First, let me apologize if someone else had already asked this question, and because I couldn't find the specific title that closely resemble to what I want to ask you guy in the search tool. Here I go...

I like to protect myself against "man in the middle attack", and I'm using a wireless router but it has ethernet ports allow wire network; my laptop uses wireless protocol, and my desktop station uses wire/ethernet protocol; both of these physical machines turn on most of the time, can "man in the middle attack" work effectively in this kind of mix network environment? How to prevent?

I've always heard that wireless network is easily be vulnerable to "man in the middle attack" because of software like Cain and Abel. Man in the middle attack works because of either using ARP poisoning by sending ARP replies to the local network, telling the local network that the default gateway is actually a malicious machine (using malicious machine MAC identify with default gateway's IP), or using a sniffer device on ethernet cable (I think). I'm a little confuse... My network can be compromise and vulnerable to "man in the middle attack" no matter what (mix network - wire + wireless = on) by allowing a hacker to compromise one of the wireless/wire pc or notebook in the local network -- the hacker can bypass my firewall and get control of one of the computers. When a hacker gains control of one of my pc, he/she can begin to send ARP replies to poison the ARP's tables of local machines, then this hacker can gain access to data that will get send within local/WAN network. Am I right? So it really doesn't matter if it's a mix wire/wireless or just a wireless or just a wire network -- any network will be vulnerable to "man in the middle attack" as long the hacker gains control of one computer in the network, right?

So in order to protect against this type of attack, all computers in the network have to be clean -- virus free, and firewall on, right?

LOL, I know I'm one confuse dude on this specific question, and I hope some of you actually finish reading my long long question, and hopefully you can enlighten me with some answers. Thank you much...

No, but those will definitely help keep bad guys out of your LAN. A MITM attack doesn't need to happen inside your LAN - it can happen in your WAN. This is why we have encryption and digital certificates. As long as the client computer you are using hasn't been compromised, it doesn't matter if every single machine in your LAN (including your gateway/firewall) has been compromised - you are still protected from a MITM attack if you have a secure, certified connection to the server you are using on the WAN.

So this mean as long I use connection protocols such as "https", "ssh", "scp", "sftp", and the server uses self-signed certificate, and have not implement "VPN", I'll be safe from "MITM" attack? Am I right about what you suggested in the quoted texts below? Thank you much...

For the most part. I mean, protocols sent over SSL are intended to allow you to safely work through untrusted networks - and "untrusted networks" implies they might be completely compromised and hostile. That said, your scenario has the attacker gaining access into your LAN, and that means there's potentially gonna be tons of other attacks you'll be susceptible to.

Self-signed certificates are actually extremely dangerous if you don't know what you are doing. What you want, optimally, is a certificate signed by a CA. As for VPN, the same concept applies - when properly deployed, your communications between the two endpoints is protected - ONLY the communication between the two endpoints. Any communications prior your endpoints could very well be read and/or tampered with.

Also, don't forget that SSL only secures your connection, it doesn't say anything about the security of the box your are connecting to. So if you have a server on your LAN which you connect to via SSL, and the server is compromised, you will essentially have a secure connection to a box owned by the attacker.

Why do you say self signed certificates are extremely dangerous... ?

Because unless you are the one that signed them, you have no way to know with certainty whether they are bogus or not. Ummm, okay I can see now why that raised your eyebrows. What I mean with "self-signed" is "signed by the server I am connecting to", not "signed by myself" or anything like that. Like when you go to an HTTPS site with a self-signed certificate and your browser gives you a giant warning about the certificate not having been signed by a trusted third-party. Some people choose to accept the certificate, which is extremely dangerous (since you don't really know whether it was the server giving you the certificate or a man-in-the-middle attacking you). That's the type of scenario I was referring to - thanks for bringing that up.

I'm loving it, because moderator of this forum has provided fast responses to my question.

What have I learned? Basically, when you communicated with a secured server through secured connection such as SSH, SCP, SFTP, and the likes, and as long your linux box (client) is not compromised, you basically are safe from "man in the middle" attack. Self-signed certificate if you signed it yourself, it's safe, too.

Thank you much guys for I have understood this issue much better and feel safer against compromised computers in the network if there is any at the moment. Thanks...