信息安全主动攻击和被动攻击

安全攻击 (Security Attacks)

The attack in cryptography means that our data or sent messages or any kind of information is accessed by some anonymous user without our permission. An attack simply means to alter, destroy, implant or reveal the data of a user without their permission. This happens because of some flaws and defects in the security systems. Attacks are differentiated based on the actions of the attacker.

加密技术的攻击意味着某些匿名用户未经我们许可即可访问我们的数据或发送的消息或任何类型的信息。 攻击只是意味着未经用户许可就更改，破坏，植入或泄露用户的数据。 发生这种情况是因为安全系统中存在一些缺陷。 根据攻击者的动作来区分攻击。

安全攻击的类型 (Types of security attacks)

There are two types of security attacks,

有两种类型的安全攻击，

1. Active Attack

   主动攻击

2. Passive Attack

   被动攻击

1)主动攻击 (1) Active Attack)

Assume that two computers or any communicating devices are connected and they are transferring data with each other. In Active Attack, the attacker, not just only observes data but he has direct access to it. The attacker can read and update the data without the information of any of the users. In Active Attack, the attacker tries to induce noise in the data transmission. He tries to put error bits in the transmission. The attacker tries to alter or modify the data. In other words, the data that is transmitted is modified by a third client illegally is called Active Attack.

假定已连接两台计算机或任何通信设备，并且它们彼此之间正在传输数据。 在主动攻击中，攻击者不仅观察数据，而且可以直接访问数据。 攻击者可以在没有任何用户信息的情况下读取和更新数据。 在主动攻击中，攻击者尝试在数据传输中引入噪声。 他尝试在传输中放入错误位。 攻击者试图更改或修改数据。 换句话说，被第三客户端非法修改的数据被称为主动攻击。

Active attack

主动攻击

Active attack examples

主动攻击示例

1) Masquerade
Assume that A and B are connected and they are transferring data to each other. A and B are genuine users. In the Masquerade attack, the attacker used the identity of the authentic users and he breaks into the communication and behaves like the authentic user and grabs all the data.

1)化妆舞会
假设A和B已连接，并且彼此之间正在传输数据。 A和B是真实用户。 在假面舞会攻击中，攻击者使用了真实用户的身份，他闯入了通信，并表现得像真实用户一样，并获取了所有数据。

2) Relay:
Assume that A and B are connected and they are transferring data to each other. A is sending some message to B. The message is on its way but in between the attacker captures the message and now not only he can read the message but he can update and modify it too. He can create error bits in the message. Error bits are the bits that don’t belong to the original message.

2)继电器 ：
假设A和B已连接，并且彼此之间正在传输数据。 A正在向B发送一些消息。该消息正在进行中，但是在攻击者之间捕获了该消息，现在，他不仅可以读取该消息，而且还可以对其进行更新和修改。 他可以在消息中创建错误位。 错误位是不属于原始消息的位。

3) Denial of service:
In this attack, the attacker sends a lot of requests to the server to increase the traffic. If the server has a lot of requests then it will take a lot of time to respond to the genuine requests which are made by the authentic users. In this way, by increasing the traffic on the server, he can slow down the server. In this way, the authentic users will not get a response from the server. In this way, their service is denied.

3)拒绝服务 ：
在这种攻击中，攻击者向服务器发送了大量请求以增加流量。 如果服务器有很多请求，则将花费大量时间来响应由真实用户发出的真实请求。 这样，通过增加服务器上的流量，他可以降低服务器的速度。 这样，真实用户将无法从服务器获得响应。 这样，他们的服务将被拒绝。

2)被动攻击 (2) Passive Attack)

In Passive Attack, the attacker can observe every message or data that is sent or received in the communication but he can not update or modify it. This is called Passiveness. He can’t induce noise or error bits in the original message. The users have no idea that their communication is observed by a third party. He can silently read all the data and he can use that data in the future to create threats

在“被动攻击”中，攻击者可以观察到通信中发送或接收的每条消息或数据，但无法更新或修改它们。 这称为被动。 他无法在原始邮件中引入噪音或错误位。 用户不知道他们的通信被第三方遵守。 他可以静默读取所有数据，将来可以使用这些数据来构成威胁

翻译自: https://www.includehelp.com/cyber-security/active-and-passive-attacks-in-information-security.aspx

信息安全主动攻击和被动攻击