Cyber-physical systems (CPSs) integrate computing and communication capabilities to monitor and control physical processes. In order to do so, communication networks are commonly used to connect sensors, actuators, and controllers in the feedback system. The use of communication networks increases the vulnerability of CPSs to cyberattacks that can drive the system to unsafe states. One of the most powerful cyberattacks is the so-called man-in-the-middle attack, where the intruder can observe, hide, create, or change information in the attacked network channels. In this article, we propose a defense strategy that can thwart man-in-the-middle attacks in the sensor and/or control communication channels of CPSs modeled as discrete-event systems. We also introduce the definition of network attack security (NA-Security), which is related to the possibility of preventing the system from reaching unsafe states by using a security supervisor, whose online implementation has polynomial computational complexity, and we propose an algorithm to verify this property.