This article is going to be very interesting and important for readers that are interested in cyber security. In this article, we are going to discuss two major types of security attacks that are Active attack and Passive attack.

Hope this article will be informative to you, and give you the sufficient information about Active attack, Passive attack, and their comparison. So, without any delay, let's start our topic.

What is a Security attack?

Security attacks jeopardize the system's security. These are the unauthorized or illegal actions that are taken against the government, corporate, or private IT assets in order to destroy, modify, or steal the sensitive data. They are further classified into active and passive attacks, in which the attacker gets unlawful access to the system's resources.

Active attacks

In active attacks, the attacker intercepts the connection and efforts to modify the message's content. It is dangerous for integrity and availability of the message. Active attacks involve Masquerade, Modification of message, Repudiation, Replay, and Denial of service. The system resources can be changed due to active attacks. So, the damage done with active attacks can be harmful to the system and its resources.

In the below image, we can see the process of active attacks.

Active attack vs Passive attack

In active attacks, the victim gets notified about the attack. The implication of an active attack is typically difficult and requires more effort. Active attacks can be prevented by using some techniques. We can try the below-listed measures to prevent these attacks -

  • Use of one-time password help in the authentication of the transactions between two parties.
  • There could be a generation of the random session key that will be valid for a single transaction. It should prevent the malicious user from retransmitting the actual information once the session ends.

Passive attacks

In passive attacks, the attacker observes the messages, then copy and save them and can use it for malicious purposes. The attacker does not try to change the information or content he/she gathered. Although passive attacks do not harm the system, they can be a danger for the confidentiality of the message.

In the below image, we can see the process of passive attacks.

Active attack vs Passive attack

Unlike active attacks, in passive attacks, victims do not get informed about the attack. It is difficult to detect as there is no alteration in the message. Passive attacks can be prevented by using some encryption techniques. We can try the below-listed measures to prevent these attacks -

  • We should avoid posting sensitive information or personal information online. Attackers can use this information to hack your network.
  • We should use the encryption method for the messages and make the messages unreadable for any unintended intruder.

Active attack v/s Passive attack

Active attack vs Passive attack

Now, let's see the comparison chart between Active attack and Passive attack. We are comparing both security attacks on the basis of some characteristics.

On the basis of

Active attack

Passive attack

Definition

In active attacks, the attacker intercepts the connection and efforts to modify the message's content.

In passive attacks, the attacker observes the messages, then copy and save them and can use it for malicious purposes.

Modification

In an active attack, the attacker modifies the actual information.

In passive attacks, information remains unchanged.

Victim

In active attacks, the victim gets notified about the attack.

Unlike active attacks, in passive attacks, victims do not get informed about the attack.

System's impact

The damage done with active attacks can be harmful to the system and its resources.

The passive attacks do not harm the system.

System resources

In active attacks, the system resources can be changed.

In passive attacks, the system resources remain unchanged.

Dangerous for

They are dangerous for the integrity and availability of the message.

They can be dangerous for confidentiality of the message.

Emphasis on

In active attacks, attention is on detection.

In active attacks, attention is on prevention.

Types

Active attacks involve Masquerade, Modification of message, Repudiation, Replay, and Denial of service.

It involves traffic analysis, the release of a message.

Prevention

Active attacks are tough to restrict from entering systems or networks.

Unlike active attacks, passive attacks are easy to prohibit.