Types of Security Attack
Passive Attack:
A passive attack is a security attack where an attacker only reads the message stored or transmitted. Passive attacks are difficult to detect but easy to prevent.
Passive attacks are grouped into the following subcategories:
Release of message content — the leaking of sensitive message content
Traffic Analysis — monitoring and extracting useful information from network traffic
Active Attack:
An active attack is a security attack where an attacker tries to break into secured system and alters the data or system resources. Active attacks are easy to detect but difficult to prevent.
Active attacks are grouped into the following subcategories:
Modification of messages — alteration or change of a legitimate portion of the message, or delaying or reordering of message
Masquerade — impersonating somebody else or a device
Replay — passive capture of data and subsequently transmitted to produce an unauthorized effect
Repudiation — Denial by a sender not sent a message after having sent the message or denial by a receiver not received the message after having received.
Denial of Service — slowing down or impairing service of a system
The table below shows the types of security attacks and their threat to the CIA.
