What is an Active Attack?

An active attack is considered an assault on a network or system. In such an attack, the threat actor interferes with how a network or system works by changing the target data or introducing new data.

An active attack refers to all kinds of activities that occur when a person tries to “hack” into a server or computer. In contrast to passive attacks, wherein hackers do not make modifications but rather listen in or monitor activities, active attacks involve introducing unwanted changes. In some cases, hackers use the data they gathered from a passive attack to carry out an active attack. In a nutshell, an active attack refers to actual “hacking,” while a passive attack can be likened more to “spying.”

Other interesting terms…

• What is Passive Reconnaissance?
• What is an Attack Vector?

Read More about an “Active Attack”

What Are the Different Active Attack Types?

Masquerade Attack

In a masquerade attack, intruders pretend to be legitimate computer users to gain access to the network they are connected to. Hackers initiate masquerade attacks after stealing login usernames and passwords via vulnerability exploitation or bypassing authentication procedures.

Session Replay Attack

A session replay attack happens when hackers steal legitimate users’ login details through session ID theft. Also known as “playback attacks” or “replay attacks,” attackers “repeat” or “delay” data transmissions, allowing them to steal a target’s credentials so they can pretend to be him or her in network communications.

Message Modification

In message modification, attackers change packet header addresses. As such, they can send the message to a different target or alter data on a target machine to get into a network.

Denial-of-Service Attack

A denial-of-service (DoS) attack causes a network resource to become unavailable to users. Hackers initiate such an attack by overwhelming a target computer with more traffic than it can handle.

Distributed Denial-of-Service Attack

A distributed DoS (DDoS) attack directs overwhelming amounts of traffic from multiple compromised devices that make up a botnet to a target computer.

How Can You Prevent an Active Attack?

Here are some best practices against an active attack:

• Use a random session key. Users can generate session IDs with limited validity, for example, for one transaction only. Using random session keys can prevent malicious users from resending messages with modifications.
• One-time passwords help authenticate agreements, transactions, and sessions between two communication participants. The practice ensures password expiration so attackers cannot use it even if they successfully obtain it.
• The Kerberos authentication protocol, which is used in Microsoft Windows Active Directory, allows nodes to transmit data over insufficiently secured networks to prove any user’s identity.

—

Active attacks can be hazardous and costly. They also have the potential to jeopardize operations and disrupt processes. Worse, any computer or network that has vulnerabilities can become easy targets. And while users can employ tons of countermeasures to thwart active attacks, prevention is still the best way.