, sald\u0131rgan\u0131n bir kullan\u0131c\u0131 ile bir web sitesi aras\u0131ndaki ba\u011flant\u0131y\u0131 kesmesini i\u00e7erir. Bir kullan\u0131c\u0131n\u0131n g\u00fcvenli HTTPS ba\u011flant\u0131l\u0131 web sitesinin g\u00fcvenli olmayan bir HTTP s\u00fcr\u00fcm\u00fcne \u00e7evirerek yap\u0131lmaktad\u0131r.. Kullan\u0131c\u0131y\u0131 g\u00fcvenli olmayan siteye ba\u011flatmak isterken, sald\u0131rgan g\u00fcvenli siteyle ba\u011flant\u0131s\u0131n\u0131 s\u00fcrd\u00fcrmeye devam eder.<\/li>\n<\/ul>\n
![\"Ortadaki](\"https:\/\/www.turkticaret.net\/blog\/wp-content\/uploads\/2022\/04\/Ortadaki-Adam-MitM-Saldirisi-Nedir-2.jpg\")
Ortadaki Adam (MitM) Sald\u0131r\u0131s\u0131 Nedir 2<\/figcaption><\/figure>\n MITM Sald\u0131r\u0131s\u0131 Nas\u0131l Tespit Edilir?<\/h2>\n
\u00c7evrimi\u00e7i ileti\u015fiminizin ele ge\u00e7irildi\u011fine veya g\u00fcvenli\u011finin ihlal edildi\u011fine dair i\u015faretleri aktif olarak aram\u0131yorsan\u0131z, ortadaki adam sald\u0131r\u0131s\u0131n\u0131 tespit etmek zor olabilir.\u00a0Fark edilmemeleri kolay olsa da, web’de gezinirken dikkat etmeniz gereken baz\u0131 noktalar vard\u0131r.<\/p>\n
G\u00fcvenli bir web sitesinin i\u015fareti, bir sitenin URL’sinde \u201cHTTPS\u201d ile g\u00f6sterilir.\u00a0Bir URL’de “S” eksikse ve “HTTP” olarak okunuyorsa, ba\u011flant\u0131n\u0131z\u0131n g\u00fcvenli olmad\u0131\u011f\u0131 k\u0131rm\u0131z\u0131 bir i\u015faretle belirtilir. Ayr\u0131ca, URL’nin solunda, g\u00fcvenli bir web sitesini de g\u00f6steren bir SSL kilidi simgesi aramal\u0131s\u0131n\u0131z.\u00a0Ayr\u0131ca, halka a\u00e7\u0131k Wi-Fi a\u011flar\u0131na ba\u011flanma konusunda dikkatli olmal\u0131s\u0131n\u0131z.\u00a0Yukar\u0131da tart\u0131\u015f\u0131ld\u0131\u011f\u0131 gibi, siber su\u00e7lular genellikle halka a\u00e7\u0131k Wi-Fi a\u011flar\u0131nda casusluk yapar ve bunlar\u0131 ortadaki adam sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirmek i\u00e7in kullan\u0131r.\u00a0Genel bir Wi-Fi a\u011f\u0131n\u0131n yasal oldu\u011funu d\u00fc\u015f\u00fcnmemek ve genel olarak tan\u0131nmayan Wi-Fi a\u011flar\u0131na ba\u011flanmaktan ka\u00e7\u0131nmak en iyisidir.<\/p>\n
Nas\u0131l \u00d6nlenir?<\/h2>\n
Potansiyel bir MITM sald\u0131r\u0131s\u0131n\u0131n nas\u0131l tespit edilece\u011finin fark\u0131nda olmak \u00f6nemli olsa da, bunlara kar\u015f\u0131 korunman\u0131n en iyi yolu, ilk etapta onlar\u0131 \u00f6nlemektir.<\/p>\n
- \n
- Parola korumal\u0131 olmayan Wi-Fi a\u011flar\u0131ndan ka\u00e7\u0131n\u0131n\u00a0ve ki\u015fisel bilgilerinizi gerektiren hassas i\u015flemler i\u00e7in asla halka a\u00e7\u0131k bir Wi-Fi a\u011f\u0131 kullanmay\u0131n.<\/li>\n
- Bir Sanal \u00d6zel A\u011f (\u00a0VPN ) kullan\u0131n. VPN’ler \u00e7evrimi\u00e7i etkinli\u011finizi \u015fifreler ve bir sald\u0131rgan\u0131n parolalar veya banka hesab\u0131 bilgileri gibi \u00f6zel verilerinizi okumas\u0131n\u0131 engeller.<\/li>\n
- <\/b>Oturumu ele ge\u00e7irmeyi \u00f6nlemek i\u00e7in i\u015finiz biter bitmez\u00a0 web sitelerinden (\u00e7evrimi\u00e7i bankac\u0131l\u0131k web sitesi gibi) \u00e7\u0131k\u0131\u015f yap\u0131n.<\/li>\n
- Parolalar\u0131n\u0131z\u0131 olabildi\u011fince g\u00fc\u00e7l\u00fc hale getirin.<\/li>\n
- <\/b>T\u00fcm parolalar\u0131n\u0131z i\u00e7in\u00a0\u00a0\u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulamay\u0131 kullan\u0131n.<\/li>\n
- <\/b>G\u00fcvenli internet ba\u011flant\u0131lar\u0131n\u0131 sa\u011flamak i\u00e7in\u00a0\u00a0bir g\u00fcvenlik duvar\u0131 kullan\u0131n.<\/li>\n
- <\/b>Cihazlar\u0131n\u0131z\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan korumak i\u00e7in\u00a0\u00a0vir\u00fcsten koruma yaz\u0131l\u0131m\u0131 kullan\u0131n.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
MITM sald\u0131r\u0131s\u0131, sald\u0131rganlar\u0131n gizlice dinleyerek veya normal bir kat\u0131l\u0131mc\u0131 gibi davranarak mevcut bir konu\u015fmay\u0131 veya veri aktar\u0131m\u0131n\u0131 engelledi\u011fi bir t\u00fcr siber sald\u0131r\u0131d\u0131r. Bir MITM sald\u0131r\u0131s\u0131n\u0131n amac\u0131, kimlik h\u0131rs\u0131zl\u0131\u011f\u0131 ya da yasa d\u0131\u015f\u0131 fon transferleri gibi ba\u015fka su\u00e7lar\u0131 i\u015flemek i\u00e7in kullan\u0131labilecek banka hesap bilgileri, kredi kart\u0131 numaralar\u0131 veya oturum a\u00e7ma kimlik bilgileri gibi gizli verileri almakt\u0131r. […]<\/p>\n","protected":false},"author":3,"featured_media":3707,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/posts\/3702"}],"collection":[{"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/comments?post=3702"}],"version-history":[{"count":2,"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/posts\/3702\/revisions"}],"predecessor-version":[{"id":3710,"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/posts\/3702\/revisions\/3710"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/media\/3707"}],"wp:attachment":[{"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/media?parent=3702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/categories?post=3702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.turkticaret.net\/blog\/wp-json\/wp\/v2\/tags?post=3702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- SSL Soyma:<\/strong> SSL soyma, sald\u0131rgan\u0131n bir kullan\u0131c\u0131 ile bir web sitesi aras\u0131ndaki ba\u011flant\u0131y\u0131 kesmesini i\u00e7erir. Bir kullan\u0131c\u0131n\u0131n g\u00fcvenli HTTPS ba\u011flant\u0131l\u0131 web sitesinin g\u00fcvenli olmayan bir HTTP s\u00fcr\u00fcm\u00fcne \u00e7evirerek yap\u0131lmaktad\u0131r.. Kullan\u0131c\u0131y\u0131 g\u00fcvenli olmayan siteye ba\u011flatmak isterken, sald\u0131rgan g\u00fcvenli siteyle ba\u011flant\u0131s\u0131n\u0131 s\u00fcrd\u00fcrmeye devam eder.<\/li>\n<\/ul>\n
- SSL Hijacking:<\/strong> URL’de “HTTP” ile ba\u015flayan g\u00fcvenli olmayan bir web sitesine ba\u011fland\u0131\u011f\u0131n\u0131zda sunucunuz\u00a0 otomatik olarak o sitenin g\u00fcvenli HTTPS ile ba\u015flayan url’ine y\u00f6nlendirir. SSL ele ge\u00e7irme ile sald\u0131rgan, yeniden y\u00f6nlendirmeyi engellemek i\u00e7in kendi bilgisayar\u0131n\u0131 ve sunucusunu kullan\u0131r ve kullan\u0131c\u0131n\u0131n bilgisayar\u0131 ile sunucusu aras\u0131nda ge\u00e7en bir bilgiyi kesmelerine izin verir. Bu izin ile\u00a0kullan\u0131c\u0131n\u0131n oturumlar\u0131 s\u0131ras\u0131nda kulland\u0131\u011f\u0131 t\u00fcm hassas bilgilere eri\u015fmelerini sa\u011flar.<\/li>\n
- ARP Sahtekarl\u0131\u011f\u0131:<\/strong> Adres \u00c7\u00f6z\u00fcmleme Protokol\u00fc (ARP) sahtekarl\u0131\u011f\u0131 ile sald\u0131rgan, MAC adresini kurban\u0131n me\u015fru IP adresiyle ba\u011flamak i\u00e7in sahte ARP mesajlar\u0131 kullanabilir. Sald\u0131rgan, MAC adresini ger\u00e7ek bir IP adresine ba\u011flayarak, bu \u015fekilde ana bilgisayar IP adresine g\u00f6nderilen t\u00fcm verilere eri\u015fim elde eder.<\/li>\n