0

There is a HTTPS server with self-signed certificate on IP A and a https client on IP B. The server only allow access from IP B in IPTABLES. The client access server with the correct domain name and IP(defined in local host file).

Is this a safe pattern? I want to use this pattern for remote procedure call between two hosts with public IP. Is there any security problems. Can it prevent man-in-middle attack?

user869210
  • 231
  • 1
  • 8

1 Answers1

0

MitM attacks are still possible as long as the https client doesn't verify the certificate somehow (e.g. by comparing the fingerprint).

Man-in-the-Middle means that an attacker is between A and B: For A it seems as if A is talking directly to B and for B vice versa, but in reality both are talking with the attacker.

Verifying the SSL certificate (e.g., by trusting a CA or verifying a fingerprint) B (the client) can verify that it is really talking to A an not to an attacker.

MrTux
  • 32,350
  • 30
  • 109
  • 146
  • I am wondering how the man-in-the-middle can hijack since both peer already be aware of each other's IP. Do you mean hijack in TCP layer? – user869210 Aug 16 '14 at 00:32
  • Yes, or even on ethernet (link) layer. That's the concept of man-in-the-middle. - Every router between A and B could do a MitM attack. – MrTux Aug 16 '14 at 00:32
  • As long as the client verifies the self-signed certificate (make sure you've installed it on the client), you are OK. – Martin Konecny Aug 16 '14 at 00:52