MyLAD

takes you back to before the Internet

How It Works | Download LAD | Support | LAD Security | Features & Uses | Resources | Members | User Guide

Man-in-the-Middle (MITM)

LAD's Man-in-the-Middle (MITM) bares to you the secrets of your own communications, including the commingling of malware, spyware and adware within TLS-encrypted datastreams and making it possible to block it, while keeping your communications encrypted. In doing so, it addresses the unintended consequences of the widespread adoption of TLS encryption for all manner of web-based communications: blindness. While popular demand for better Internet security and privacy has led to the increasing use of TLS encryption (formerly SSL), that very encryption hinders the abilities of many network security appliances, including smart firewalls, intrusion detection systems, intrusion prevention systems and similar, that relied on the ability to parse and examine the packets that make up network dataflows in order to detect and block malware, spyware, viruses and other network security threats.

Along with the broader use of TLS-encryption came "Secure DNS," i.e., encrypted DNS messaging, in answer to the same demand for greater security and privacy. Encrypting DNS, similarly to TLS encryption in general, thwarted network operators' attempts to control access to their networks by domain name. In doing so, encrypted DNS enables computer users ranging from students to malware developers to bypass domain-based network access controls. LAD's MITM, however, returns control over domain access to the network owners and administrators, so that they can choose which parts of the Internet to allow in and which not.

Malware and other 'ware developers were quick to subvert TLS encryption to their own benefit, finding snug hiding places for their pesky payloads among the legitimate datastreams. When encrypted the malicious packets appeared much the same as any other packet, and passed through network security systems much the same as any other packet.

With LAD's MITM, you can enjoy both the benefits of TLS encryption and visibility into the communications entering and leaving your own network. You will once again be able to block the malware, spyware, adware and access to any undesirable locations on the Internet, retaining control over your network and your technology. And those 'wares need not be aware that you are blocking them — to any program attempting to connect it would appear that your network is merely experiencing a temporary connection problem and times out (little knowing that for them, the time out is permanent).

LAD's MITM also enhances its native packet capture and reporting capabilities by providing both the raw packet data and the keys to enable third-party applications like Wireshark to examine and analyze the packets, while still keeping TLS-encrypted communications encrypted.

How Does LAD's MITM Work?

  1. Enable the Man-in-the-Middle functionality on specific ports within LAD's user interface (one would typically use the ports corresponding to web traffic, email, DNS and similar). Once enabled, no TLS-encrypted data would be able to traverse LAD on those ports without first being decrypted by LAD.
  2. Request LAD to generate a certificate authority (CA) certificate file.
  3. Take the newly generated CA certificate file and install it in your browser(s).

From this point on, the browser(s) in which you installed the CA certificate would be able to connect through LAD to any websites or other Internet resources you choose. LAD would stand in the middle, so that whenever a request arrives from your browser(s) LAD would send a similar request to the destination server and relay its answer back to your browser(s).

All the while LAD would decrypt and re-encrypt messages from you to the server and vice-versa. All communications would always be encrypted, but you would have access through LAD to the unencrypted version of your communication, if you choose to do so. Most importantly, if one of the ports that you instruct LAD to decrypt is a DNS port, then LAD, for your convenience and security, would also provide you with the capability to filter those DNS requests seamlessly, if you choose to do so. LAD would intercept every single one of those requests and instead of going to some kind of DNS aggregator or stand-in for an answer to your DNS queries, LAD would verify and obtain the authoritive answer directly from the actual domain authority in a blink of an eye, every single time. You would get the answers literally from the horse's mouth, and your browser would not be able to bypass LAD anymore using encrypted DNS.

Equally, browsers lacking the CA certificate from LAD would not be able to connect and browse the Internet through LAD at all, which makes for a very convenient second layer of security. Only authorized browsers with the proper CA certificates installed, i.e., authorized devices and users, would be able to browse the Internet using TLS encryption.