Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
What is an Active Attack?
2.1.
Masquerade
2.2.
Modification of messages
2.3.
Repudiation
2.4.
Replay
2.5.
Denial of Service
2.5.1.
Implementing Measures to Prevent DoS Attacks in Organizations
3.
What is Passive Attack?
3.1.
The release of message content
3.2.
Traffic analysis
4.
Frequently Asked Questions
4.1.
What is information security?
4.2.
What are attacks in cyber security?
4.3.
What are the different types of attacks in information security?
4.4.
What are the principles of information security? 
5.
Conclusion
Last Updated: Mar 27, 2024
Easy

Active and Passive Attacks

Master Python: Predicting weather forecasts
Speaker
Ashwin Goyal
Product Manager @

Introduction

The internet is rife with dangers! There is a chance that you will be exposed to risk whenever you go online. There are other types of computer dangers within that risk range, each with its own set of detrimental effects. Some attacks, for example, can harm or corrupt your installed operating system, forcing you to reinstall it. Another type may attempt to steal your login credentials and passwords. On the other hand, other attacks may not destroy your computer but will track your online habits and invade your privacy.

Active and Passive Attacks

Let us go through the active and passive attacks in detail. It is very important to learn the concept of active and passive attacks in information security. 

What is an Active Attack?

An active attack is a type of cyber attack where an unauthorized entity actively attempts to alter, manipulate, or destroy data, systems, or network resources. Unlike passive attacks that focus on unauthorized access or eavesdropping, active attacks involve direct actions with the intent of causing harm or disruption. The following are examples of active attacks:

Masquerade

A masquerade attack, also known as impersonation or spoofing, is an active attack where an unauthorized entity assumes the identity of a legitimate user or system to gain unauthorized access or deceive others. 

Types of masquerade attacks:-

  • User Impersonation: An attacker poses as a legitimate user by using stolen credentials, such as usernames and passwords. This type often occurs through phishing or credential theft.
  • IP Spoofing: The attacker manipulates or forges the source IP address of network packets to make it appear as if they are originating from a trusted source.
  • Email Spoofing: Involves sending emails that appear to come from a legitimate source, such as a trusted colleague or organization. The goal may be to trick the recipient into revealing sensitive information.
  • Website Spoofing: The attacker creates a fake website that closely mimics a legitimate one to trick users into entering sensitive information, such as login credentials or financial details.
  • Session Hijacking: The attacker takes over an established session between a user and a system by stealing session tokens or cookies, allowing them to impersonate the legitimate user.
  • Device Spoofing: The attacker presents a device as if it were an authorized one, gaining access to a network or system. This can involve MAC address spoofing or mimicking device characteristics.

 

Modification of messages

Modification of messages in active attacks refers to the unauthorized alteration or tampering of data during communication. In this type of cyber attack, an attacker actively modifies the content of messages, either in transit or at rest, with the goal of deceiving, disrupting, or gaining an advantage.

Repudiation

A repudiation attack can be carried out by either the sender or the receiver. Later, the sender or receiver can deny having sent or received a communication.

For example, a consumer may request that his bank "transfer an amount to someone," but the sender (customer) later denies making such a request. This is a form of rebuke.

 

Types of repudiation attacks:-

  • Transaction Repudiation: A user denies having initiated a financial transaction, often to disown unauthorized or fraudulent activities.
  • Data Modification Repudiation: After unauthorized changes to data, a user denies having modified or tampered with the data, attempting to escape accountability.
  • Authentication Repudiation: An attacker gains unauthorized access to a system, performs actions on behalf of a legitimate user, and the legitimate user later denies involvement.
  • Digital Signature Repudiation: Attackers may attempt to repudiate digitally signed documents or transactions, denying their association with the signed content.
  • Audit Trail Manipulation: Tampering with logs or audit trails to remove or alter records of specific actions, making it difficult to trace the sequence of events.
  • Session Hijacking: Unauthorized users take over an active session, perform actions on behalf of the legitimate user, and later the legitimate user denies those actions.

Replay

A replay attack is a form of network security threat where an attacker intercepts and maliciously retransmits data that was previously recorded. The goal of a replay attack is typically to gain unauthorized access, manipulate system behavior, or impersonate a legitimate user.

Denial of Service

It makes it impossible to use communication facilities normally. This attack could be directed at a specific person. For example, an entity could block all messages sent to a specific location.

Another type of service denial is when a whole network is disrupted, either by turning it off or by flooding it with messages in order to decrease performance.

 

Types of DoS attacks:

1. Volume-Based Attacks:

  • Ping Flood (ICMP Flood): Sends a massive number of ping requests to a target, overwhelming its network bandwidth.
  • UDP Flood: Floods a target with a high volume of User Datagram Protocol (UDP) packets, causing resource exhaustion.

2. Protocol-Based Attacks:

  • SYN Flood: Exploits the TCP handshake process by sending a large number of SYN requests, exhausting system resources and preventing legitimate connections.
  • ACK Flood: Floods a system with TCP ACK packets, consuming resources and impacting performance.

3. Application Layer Attacks:

  • HTTP/HTTPS Flood: Overwhelms a web server by sending a massive number of HTTP/HTTPS requests, exhausting server resources.
  • Slowloris: Exploits the limited number of connections a web server can handle by sending partial HTTP requests, keeping connections open for as long as possible.

4. Resource Depletion Attacks:

  • Ping of Death: Sends oversized or malformed ICMP packets to crash or freeze the target system.
  • Fragmentation Attacks: Manipulates packet fragments to overwhelm a system's ability to reassemble them properly.
     

Implementing Measures to Prevent DoS Attacks in Organizations

Implementing measures to prevent DoS attacks in organizations are:

  • Deploy firewalls to filter and monitor incoming and outgoing traffic, blocking malicious requests and unauthorized access. Use IDPS to detect and respond to suspicious activities or patterns indicative of a DoS attack.
  • Employ traffic filtering mechanisms to identify and block traffic associated with known attack patterns, such as IP addresses or packet types commonly used in DoS attacks. Implement rate limiting to control the amount of incoming traffic, preventing a sudden surge that could overwhelm resources.
  • Use DNS filtering services to block access to malicious domains and prevent attackers from leveraging DNS amplification in their attacks.
  • Distribute incoming network traffic across multiple servers, ensuring that no single server bears the full brunt of an attack and enabling the organization to maintain service availability.
  • Implement WAFs to protect against application layer attacks, filtering and blocking malicious HTTP traffic. Use CDNs to cache and deliver content closer to users, reducing the impact of volumetric attacks.

 

 

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

What is Passive Attack?

A passive attack tries to learn or use information from the system without causing any damage to the system's resources. Eavesdropping or monitoring transmission is the nature of passive attacks. The opponent's purpose is to intercept the information being transmitted. 

Types of Passive attacks are: 

  • The release of message content
  • Traffic analysis

The release of message content

Sensitive or confidential information may be contained in a telephone call, an electronic mail message, or a transmitted file. We want to keep the substance of these transmissions hidden from an adversary.

Traffic analysis

Assume we had a technique of masking (encryption) information so that even if the message were intercepted, the attacker would be unable to extract any information from it.

The adversary could determine the communication host's location and identity, and the frequency and length of messages exchanged. This information could be significant in figuring out what kind of conversation was going on.

You can read about the difference between Active Attack and Passive Attack in detail here.

Frequently Asked Questions

What is information security?

Information security involves protecting data and systems from unauthorized access, disclosure, disruption, modification, or destruction to ensure confidentiality, integrity, and availability.

What are attacks in cyber security?

Cybersecurity attacks are malicious actions that exploit vulnerabilities in computer systems, networks, or applications to compromise data, disrupt operations, or gain unauthorized access.

What are the different types of attacks in information security?

Common types include phishing, malware, ransomware, denial-of-service (DoS), and man-in-the-middle attacks, each targeting specific vulnerabilities to compromise information or disrupt services.

What are the principles of information security? 

The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security. To avoid active and passive attacks in a system, we must follow these principles.

Conclusion

Today, cybersecurity is an important element of our lives. It is critical to safeguard our gadgets against attackers' nefarious activity. The most difficult challenges in any organization are active and passive attacks.

In this article, we learnt about the different types of attacks in Cyber Security. We learned about the active and passive attacks in detail. We also discussed the examples of active and passive attacks.

To learn more about information security, refer to the cyber security archive. You can also refer to the cyber security frameworks.

Happy Learning!

Previous article
Threats to Information Security
Next article
Difference Between Active Attack and Passive Attack
Live masterclass