What is a man-in-the-middle attack against SSL VPN? In a MITM (man-in-the-middle) attack, an attacker intercepts a user’s traffic to capture their credentials and other sensitive information.
The attacker then uses this information to access the user’s intended destination network. During the process, the attacker typically serves as a proxy/gateway that presents a false SSL VPN site to the user; this proxy/gateway passes whatever authentication the user enters on to the real destination site.
How can you protect yourself from this type of attack? This attack typically works when a user does not verify that he or she is communicating with a trusted SSL VPN. We encourage our customers never to ignore any security alert that says a certificate is invalid or does not match the requested SSL VPN server/resourse (a sample image of this alert is shown below). Users should never ignore an alert about security certificates.