網(wǎng)絡(luò)安全威脅的表現(xiàn)形式_網(wǎng)絡(luò)安全攻擊的主要表現(xiàn)

信息安全主動攻擊和被動攻擊

安全攻擊 (Security Attacks)

The attack in cryptography means that our data or sent messages or any kind of information is accessed by some anonymous user without our permission. An attack simply means to alter, destroy, implant or reveal the data of a user without their permission. This happens because of some flaws and defects in the security systems. Attacks are differentiated based on the actions of the attacker.

加密技術(shù)的攻擊意味著某些匿名用戶未經(jīng)我們許可即可訪問我們的數(shù)據(jù)或發(fā)送的消息或任何類型的信息。 攻擊只是意味著未經(jīng)用戶許可就更改，破壞，植入或泄露用戶的數(shù)據(jù)。 發(fā)生這種情況是因為安全系統(tǒng)中存在一些缺陷。 根據(jù)攻擊者的動作來區(qū)分攻擊。

安全攻擊的類型 (Types of security attacks)

There are two types of security attacks,

有兩種類型的安全攻擊，

Active Attack

主動攻擊

Passive Attack

被動攻擊

1)主動攻擊 (1) Active Attack)

Assume that two computers or any communicating devices are connected and they are transferring data with each other. In Active Attack, the attacker, not just only observes data but he has direct access to it. The attacker can read and update the data without the information of any of the users. In Active Attack, the attacker tries to induce noise in the data transmission. He tries to put error bits in the transmission. The attacker tries to alter or modify the data. In other words, the data that is transmitted is modified by a third client illegally is called Active Attack.

假定已連接兩臺計算機或任何通信設(shè)備，并且它們彼此之間正在傳輸數(shù)據(jù)。 在主動攻擊中，攻擊者不僅觀察數(shù)據(jù)，而且可以直接訪問數(shù)據(jù)。 攻擊者可以在沒有任何用戶信息的情況下讀取和更新數(shù)據(jù)。 在主動攻擊中，攻擊者嘗試在數(shù)據(jù)傳輸中引入噪聲。 他嘗試在傳輸中放入錯誤位。 攻擊者試圖更改或修改數(shù)據(jù)。 換句話說，被第三客戶端非法修改的數(shù)據(jù)被稱為主動攻擊。

Active attack

主動攻擊

Active attack examples

主動攻擊示例

1) Masquerade
Assume that A and B are connected and they are transferring data to each other. A and B are genuine users. In the Masquerade attack, the attacker used the identity of the authentic users and he breaks into the communication and behaves like the authentic user and grabs all the data.

1)化妝舞會
假設(shè)A和B已連接，并且彼此之間正在傳輸數(shù)據(jù)。 A和B是真實用戶。 在假面舞會攻擊中，攻擊者使用了真實用戶的身份，他闖入了通信，并表現(xiàn)得像真實用戶一樣，并獲取了所有數(shù)據(jù)。

2) Relay:
Assume that A and B are connected and they are transferring data to each other. A is sending some message to B. The message is on its way but in between the attacker captures the message and now not only he can read the message but he can update and modify it too. He can create error bits in the message. Error bits are the bits that don’t belong to the original message.

2)繼電器 ：
假設(shè)A和B已連接，并且彼此之間正在傳輸數(shù)據(jù)。 A正在向B發(fā)送一些消息。該消息正在進行中，但是在攻擊者之間捕獲了該消息，現(xiàn)在，他不僅可以讀取該消息，而且還可以對其進行更新和修改。 他可以在消息中創(chuàng)建錯誤位。 錯誤位是不屬于原始消息的位。

3) Denial of service:
In this attack, the attacker sends a lot of requests to the server to increase the traffic. If the server has a lot of requests then it will take a lot of time to respond to the genuine requests which are made by the authentic users. In this way, by increasing the traffic on the server, he can slow down the server. In this way, the authentic users will not get a response from the server. In this way, their service is denied.

3)拒絕服務(wù) ：
在這種攻擊中，攻擊者向服務(wù)器發(fā)送了大量請求以增加流量。 如果服務(wù)器有很多請求，則將花費大量時間來響應(yīng)由真實用戶發(fā)出的真實請求。 這樣，通過增加服務(wù)器上的流量，他可以降低服務(wù)器的速度。 這樣，真實用戶將無法從服務(wù)器獲得響應(yīng)。 這樣，他們的服務(wù)將被拒絕。

2)被動攻擊 (2) Passive Attack)

In Passive Attack, the attacker can observe every message or data that is sent or received in the communication but he can not update or modify it. This is called Passiveness. He can’t induce noise or error bits in the original message. The users have no idea that their communication is observed by a third party. He can silently read all the data and he can use that data in the future to create threats

在“被動攻擊”中，攻擊者可以觀察到通信中發(fā)送或接收的每條消息或數(shù)據(jù)，但無法更新或修改它們。 這稱為被動。 他無法在原始郵件中引入噪音或錯誤位。 用戶不知道他們的通信被第三方遵守。 他可以靜默讀取所有數(shù)據(jù)，將來可以使用這些數(shù)據(jù)來構(gòu)成威脅

翻譯自: https://www.includehelp.com/cyber-security/active-and-passive-attacks-in-information-security.aspx

信息安全主動攻擊和被動攻擊