Open In App

Active and Passive attacks in Information Security

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Share
Report issue
Report

 It’s important to the distinction between active and passive attacks can be blurry, and some attacks may involve elements of both. Additionally, not all attacks are technical in nature; social engineering attacks, where an attacker manipulates or deceives users in order to gain access to sensitive information, are also a common form of attack. 

Active attacks: 

  Active attacks are a type of cybersecurity attack in which an attacker attempts to alter, destroy, or disrupt the normal operation of a system or            network. Active attacks involve the attacker taking direct action against the target system or network, and can be more dangerous than passive         attacks, which involve simply monitoring or eavesdropping on a system or network.

 Types of active attacks are as follows: 

  • Masquerade
  • Modification of messages
  • Repudiation
  • Replay
  • Denial of Service

Masquerade – 

Masquerade is a type of cybersecurity attack in which an attacker pretends to be someone else in order to gain access to systems or data. This can involve impersonating a legitimate user or system to trick other users or systems into providing sensitive information or granting access to restricted areas.

There are several types of masquerade attacks, including:

   Username and password masquerade: In a username and password masquerade attack, an attacker uses stolen or forged credentials to log       into a system or application as a legitimate user.

   IP address masquerade: In an IP address masquerade attack, an attacker spoofs or forges their IP address to make it appear as though they          are accessing a system or application from a trusted source.

   Website masquerade: In a website masquerade attack, an attacker creates a fake website that appears to be legitimate in order to trick users          into providing sensitive information or downloading malware.

   Email masquerade: In an email masquerade attack, an attacker sends an email that appears to be from a trusted source, such as a bank or              government agency, in order to trick the recipient into providing sensitive information or downloading malware.

 

Masquerade Attack

Masquerade Attack

Modification of messages –

It means that some portion of a message is altered or that message is delayed or reordered to produce an unauthorized effect. Modification is an attack on the integrity of the original data. It basically means that unauthorized parties not only gain access to data but also spoof the data by triggering denial-of-service attacks, such as altering transmitted data packets or flooding the network with fake data. Manufacturing is an attack on authentication. For example, a message meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to read confidential file X”. 

 

Modification of messages

Modification of messages

Repudiation – 

Repudiation attacks are a type of cybersecurity attack in which an attacker attempts to deny or repudiate actions that they have taken, such as making a transaction or sending a message. These attacks can be a serious problem because they can make it difficult to track down the source of the attack or determine who is responsible for a particular action.

There are several types of repudiation attacks, including:

   Message repudiation attacks: In a message repudiation attack, an attacker sends a message and then later denies having sent it. This can be      done by using spoofed or falsified headers or by exploiting vulnerabilities in the messaging system.

   Transaction repudiation attacks: In a transaction repudiation attack, an attacker makes a transaction, such as a financial transaction, and then     later denies having made it. This can be done by exploiting vulnerabilities in the transaction processing system or by using stolen or falsified           credentials.

   Data repudiation attacks: In a data repudiation attack, an attacker modifies or deletes data and then later denies having done so. This can be      done by exploiting vulnerabilities in the data storage system or by using stolen or falsified credentials.

Replay – 

It involves the passive capture of a message and its subsequent transmission to produce an authorized effect. In this attack, the basic aim of the attacker is to save a copy of the data originally present on that particular network and later on use this data for personal uses. Once the data is corrupted or leaked it is insecure and unsafe for the users.

Replay

Replay

Denial of Service – 

Denial of Service (DoS) is a type of cybersecurity attack that is designed to make a system or network unavailable to its intended users by overwhelming it with traffic or requests. In a DoS attack, an attacker floods a target system or network with traffic or requests in order to consume its resources, such as bandwidth, CPU cycles, or memory, and prevent legitimate users from accessing it.

There are several types of DoS attacks, including:

   Flood attacks: In a flood attack, an attacker sends a large number of packets or requests to a target system or network in order to overwhelm its                    resources.

   Amplification attacks: In an amplification attack, an attacker uses a third-party system or network to amplify their attack traffic and direct it                  towards the target system or network, making the attack more effective.

   To prevent DoS attacks, organizations can implement several measures, such as:

   1.Using firewalls and intrusion detection systems to monitor network traffic and block suspicious activity.

   2.Limiting the number of requests or connections that can be made to a system or network.

   3.Using load balancers and distributed systems to distribute traffic across multiple servers or networks.

   4.Implementing network segmentation and access controls to limit the impact of a DoS attack.
 

Denial of Service

Denial of Service

Passive attacks: A Passive attack attempts to learn or make use of information from the system but does not affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring transmission. The goal of the opponent is to obtain information that is being transmitted. Passive attacks involve an attacker passively monitoring or collecting data without altering or destroying it. Examples of passive attacks include eavesdropping, where an attacker listens in on network traffic to collect sensitive information, and sniffing, where an attacker captures and analyzes data packets to steal sensitive information.

 Types of Passive attacks are as follows: 

  • The release of message content
  • Traffic analysis

The release of message content – 

Telephonic conversation, an electronic mail message, or a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions. 

 

Passive attack

Passive attack

Traffic analysis – 

Suppose that we had a way of masking (encryption) information, so that the attacker even if captured the message could not extract any information from the message. 
The opponent could determine the location and identity of communicating host and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place. 
The most useful protection against traffic analysis is encryption of SIP traffic. To do this, an attacker would have to access the SIP proxy (or its call log) to determine who made the call.
 

Traffic analysis

Traffic analysis

 



Last Updated : 08 May, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads