Skip to main content

What are Active and Passive Attacks?

Passive Attacks:

Passive attack is an attack in which the purpose of the attacker is to only monitor or gain information about the system and/or its users i.e. traffic. This is only done to get the information from there without any aim of changing or damaging it. Passive attacks are considered to be attacks on confidentiality since the information present on the victim system is compromised in this type of attack. For example, if the system is of a shopping cart which stores the financial data of its customers such as credit card or bank account then this information is at risk. The attacker monitors the traffic on the network and finds that the user is sending his credit card information and captures that information.
Passive attacks are quite difficult to track since the data is not altered by these attacks.

Active Attacks:

In this type of attack, the intension of the attacker is to alter the information from the victim’s system. The attacker makes changes to the data present at the victim’s system which may result in different behavior from what the normal behavior is.  Apart from changing information, the attacker might also block the transfer of information from the user side to the system and hence attack on availability. For example, say that a user is sending its information such as name, etc. to the system. The attacker would block the information from passing to the server by means of an attack.
Another type of active attack is attack on authenticity where the authenticity of the information is lost due to the attacker fabricating the message that the user sends to the system. The attacker kind of hijacks the message that the user wants to send and changes that message and sends his own as it the message is sent by the user himself.
Yet another type of active attack could be an attack on integrity. In such a case, the attacker would make modifications to the messages exchange between the user and the system. In such a case, the integrity of the messages is off course lost.

How to handle Active and Passage Attacks:
Passive Attacks:

In case of passive attacks, the primary focus is on prevention. The detection of such attacks are difficult since the information is not changed by the attacker and hence the focus is to prevent this kind of attack from occurring. The prevention is fortunately easy for such attacks.

Active Attacks:
These attacks are hard to stop but the detection part is easy. This is primarily due to the amount of vulnerability that might exist in the hardware and software that the server has.


Popular posts from this blog

Simplified DES Example: Step by Step

Simplified DES or S-DES is an encryption algorithm which follows feistal cipher structure. In this tutorial, we will take an example of S-DES. Let’s get started.
We need plaintext and key to start with. For this example, let’s consider 01001000 be the 8-bit plaintext and 1110001110 be the 10-bit key.
Key Generation: The first step in S-DES process is key generation. From the 10-bit key that we give as input, it generates 2 1-bit keys called k1 and k2. Following is the process:
1.Pass the 10-bit input key into the P10 table:
3 5 2 7 4 10 1 9 8 6
This gives: 1011001110. (For example, take the 3rd bit from input key which is 1. It becomes the first bit for our new key) 2.Divide the new key into two halves and left shift each half’s bits by one. So by dividing we get 10110 and 01110. We perform left shift so the left most bit becomes the right most bit and remaining each bit is shifted to its left. This gives: 01101 and 11100. Or you can think of it as the left most bit is taken to the righ…

HCI: Research Topic Ideas

I was reading an interesting research paper (Personal Tasks at Work: An Exploration, ACM 2017) in which the writer talks about the personal tasks that we have to do at work such as scheduling appointments, paying electricity and other bills, etc. The problem at first seems to be a social science one which has nothing to do with computer science but when looked closely the problem highlights an important aspect of our daily life that has to be sorted out using technology. The paper basically discusses those tasks and categorizes them based on frequency of occurring based on a survey. So, for example out of the 93 people who participated in the survey presented in the paper, 51% reported a need for scheduling an appointment while 33% have to coordinate their personal activities. Some will say (specially management science guys) that few of the problems can be solved by proper time management but remember that the purpose of technology is to make life easier for humans. Also, not every …

Cyber Security Awareness: for Employees

The insecurity of data and information that exists on the internet and computer networks has been a major issue for a number of businesses, organizations, and institutions; which don't invest on network and internet security training and awareness programs for their employees. Ideally, most employers rush to invest in new and expensive technologies in the name of protecting their companies online, not knowing that in most cases, the safety of a company online largely depends on the cyber security awareness of the employees. Consequently, your company's protection online starts by ensuring that your employees are well equipped with basic network safety practices and policies, so that they can assist in keeping your computers and networks safe from cyber-attacks that come in form of a virus, malware, and cyber-crime.

Different Ways to Create Cyber Security Awareness to Your Employees:
The most basic network security measure that your employees need to use is a pass…