網(wǎng)絡(luò)安全威脅的表現(xiàn)形式_網(wǎng)絡(luò)安全攻擊的主要表現(xiàn)

信息安全主動(dòng)攻擊和被動(dòng)攻擊

安全攻擊 (Security Attacks)

The attack in cryptography means that our data or sent messages or any kind of information is accessed by some anonymous user without our permission. An attack simply means to alter, destroy, implant or reveal the data of a user without their permission. This happens because of some flaws and defects in the security systems. Attacks are differentiated based on the actions of the attacker.

加密技術(shù)的攻擊意味著某些匿名用戶未經(jīng)我們?cè)S可即可訪問(wèn)我們的數(shù)據(jù)或發(fā)送的消息或任何類型的信息。 攻擊只是意味著未經(jīng)用戶許可就更改，破壞，植入或泄露用戶的數(shù)據(jù)。 發(fā)生這種情況是因?yàn)榘踩到y(tǒng)中存在一些缺陷。 根據(jù)攻擊者的動(dòng)作來(lái)區(qū)分攻擊。

安全攻擊的類型 (Types of security attacks)

There are two types of security attacks,

有兩種類型的安全攻擊，

Active Attack

主動(dòng)攻擊

Passive Attack

被動(dòng)攻擊

1)主動(dòng)攻擊 (1) Active Attack)

Assume that two computers or any communicating devices are connected and they are transferring data with each other. In Active Attack, the attacker, not just only observes data but he has direct access to it. The attacker can read and update the data without the information of any of the users. In Active Attack, the attacker tries to induce noise in the data transmission. He tries to put error bits in the transmission. The attacker tries to alter or modify the data. In other words, the data that is transmitted is modified by a third client illegally is called Active Attack.

假定已連接兩臺(tái)計(jì)算機(jī)或任何通信設(shè)備，并且它們彼此之間正在傳輸數(shù)據(jù)。 在主動(dòng)攻擊中，攻擊者不僅觀察數(shù)據(jù)，而且可以直接訪問(wèn)數(shù)據(jù)。 攻擊者可以在沒(méi)有任何用戶信息的情況下讀取和更新數(shù)據(jù)。 在主動(dòng)攻擊中，攻擊者嘗試在數(shù)據(jù)傳輸中引入噪聲。 他嘗試在傳輸中放入錯(cuò)誤位。 攻擊者試圖更改或修改數(shù)據(jù)。 換句話說(shuō)，被第三客戶端非法修改的數(shù)據(jù)被稱為主動(dòng)攻擊。

Active attack

主動(dòng)攻擊

Active attack examples

主動(dòng)攻擊示例

1) Masquerade
Assume that A and B are connected and they are transferring data to each other. A and B are genuine users. In the Masquerade attack, the attacker used the identity of the authentic users and he breaks into the communication and behaves like the authentic user and grabs all the data.

1)化妝舞會(huì)
假設(shè)A和B已連接，并且彼此之間正在傳輸數(shù)據(jù)。 A和B是真實(shí)用戶。 在假面舞會(huì)攻擊中，攻擊者使用了真實(shí)用戶的身份，他闖入了通信，并表現(xiàn)得像真實(shí)用戶一樣，并獲取了所有數(shù)據(jù)。

2) Relay:
Assume that A and B are connected and they are transferring data to each other. A is sending some message to B. The message is on its way but in between the attacker captures the message and now not only he can read the message but he can update and modify it too. He can create error bits in the message. Error bits are the bits that don’t belong to the original message.

2)繼電器 ：
假設(shè)A和B已連接，并且彼此之間正在傳輸數(shù)據(jù)。 A正在向B發(fā)送一些消息。該消息正在進(jìn)行中，但是在攻擊者之間捕獲了該消息，現(xiàn)在，他不僅可以讀取該消息，而且還可以對(duì)其進(jìn)行更新和修改。 他可以在消息中創(chuàng)建錯(cuò)誤位。 錯(cuò)誤位是不屬于原始消息的位。

3) Denial of service:
In this attack, the attacker sends a lot of requests to the server to increase the traffic. If the server has a lot of requests then it will take a lot of time to respond to the genuine requests which are made by the authentic users. In this way, by increasing the traffic on the server, he can slow down the server. In this way, the authentic users will not get a response from the server. In this way, their service is denied.

3)拒絕服務(wù) ：
在這種攻擊中，攻擊者向服務(wù)器發(fā)送了大量請(qǐng)求以增加流量。 如果服務(wù)器有很多請(qǐng)求，則將花費(fèi)大量時(shí)間來(lái)響應(yīng)由真實(shí)用戶發(fā)出的真實(shí)請(qǐng)求。 這樣，通過(guò)增加服務(wù)器上的流量，他可以降低服務(wù)器的速度。 這樣，真實(shí)用戶將無(wú)法從服務(wù)器獲得響應(yīng)。 這樣，他們的服務(wù)將被拒絕。

2)被動(dòng)攻擊 (2) Passive Attack)

In Passive Attack, the attacker can observe every message or data that is sent or received in the communication but he can not update or modify it. This is called Passiveness. He can’t induce noise or error bits in the original message. The users have no idea that their communication is observed by a third party. He can silently read all the data and he can use that data in the future to create threats

在“被動(dòng)攻擊”中，攻擊者可以觀察到通信中發(fā)送或接收的每條消息或數(shù)據(jù)，但無(wú)法更新或修改它們。 這稱為被動(dòng)。 他無(wú)法在原始郵件中引入噪音或錯(cuò)誤位。 用戶不知道他們的通信被第三方遵守。 他可以靜默讀取所有數(shù)據(jù)，將來(lái)可以使用這些數(shù)據(jù)來(lái)構(gòu)成威脅

翻譯自: https://www.includehelp.com/cyber-security/active-and-passive-attacks-in-information-security.aspx

信息安全主動(dòng)攻擊和被動(dòng)攻擊