A useful means of classifying security attacks are classified into two types, passive attack and active attack. A passive attack attempts to learn or make use of information from the system but does not affect system resources, whereas active attack attempts to alter system resources or affect their operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping(spy) on, or monitoring of transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the 'Release of Message Content' and 'Traffic Analysis'.
- Release of Message
The 'release of message contents' is easily understood. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
2. Traffic Analysis
Here, suppose we had a way of making the contents of messages or other information traffic so that opponents, event if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.
Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: Masquerade, Replay, Modification of Messages, and Denial of Service.
- Masquerade.
A 'masquerade' takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequence has taken place, thus enabling few privilege to obtain extra privilege by pretending an entity that has those privileges.
2. Replay.
Replay involve the passive capture of a data unit and its subsequent retransmission to produce an authorized effect.
3. Modification of messages.
It simply means that some portion of a authorized message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. For example, a ,message meaning "Allow Virat to read confidential file accounts" is changed to "Allow Dhoni to read confidential file accounts".
4. Denial of Service.
It prevents or inhibits the normal use or management of communication facilities. This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination. Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.