Active Attack

Definition

An active attack is an unauthorised attempt to access a system and alter the existing data, disrupt operations, or take control of the device. It is also called ‘hacking’. Some popular examples of active attacks are denial of service (DoS) and man-in-the-middle (MITM) attacks. 

Active vs. Passive Attacks

• Active attacks are easier to detect because the attackers mainly focus on taking control or modifying the system resources.
• Passive attacks rarely affect the system and, therefore, are harder to detect. They mostly involve monitoring a user’s communication or traffic without raising suspicion. 

Active Attack Examples

• Denial of service (DoS) attack: A DoS attack aims to disrupt operations by shutting down a computer or the entire network, rendering it inaccessible to the users.
• Session hijacking: This is an attempt to gain unauthorized access into a user’s online account through compromised web sessions.
• Man-in-the-middle (MITM) attacks: The attacker intercepts and alters the communication between two people for malicious purposes. This can happen across various communication channels, such as messaging, emails, physical networks, and websites.
• Trojans: Trojans are malware that appears harmless, but once installed on a system, they can modify, steal or damage your data. Some trojans act as backdoors for attackers to launch more attacks.
• Masquerade attacks: The attacker uses other people’s identities to gain unauthorized access to a system. They could occur as a consequence of Identity theft.
• Message modification attack: This is an attack in which hackers modify, delay, or reorder communication content. It can be used to alter systems and data.

Active Attack Protection Measures

• Firewalls: A firewall monitors your device or network’s inbound and outbound traffic to block unauthorized access and prevent hijackers.
• Intrusion Prevention System (IPS): It detects and prevents attacks from known threats by blocking malicious IP addresses, closing targeted access points, or alerting system admins.
• Random Session key: They prevent session hijacking attacks by issuing a unique key for each session and discarding it after the session.
• One-time passwords (OTPs): An OTP can only be used once and expire, preventing attackers from accessing your accessing your account.
• Kerberos Authentication Protocol: This authentication protocol helps users and services prove their identities to each other across a public network like the internet.