Active and Passive attacks in Information Security

In Cybersecurity, there are several kinds of cyber threats you need to know these days, that can relate to computer security, network security, and information security. There are basically two forms of threats: active and passive attacks. An active attack is an attack in which attackers directly harm your computer systems. They can create several problems, such as crashing files, stealing data, etc. On the other hand, a Passive attack refers to an attack in which the attackers quietly watch and collect the information without your knowledge.

They do not modify or destroy the data but collect the data secretly. Therefore, having adequate knowledge about these threats will enable us to protect our personal information and computers safely. Sometimes, there is an integration of both types of attacks. In addition, technology is not the only means for attackers, some get your private information using tricky methods, such as manipulating someone to give them your password. In this article we will see Active and Passive attacks, how they take place, what kind of problems they cause, and how you may prevent such attacks from reaching your accounts.

What is Cyber Attack?

A cyber attack occurs when hackers try to penetrate computer systems or networks with a personal agenda or some purpose to damage or steal information by gaining unauthorized access to computer systems. It can occur to anyone, either companies or government agencies, which can then have stolen data and financial losses. Common forms of cyber attacks include malware, which is harmful software like viruses, ransomware, and phishing, where attackers send emails that appear to be authentic but have malicious intent, to convince other users to share sensitive information with them. Other forms are denial of service, DoS, and MitM attacks, which intercept communications between two parties. It is through this cyber knowledge of the threats that people are protected in the sensitive information secured through digital security by advanced technology these days.

Active Attacks 

Active attacks are unauthorized actions that alter the system or data. In an active attack, the attacker will directly interfere with the target to damage or gain unauthorized access to computer systems and networks. This is done by injecting hostile code into communications, masquerading as another user, or altering data to get unauthorized access.

Types of active attacks are as follows: 

1. Masquerade Attack
2. Modification of Messages
3. Repudiation
4. Replay Attack
5. Denial of Service (DoS) Attack

1. Masquerade Attack

Masquerade attacks are considered one type of cyber attack in which the attacker disguises himself to pose as some other person and accesses systems or data. It could either be impersonating a legal user or system and demanding other users or systems to provide information with sensitive content or access areas that are not supposed to be accessed normally. This may even include behaving like an actual user or even some component of the system with the intention of manipulating people to give out their private information or allowing them into secured locations.

There are several types of masquerading attacks, including:

• Username and Password Masquerade: In this masquerade attack, a person uses either stolen or even forged credentials to authenticate themselves as a valid user while gaining access to the system or application.
• IP address masquerade: This is an attack where the IP address of a malicious user is spoofed or forged such that the source from which the system or the application is accessed appears to be trusted.
• Website masquerade: A hacker creates a fake website that resembles as a legitimate one in order to gain user information or even download malware.
• Email masquerade: This is an e-mail masquerade attack through which an attacker sends an apparently trusted source email so that the recipient can mistakely share sensitive information or download malware.

2. Modification of Messages

This is when someone changes parts of a message without permission, or mixes up the order of messages, to cause trouble. Imagine someone secretly changing a letter you sent, making it say something different. This kind of attack breaks the trust in the information being sent. For example, a message meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to read confidential file X”. 

3. Repudiation

Repudiation attacks are a type of cyber attack wherein some person does something damaging online, such as a financial transaction or sends a message one does not want to send, then denies having done it. Such attacks can seriously hinder the ability to trace down the origin of the attack or to identify who is responsible for a given action, making it tricky to hold responsible the right person.

There are several types of repudiation attacks, including:

• Message repudiation attacks: In this attack, a message has been sent by an attacker, but the attacker later denies the sending of the message. This can be achieved either through spoofed or modified headers or even by exploiting vulnerabilities in the messaging system.

• Transaction repudiation attacks: Here, in this type of attack, a transaction-for example, monetary transaction-is made, and at after some time when the evidence regarding the same is being asked to be give then the attacker denies ever performing that particular transaction. This can be executed either by taking advantage of the vulnerability in the transaction processing system or by the use of stolen and forged credentials.

• Data repudiation attacks: In a data repudiation attack, data is changed or deleted. Then an attacker will later pretend he has never done this. This can be done by exploiting vulnerabilities in the data storage system or by using stolen or falsified credentials.

4. Replay 

It is a passive capturing of a message with an objective to transmit it for the production of an authorized effect. Thus, in this type of attack, the main objective of an attacker is saving a copy of the data that was originally present on that particular network and later on uses it for personal uses. Once the data gets corrupted or leaked it becomes an insecure and unsafe tool for its users.

5. Denial of Service (DoS) Attack

Denial of Service (DoS) is a form of cybersecurity attack that involves denying the intended users of the system or network access by flooding traffic or requests. In this DoS attack, the attacker floods a target system or network with traffic or requests in order to consume the available resources such as bandwidth, CPU cycles, or memory and prevent legitimate users from accessing them.

There are several types of DoS attacks, including:

• Flood attacks: Here, an attacker sends such a large number of packets or requests to a system or network that it cannot handle them all and the system gets crashed.
• Amplification attacks: In this category, the attacker increases the power of an attack by utilizing another system or network to increase traffic then directs it all into the target to boost the strength of the attack.

To Prevent DoS attacks, organizations can implement several measures, such as:

   1. Using firewalls and intrusion detection systems to monitor network traffic and block suspicious activity.

   2. Limiting the number of requests or connections that can be made to a system or network.

   3. Using load balancers and distributed systems to distribute traffic across multiple servers or networks.

   4. Implementing network segmentation and access controls to limit the impact of a DoS attack.

Passive Attacks

A Passive attack attempts to learn or make use of information from the system but does not affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring transmission. The goal of the opponent is to obtain information that is being transmitted. Passive attacks involve an attacker passively monitoring or collecting data without altering or destroying it. Examples of passive attacks include eavesdropping, where an attacker listens in on network traffic to collect sensitive information, and sniffing, where an attacker captures and analyzes data packets to steal sensitive information.

 Types of Passive attacks are as follows: 

1. The Release of Message Content
2. Traffic Analysis

1. The Release of Message Content

Telephonic conversation, an electronic mail message, or a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions. 

2. Traffic Analysis 

Suppose that we had a way of masking (encryption) information, so that the attacker even if captured the message could not extract any information from the message. 
The opponent could determine the location and identity of communicating host and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place. 
The most useful protection against traffic analysis is encryption of SIP traffic. To do this, an attacker would have to access the SIP proxy (or its call log) to determine who made the call.

Conclusion

The field of information security is challenged by both active and passive attacks. Active attacks pose significant risks, applying strong defense mechanisms to prevent disruption and data loss. On the other side, passive attacks emphasize the need to protect sensitive information from unauthorized access through encryption and user training. As cyber threats continue to evolve and so our strategies must upgrade for security and protection. By understanding the strategies used by cybercriminals and implementing effective security measures, individuals and organizations can improve their defenses against both types of attacks, ensuring the safety and integrity of their critical data.