網(wǎng)絡(luò )安全威脅的表現形式_網(wǎng)絡(luò )安全攻擊的主要表現

信息安全主動(dòng)攻擊和被動(dòng)攻擊

安全攻擊 (Security Attacks)

The attack in cryptography means that our data or sent messages or any kind of information is accessed by some anonymous user without our permission. An attack simply means to alter, destroy, implant or reveal the data of a user without their permission. This happens because of some flaws and defects in the security systems. Attacks are differentiated based on the actions of the attacker.

加密技術(shù)的攻擊意味著(zhù)某些匿名用戶(hù)未經(jīng)我們許可即可訪(fǎng)問(wèn)我們的數據或發(fā)送的消息或任何類(lèi)型的信息。 攻擊只是意味著(zhù)未經(jīng)用戶(hù)許可就更改，破壞，植入或泄露用戶(hù)的數據。 發(fā)生這種情況是因為安全系統中存在一些缺陷。 根據攻擊者的動(dòng)作來(lái)區分攻擊。

安全攻擊的類(lèi)型 (Types of security attacks)

There are two types of security attacks,

有兩種類(lèi)型的安全攻擊，

Active Attack

主動(dòng)攻擊

Passive Attack

被動(dòng)攻擊

1)主動(dòng)攻擊 (1) Active Attack)

Assume that two computers or any communicating devices are connected and they are transferring data with each other. In Active Attack, the attacker, not just only observes data but he has direct access to it. The attacker can read and update the data without the information of any of the users. In Active Attack, the attacker tries to induce noise in the data transmission. He tries to put error bits in the transmission. The attacker tries to alter or modify the data. In other words, the data that is transmitted is modified by a third client illegally is called Active Attack.

假定已連接兩臺計算機或任何通信設備，并且它們彼此之間正在傳輸數據。 在主動(dòng)攻擊中，攻擊者不僅觀(guān)察數據，而且可以直接訪(fǎng)問(wèn)數據。 攻擊者可以在沒(méi)有任何用戶(hù)信息的情況下讀取和更新數據。 在主動(dòng)攻擊中，攻擊者嘗試在數據傳輸中引入噪聲。 他嘗試在傳輸中放入錯誤位。 攻擊者試圖更改或修改數據。 換句話(huà)說(shuō)，被第三客戶(hù)端非法修改的數據被稱(chēng)為主動(dòng)攻擊。

Active attack

主動(dòng)攻擊

Active attack examples

主動(dòng)攻擊示例

1) Masquerade
Assume that A and B are connected and they are transferring data to each other. A and B are genuine users. In the Masquerade attack, the attacker used the identity of the authentic users and he breaks into the communication and behaves like the authentic user and grabs all the data.

1)化妝舞會(huì )
假設A和B已連接，并且彼此之間正在傳輸數據。 A和B是真實(shí)用戶(hù)。 在假面舞會(huì )攻擊中，攻擊者使用了真實(shí)用戶(hù)的身份，他闖入了通信，并表現得像真實(shí)用戶(hù)一樣，并獲取了所有數據。

2) Relay:
Assume that A and B are connected and they are transferring data to each other. A is sending some message to B. The message is on its way but in between the attacker captures the message and now not only he can read the message but he can update and modify it too. He can create error bits in the message. Error bits are the bits that don’t belong to the original message.

2)繼電器 ：
假設A和B已連接，并且彼此之間正在傳輸數據。 A正在向B發(fā)送一些消息。該消息正在進(jìn)行中，但是在攻擊者之間捕獲了該消息，現在，他不僅可以讀取該消息，而且還可以對其進(jìn)行更新和修改。 他可以在消息中創(chuàng )建錯誤位。 錯誤位是不屬于原始消息的位。

3) Denial of service:
In this attack, the attacker sends a lot of requests to the server to increase the traffic. If the server has a lot of requests then it will take a lot of time to respond to the genuine requests which are made by the authentic users. In this way, by increasing the traffic on the server, he can slow down the server. In this way, the authentic users will not get a response from the server. In this way, their service is denied.

3)拒絕服務(wù) ：
在這種攻擊中，攻擊者向服務(wù)器發(fā)送了大量請求以增加流量。 如果服務(wù)器有很多請求，則將花費大量時(shí)間來(lái)響應由真實(shí)用戶(hù)發(fā)出的真實(shí)請求。 這樣，通過(guò)增加服務(wù)器上的流量，他可以降低服務(wù)器的速度。 這樣，真實(shí)用戶(hù)將無(wú)法從服務(wù)器獲得響應。 這樣，他們的服務(wù)將被拒絕。

2)被動(dòng)攻擊 (2) Passive Attack)

In Passive Attack, the attacker can observe every message or data that is sent or received in the communication but he can not update or modify it. This is called Passiveness. He can’t induce noise or error bits in the original message. The users have no idea that their communication is observed by a third party. He can silently read all the data and he can use that data in the future to create threats

在“被動(dòng)攻擊”中，攻擊者可以觀(guān)察到通信中發(fā)送或接收的每條消息或數據，但無(wú)法更新或修改它們。 這稱(chēng)為被動(dòng)。 他無(wú)法在原始郵件中引入噪音或錯誤位。 用戶(hù)不知道他們的通信被第三方遵守。 他可以靜默讀取所有數據，將來(lái)可以使用這些數據來(lái)構成威脅

翻譯自: https://www.includehelp.com/cyber-security/active-and-passive-attacks-in-information-security.aspx

信息安全主動(dòng)攻擊和被動(dòng)攻擊