Browse Definitions :
Definition

passive attack

What is a passive attack?

A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose of a passive attack is to gain information about the system being targeted; it does not involve any direct action on the target.

Passive attacks include active reconnaissance and passive reconnaissance. The word reconnaissance comes from the military term that refers to the act of exploring an enemy territory to gather information. In a computer security context, reconnaissance is the act of exploring a system or network in order to gather information before conducting a full attack.

These two types of attacks differ in the following ways:

  • Active reconnaissance. The intruder engages with the target system to gather information about vulnerabilities. Attackers often use methods such as port scanning to learn which ports are open and what services are running on them.
  • Passive reconnaissance. The intruder monitors the system for vulnerabilities without interaction for the sole purpose of gaining information. Often the attacker monitors a user's web session and then uses information retrieved from that session to conduct a future attack. 

Types of passive attacks

Passive attacks can take various forms, including the following:

  • Traffic analysis. This involves analyzing network traffic as it moves to and from the target systems. These types of attacks use statistical methods to analyze and interpret the patterns of communication exchanged over the network. These attacks can be performed on encrypted network traffic, but they are more common on unencrypted traffic.
  • Eavesdropping. Eavesdropping occurs when an attacker intercepts sensitive information by listening to phone calls or reading unencrypted messages exchanged in a communication medium. Although eavesdropping is similar to snooping, snooping is limited to gaining access to data during transmission. 
  • Footprinting. This is the process of gathering as much information as possible about the target company's network, hardware, software and employees. Footprinting gathers information on the target, such as IP address, domain name system information and employee ID. Footprinting is also the first step in gathering information for a penetration test.
  • Spying. An intruder might masquerade as an authorized network user and spy without interaction. With that access, an intruder might monitor network traffic by setting the network adapter to promiscuous mode to capture all encrypted data traffic on a network.
  • War driving. War driving detects vulnerable Wi-Fi networks by scanning them from nearby locations with a portable antenna. This type of passive attack is typically carried out from a moving vehicle. Hackers sometimes plot out areas with vulnerabilities on a map using a GPS. War driving can be done just to steal an internet connection or as a preliminary activity for a future attack.
  • Dumpster diving. In this type of attack, intruders look for information stored on discarded devices or even passwords in trash bins. The intruders can then use this information to facilitate covert entry to a network or system.
10 things cybercriminals look for when dumpster diving.
A list of 10 things companies should securely discard to prevent cybercriminals from dumpster diving.

What is the difference between a passive and an active security attack?

With an active attack, the intruder attempts to alter data on the target system or data in transit to or from the target system. During an active attack, an attacker tries to exploit a vulnerability to hack into a system or to gain access to a user's data. An active attacker interacts with the target before extracting information from the target or making changes to it. In contrast, a passive attacker intercepts network traffic or examines files from the target without any direct interaction.

Interactions in an active attack typically occur by way of impersonation, modification of messages, session replays or denial of service attacks. Passive attacks often precede active attacks, as an attacker may use information gathered to conduct a future active attack.

How to avoid passive attacks

A passive attack is difficult to track because it often does not leave any traces of the attacker's interference, and it can be hard to determine if the system has been compromised. As a result, passive attacks are a type of data breach that go largely unnoticed. However, there are some preventive measures that can help enterprises avoid passive attacks.

  • Encrypt data. Encryption is a security technique that obscures data from everyone but the recipient. When data is encrypted, anyone who intercepts it will only see an incomprehensible combination of characters. The best way to prevent data breaches is to encrypt data so that it is protected during the transmission and storage stages. Encryption is not a panacea, however, and is not effective for all threats. It is also not a substitute for proper network security. Encryption uses the following two types of cryptography algorithm:
    • Symmetric encryption. Symmetric encryption is used to protect data using a single cryptographic key. Both the sender and the receiver must have the exact same key. As long as both parties have copies of the key, they can use it to encrypt and decrypt messages.
    • Asymmetric -- or public key -- encryption. More secure than symmetric encryption, public key encryption uses a pair of related keys, one of which is secret or private and the other of which is public. The public key is made available to anyone who wishes to send an encrypted message, and it may be freely distributed. The private key is only accessible to the person authorized to decrypt messages sent with the public key.
  • Keep sensitive information private. Do not share private information publicly. Attackers can use this information to hack into a private network.

What's the difference between data protection, data security and data privacy? Compare these three areas to learn how each keeps sensitive data safe.

This was last updated in July 2021

Continue Reading About passive attack

Networking
  • port address translation (PAT)

    Port address translation (PAT) is a type of network address translation (NAT) that maps a network's private internal IPv4 ...

  • network fabric

    'Network fabric' is a general term used to describe underlying data network infrastructure as a whole.

  • loose coupling

    Loose coupling is an approach to interconnecting the components in a system, network or software application so that those ...

Security
  • total risk

    Total risk is an assessment that identifies all the risk factors associated with pursuing a specific course of action.

  • steganography

    Steganography is the technique of hiding data within an ordinary, nonsecret file or message to avoid detection; the hidden data ...

  • triple extortion ransomware

    Triple extortion ransomware is a type of ransomware attack where a cybercriminal extorts their victim multiple times, namely by ...

CIO
  • microtargeting

    Microtargeting (also called micro-niche targeting) is a marketing strategy that uses consumer data and demographics to identify ...

  • business process

    A business process is an activity or set of activities that accomplish a specific organizational goal. Business processes should ...

  • business process improvement (BPI)

    Business process improvement (BPI) is a practice in which enterprise leaders analyze their business processes to identify areas ...

HRSoftware
  • employee onboarding and offboarding

    Employee onboarding involves all the steps needed to get a new employee successfully deployed and productive, while offboarding ...

  • skill-based learning

    Skill-based learning develops students through hands-on practice and real-world application.

  • gamification

    Gamification is a strategy that integrates entertaining and immersive gaming elements into nongame contexts to enhance engagement...

Customer Experience
  • Microsoft Dynamics 365

    Dynamics 365 is a cloud-based portfolio of business applications from Microsoft that are designed to help organizations improve ...

  • Salesforce Commerce Cloud

    Salesforce Commerce Cloud is a cloud-based suite of products that enable e-commerce businesses to set up e-commerce sites, drive ...

  • Salesforce DX

    Salesforce DX, or SFDX, is a set of software development tools that lets developers build, test and ship many kinds of ...

Close