Browse Definitions :
Definition

passive scanning

Passive scanning is a method of vulnerability detection that relies on information gleaned from network data that is captured from a target computer without direct interaction.

Packet sniffing applications can be used for passive scanning to reveal information such as operating system, known protocols running on non-standard ports and active network applications with known bugs. Passive scanning may be conducted by a network administrator scanning for security vulnerabilities or by an intruder as a preliminary to an active attack.

For an intruder, passive scanning's main advantage is that it does not leave a trail that could alert users or administrators to their activities. For an administrator, the main advantage is that it doesn't risk causing undesired behavior on the target computer, such as freezes. Because of these advantages, passive scanning need not be limited to a narrow time frame to minimize risk or disruption, which means that it is likely to return more information.

Passive scanning does have limitations. It is not as complete in detail as active vulnerability scanning and cannot detect any applications that are not currently sending out traffic; nor can it distinguish false information put out for obfuscation.

This was last updated in August 2014

Continue Reading About passive scanning

Networking
  • network management system

    A network management system, or NMS, is an application or set of applications that lets network engineers manage a network's ...

  • host (in computing)

    A host is a computer or other device that communicates with other hosts on a network.

  • Network as a Service (NaaS)

    Network as a service, or NaaS, is a business model for delivering enterprise WAN services virtually on a subscription basis.

Security
  • tokenization

    Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential ...

  • messaging security

    Messaging security is a subcategory of unified threat management, or UTM, focused on securing and protecting an organization's ...

  • WebAuthn API

    The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web ...

CIO
  • value stream management

    Value stream management is an emerging business process intended to gauge the flow of value into business resources and ...

  • audit program (audit plan)

    An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate ...

  • blockchain decentralization

    Decentralization is the distribution of functions, control and information instead of being centralized in a single entity.

HRSoftware
  • team collaboration

    Team collaboration is a communication and project management approach that emphasizes teamwork, innovative thinking and equal ...

  • employee self-service (ESS)

    Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related ...

  • learning experience platform (LXP)

    A learning experience platform (LXP) is an AI-driven peer learning experience platform delivered using software as a service (...

Customer Experience
  • Net Promoter Score (NPS)

    Net Promoter Score (NPS) is a metric that organizations use for assessing customer loyalty toward their brand, products or ...

  • B2C (business-to-consumer)

    B2C, or business-to-consumer, is a retail model where products or services move directly from a business to the end user who has ...

  • market segmentation

    Market segmentation is a marketing strategy that uses well-defined criteria to divide a brand's total addressable market share ...

Close