Active attacks: An Active attack attempts to alter system resources or effect their operations. Active attack involve some modification of the data stream or creation of false statement. Types of active attacks are as following:
- Masquerade –
Masquerade attack takes place when one entity pretends to be different entity. A Masquerade attack involves one of the other form of active attacks.
- Modification of messages –
It means that some portion of a message is altered or that message is delayed or reordered to produce an unauthorised effect. For example, a message meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to read confidential file X”.
- Repudiation –
This attack is done by either sender or receiver. The sender or receiver can deny later that he/she has send or receive a message. For example, customer ask his Bank “To transfer an amount to someone” and later on the sender(customer) deny that he had made such a request. This is repudiation.
- Replay –
It involves the passive capture of a message and its subsequent the transmission to produce an authorized effect.
- Denial of Service –
It prevents normal use of communication facilities. This attack may have a specific target. For example, an entity may suppress all messages directed to a particular destination. Another form of service denial is the disruption of an entire network wither by disabling the network or by overloading it by messages so as to degrade performance.
Passive attacks: A Passive attack attempts to learn or make use of information from the system but does not affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring of transmission. The goal of the opponent is to obtain information is being transmitted. Types of Passive attacks are as following:
- The release of message content –
Telephonic conversation, an electronic mail message or a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
- Traffic analysis –
Suppose that we had a way of masking (encryption) of information, so that the attacker even if captured the message could not extract any information from the message.
The opponent could determine the location and identity of communicating host and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.
Attention reader! Don’t stop learning now. Get hold of all the important DSA concepts with the DSA Self Paced Course at a student-friendly price and become industry ready.
- Difference between Active and Passive FTP
- Types of DNS Attacks and Tactics for Security
- Difference between Information Security and Network Security
- Difference between Cyber Security and Information Security
- Principal of Information System Security : Security System Development Life Cycle
- What is Information Security?
- Need Of Information Security
- Information Security | Confidentiality
- Information Security | Integrity
- Vulnerabilities in Information Security
- Threats to Information Security
- Information System and Security
- Availability in Information Security
- Difference between Active Attack and Passive Attack
- Digital Forensics in Information Security
- Information Security and Cyber Laws
- Principle of Information System Security
- Approaches to Information Security Implementation
- Information Security and Computer Forensics
- Risk Management for Information Security | Set-2
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.