1. Introduction
In this tutorial, we’ll study the characteristics, similarities, and differences between passive and active attacks.
Currently, there are several services provided online. These services, in turn, represent a relevant and valuable market. So, due to this scenario, online services, their providers, and their clients have become potential targets of attacks triggered by malicious entities.
Sometimes, attacks moved by malicious entities aim to change the target system state or even make it unavailable. Other times, however, the attackers are more interested in stealing data, thus moving efforts to make it sneaky. So, the objective is to avoid causing collateral effects on the system that can reveal that an attack is happening.
In this context, we’ll first explore some background concepts regarding information security. Thus, we’ll particularly study active and passive attacks, having some practical examples of each one. Then, finally, we’ll compare passive and active attacks in a systematic summary.
2. Information Security Background
At first, we can think that information security means the capacity to prevent unauthorized access to private data or systems. It is actually true, but information security means much more than that.
More specifically, when we talk about information security, we are discussing preventing unauthorized access, use, inspection, exploit, or modification of our data or processes. In such a way, information security encompasses a series of strategies and solutions to detect, avoid, and mitigate (if necessary) any attack on our systems.
We can state that attacks are diverse in terms of objective and operation. However, some of them, such as Distributed Denial-Of-Service (DDoS), intend to make noise. These attacks bring immediate consequences to a system and typically are rapidly noted by its operators and maintainers.
Other ones are quiet attacks. They usually do not bring any immediate consequence to the system being attacked. However, the objective is to break the system’s confidentiality and get valuable information, such as passwords or potential backdoors. Port scan attacks are examples here.
In such a manner, the industry and the research community continuously move efforts to understand the information threats and keep data and systems secure, mainly in terms of their confidentiality, integrity, and availability (CIA triad).
3. Active Attacks
We can summarize active attacks as any malicious action that aims to modify or take control of some system resource or process. These attacks are imminent threats to the system since, in many cases, the attacker’s main objective is to make a service (provided by a system) unavailable for legitimate users.
On the other hand, due to aggressive behavior, active attacks are noisy. However, in general, it is simple to identify the occurrence of an active attack since its collateral effects are explicit. Examples of such collateral effects are abnormal network behavior, excessive computational resource consumption, errors in running programs, and service slowness.
The following image exemplifies the entities involved in active attacks and their general actions in it:
There are some active attacks very typical in modern computing and networking. Some of them are briefly presented next:
- Denial-of-Service: the attackers send lots of false requests to overload the system and make the provided service unavailable
- Masquerade: the attacker pretends to be a benign and authorized entity to get access to a given system and its resources and services
- Message Modification: the attackers modify the ordering/content of messages from a benign entity to get a different result from the expected one
- Replay: the attacker capture messages from benign and authorized entities and thus retransmit them to produce a desired effect in the target system
- Trojan Horses: usually, the attacker exploits a backdoor provided by a trojan software to execute privileged operations in a system
Due to the characteristics of active attacks, the main objective of system operators and managers is to prevent them from occurring. However, these attacks are an eminent risk to the integrity and availability of systems. In this manner, if an attack happens, the objective shifts to mitigate it as soon as possible.
4. Passive Attacks
In short, we can see passive attacks as malicious actions related to observing and intercepting data sent to or processed by the attacked system. In this case, however, attackers are not intended to damage the attacked system. Thus, legitimate users can still access and request the system and its services.
Due to the previously stated characteristics, we can say that passive attacks are sneaky. Besides not damaging the systems or modifying data, attackers also take precautions to stay invisible for security solutions working for the attacked system. So, commonly, it is hard to detect that a passive attack is happening.
The image next illustrates potential malicious entities involved in passive attacks:
Some of the most common passive attacks executed in modern computing and networking are described next:
- Eavesdropping: the attacker steals information from communications between legitimate users and systems by intercepting it during its transmission through a network
- Release of Messages: the attacker uses a backdoor or other exploit to steal data directly from the users’ or system’s device
- Port Scan: the attacker sends legitimate messages searching for potential weaknesses in the target system
Considering the presented characteristics, network managers and operators should pay attention to detect that a passive attack is happening and then take countermeasures to avoid its continuity. However, sometimes it is out of reach of managers and operators. It happens because the attack may occur in the personal context of legitimate users or in the core network itself.
Finally, it is relevant to highlight that passive attacks are particularly dangerous for the confidentiality aspect of the CIA triad.
5. Systematic Summary
As we studied in the previous sections, there exist multiple threats in the digital world. Active and passive attacks represent some of these threats.
In particular, active attacks are malicious actions that aim to modify data or take control of a system. Since they cause collateral effects, their occurrences are easily identifiable. So, operators of the attacked system must act fast to mitigate the attacks’ consequences, mainly focusing on keeping the system’s availability and integrity.
Passive attacks, in turn, consist of malicious actions that aim to stole data or find some security breach in a system. Since they avoid causing collateral effects on the system’s operation, these attacks are typically challenging to identify. Thus, operators should work on the systems to detect unusual user behaviors that may be an attack while keeping the confidentiality of data and operations processed.
The following table compares some relevant characteristics of passive and active attacks:
Active Attacks
Passive Attacks
Modification
Information and operations may be modified
Does not modify operations and information
Collateral Effect
There are many
There are few or no one
CIA Threat
Mainly to the integrity and availability
Mainly to the confidentiality
Attention
To avoid and mitigate the attack
To detect that the attack is happening
Examples
Denial-of-Service; Masquerade; Message Modification; Replay; Trojan Horses
Eavesdropping; Release of Messages; Port Scan
6. Conclusion
In this tutorial, we studied active and passive attacks. At first, we saw some fundamental concepts about information security. Thus, we explored the meaning of passive and active attacks in computing. So, we reviewed concepts and compared the differences and similarities between active and passive attacks in a systematic summary.
We can conclude that both active and passive attacks are an imminent threat to computing and networking. In such a way, system managers and operators should pay attention to them and take actions to prevent, identify, and mitigate potential attacks.