Sirius Portal Security: Defending Against Man-in-the-Middle Attacks
Vega’s Sirius web portal has been built by a team of expert developers, penetration tested by professionals, and used to protect our customers’ data successfully for decades. As you might imagine from an application with such a track record, Sirius contains many layers of protection against attack. Today we will cover man-in-the-middle attacks: what they are, and how Sirius stops them.
A man-in-the-middle attack is where an attacker intercepts the messages going between a website and a web user, in order to view or change that information. For example, a user tries to make an online payment. They fill in the payment details and click the “Make payment” button. The attacker is watching this traffic, and sees what information is being sent to the server. They can then copy the information that was sent by the user, changing only the destination bank account and payment amount, to make a payment from the user’s account to their own.
One of the ways that Sirius protects against this kind of attack is by using one-time passwords (OTPs). Each time a user navigates to a new Sirius page, a new OTP is automatically generated for them, and this same OTP must be used when sending data using this page. This means that an attacker cannot copy the data that the user sends, make some changes, and send this so the Sirius web server. If the OTP sent along with the data is not valid, the data will not be processed, and the user will be logged out of Sirius in order to protect the account.
This is just one of a long list of protections that the Sirius web portal offers. We will cover more here in the future. If you are serious about your web portal security, and would like to learn more about what Sirius can do you for, contact us now.