Active Attack vs. Passive Attack
Modification of data
Noise in data
Active Attack vs. Passive Attack
In an active attack, the attacker modifies the information and also interrupts the link, whereas, in the passive attack, the attacker interrupts the connection to read and analyze the information and does not cause any damage. The active attack results in the loss and changes to the data information and infrastructure. In contrast, the passive attack does not result in changes to the data information but planned to gather or use that information. The modification of information occurs in an active attack, whereas, in the passive attack, the modification of information does not take place.
In an active attack, the individual gets a notification about the attack, while in a passive attack, the individual is unaware of the attack. The active attack threatens the integrity and availability of data; on the other hand, the passive attack threatens the confidentiality of data. The active attack focuses on detection, whereas the passive attack focused on prevention. An active attack causes harm to the system and its resources, while a passive attack does not cause such harm to the system.
An active attack is easy to detect, while a passive attack is hard to detect. In an active attack, alterations and loss of the data occur. In the passive attack, the target is to gain information, and no data is changed. The active attacker tries to cause a noise disturbance in the data transmission. The passive attacker can’t cause a noise disturbance or error bits in the original message.
What is an Active Attack?
An active attack refers to hacking as the attacker not only observes the data but also causes harm to the system and its resources by directly accessing the hardware on which the data resides. The active attacker tries to cause a noise disturbance in the data transmission by putting error bits in the transmission. In an active attack, the modification and loss of the data information threaten data availability and data integrity.
An active attack is easy to detect because the individual gets a notification about the attack when an unauthorized user tries to access the data illegally. In an active attack, the modification of information takes place that results in the loss and changes to the data information and infrastructure. An active attack emphasizes detection.
- Denial of service (DoS): The attacker sends a large number of requests to slow down the server by which the authorized user cannot get a response from the server. The attacker accesses the stream by blocking the legal user.
- Session replay: A sequence of data units is captured and resent by the attackers.
- Masquerade: The attacker uses a false identity and behaves like an authorized user by taking the privileged status; it grabs all the data.
- Message modification: Some portion of the message is altered, reordered, or delayed.
What is Passive Attack?
In the passive attack, the attacker interrupts the connection to read and analyze the information but does not cause any damage as the attacker cannot update or modify the data, which is also known as eavesdropping. The passive attacker can’t cause a noise disturbance or error bits in the original message. The passive attack looks less harmful, but it is hard to detect as the individual is unaware of the attack, and damage can be severe if the right information is obtained, e.g., bank or credit card information, meeting papers, etc.
Passive attacks can be interrupted by using encryption methods. That is why the passive attack focuses on prevention. The passive attack can be used to gather information to launch a more adverse active attack. The passive attack does not result in the loss of the system assets. It threatens data confidentiality.
- Traffic analysis: If we encrypt the message, the information is protected even if the attacker captured the message. He monitors communication traffic to collect information about identities, locations, length of the exchanged message, and to identify the pattern of the encryption used.
- Release of message contents: The attacker monitors the unprotected medium like a telephonic conversation or an email that contains sensitive data.