Q-1>- Explain Active Attacks and Passive Attacks with example.

Active Attack Passive Attack

In an active attack, Modification in information While in a passive attack, Modification in the information
takes place. does not take place.

Active Attack is a danger to Integrity as well

Passive Attack is a danger to Confidentiality.
as availability.

In an active attack, attention is on prevention. While in passive attack attention is on detection.

Due to active attacks, the execution system is

While due to passive attack, there is no harm to the system.
always damaged.

In an active attack, Victim gets informed about While in a passive attack, Victim does not get informed
the attack. about the attack.

In an active attack, System resources can be While in passive attack, System resources are not
changed. changing.

Active attack influences the services of the While in a passive attack, information and messages in the
system. system or network are acquired.

In an active attack, information collected While passive attacks are performed by collecting
through passive attacks is used during information such as passwords, and messages by
execution. themselves.

Can be easily detected. Very difficult to detect.

The purpose of an active attack is to harm the The purpose of a passive attack is to learn about the
ecosystem. ecosystem.

In an active attack, the original information is

In passive attack original information is Unaffected.
modified.
Active Attack Passive Attack

The duration of an active attack is short. The duration of a passive attack is long.

The prevention possibility of active attack is

The prevention possibility of passive attack is low.
High

Complexity is High Complexity is low.

Real life Example of Active attack:- Let's say you intercept a note being passed between two
classmates. Instead of just reading it and passing it along, you change the message before passing it
to the intended recipient. Maybe you add some false information or a mean comment. In this case,
you're actively altering the communication, not just silently observing.

Real life Example of Passive attack:- Imagine you're sitting in a café, and two people at the next
table are talking loudly about their weekend plans. You overhear their conversation without them
knowing. You're not interrupting or altering their conversation; you're just quietly listening and
gathering information.

Q-2>- Different types of attacks:-

1- Eavesdropping or sniffing or sensitive snooping: Data is transferred from one location to

another location in the form of packets. So, while transferring the information like
passwords, plain text messages, other confidential information. Unwanted user or hacker is
operating on same computer or same server then he/she breach your data packets and get
all information but he/she won’t do anything with data. Data will be as usual as sent by the
sender. Example –Wireshark is good tool for this purpose.
2- Spoofing:- A spoofing attack is like someone putting on a disguise to impersonate someone
else or something else in the digital world.

Examples:

 IP Spoofing: The attacker modifies the source IP address of packets to make it appear
as if they're coming from a trusted source. This can be used to bypass access controls
or launch distributed denial-of-service (DDoS) attacks.
 Email Spoofing: The attacker forges the sender's email address to make it look like
the email is coming from a trusted source. This is often used in phishing attacks to
trick recipients into revealing sensitive information or clicking on malicious links.
 Website Spoofing: The attacker creates a fake website that looks identical to a
legitimate one. They may use a similar domain name or design to deceive users into
entering their login credentials or financial information.
 3- Modification Attacks:- The data are modified or altered by the attacker there is no strong
encryption method provided and the attacker intercepts data as it's being transmitted or
stored and makes changes to it without the knowledge or consent of the sender or recipient.

4- Repudiation Attack:- A repudiation attack is when someone denies having performed a

particular action or transaction. The sender of the message denies that he is the source of
the message. Here the authenticity of the message is violated. Digital signatures are used to
prevent these kind of' attack.

5- Denial-of-Service(DOS) Attacks and Distributed Denial-of-Service(DDOS) Attacks:- The

attacker attempts to overwhelm a targeted system or network with excessive traffic,
requests, or data, rendering it unable to respond to legitimate requests from users An
attacker floods a web server with a high volume of HTTP requests, causing it to
become unresponsive and preventing legitimate users from accessing the website.
Then at that time attacker try to get the access of the user system and breach all the
important data.

6- Brute force Attack:- Brute force attacks are like trying every possible combination to
unlock a door. A brute force attack is a trial-and-error method used to obtain information,
such as passwords or encryption keys, by systematically trying all possible combinations until
the correct one is found.

Brute force attacks can target various types of systems and security mechanisms, including:

 Passwords: Trying different combinations to gain access to user accounts or systems.

 Encryption: Decrypting encrypted data by trying different keys until the correct one is
found.
 Authentication mechanisms: Bypassing authentication measures by guessing valid
credentials or keys.

7-Man-in-the-Middle Attack or Replay Attack:-

 A Man-in-the-Middle (MitM) attack is like someone secretly listening in on a phone

call between two people.
 The attacker secretly inserts themselves between the communication path of the two
parties. This could be between a user and a website, two devices on a network, or any
other communication channel.
 The attacker intercepts the data being exchanged between the two parties. This could
include sensitive information such as login credentials, financial details, or personal
messages.
 Example: Imagine Alice wants to send a message to Bob. Normally, the message would go
directly from Alice to Bob. However, in a MitM attack, Eve secretly positions herself between
Alice and Bob. Alice sends her message, thinking it's going directly to Bob, but Eve intercepts
it first, reads or modifies it if necessary, and then forwards it to Bob. Bob receives the
message, unaware that it has been intercepted or altered.

8- Insider Attack:- An insider attack is when someone from within an organization, like an
employee or a contractor, does something harmful or unauthorized. he insider might steal sensitive
information, sabotage systems or data, or cause other types of harm. For example, they might leak
confidential company data, install malware on company computers, or disrupt the organization's
operations.

Basis of
Sr.No. Comparison WORMS VIRUS

A Worm is a form of malware
that replicates itself and can
spread to different computers
1. Definition via Network.
A Virus is a malicious
executable code attached
to another executable file
which can be harmless
or can modify or delete
data.

The main objective of worms is

to eat the system resources. It
consumes system resources
such as memory and bandwidth
and made the system slow in The main objective of
speed to such an extent that it viruses is to modify the
2. Objective stops responding. information.

It doesn’t need a host to

replicate from one computer to It requires a host is
3. Host another. needed for spreading.

4. Harmful It is less harmful as compared. It is more harmful.

Detection Worms can be detected and Antivirus software is

and removed by the Antivirus and used for protection
5. Protection firewall. against viruses.

Worms can be controlled by Viruses can’t be

6. Controlled by remote. controlled by remote.

Worms are executed via Viruses are executed via

7. Execution weaknesses in the system. executable files.

Worms generally comes from Viruses generally comes

the downloaded files or through from the shared or
8. Comes from a network connection. downloaded files.

Boot sector virus, Direct

Internet worms, Instant
messaging worms, Email
worms, File sharing worms,
Internet relay chat (IRC) worms
11. Types are different types of worms.
Action virus,
Polymorphic virus,
Macro virus, Overwrite
virus, File Infector virus
are different types of
viruses

Examples of viruses
Examples of worms include include Creeper, Blaster,
12. Examples Morris worm, storm worm, etc. Slammer, etc.
 It does not need human action It needs human action to
13. Interface to replicate. replicate.

Its spreading speed is

slower as compared to
14. Speed Its spreading speed is faster. worms.

Principles of security:-

1 – Confidentiality:- The principle specifies that only the sender and receiver will be able to
access the information shared between them. It involves measures such as encryption, access
controls, and data classification to prevent unauthorized access or disclosure of confidential data.
For example, let us consider sender A wants to share some confidential information with receiver
B and the information gets intercepted by the attacker C. Now the confidential information is in
the hands of an intruder C.

2- Integrity: Integrity ensures that data remains accurate, complete, and unaltered during storage,
transmission, or processing. Measures such as data validation, checksums, and digital signatures
help maintain data integrity and detect unauthorized modifications. If the content of the message is
changed after the sender sends it but before reaching the intended receiver, then it is said that the
integrity of the message is lost.

3-Availability:- The principle of availability states that the resources will be available to authorize
party at all times. Information will not be useful if it is not available to be accessed. Systems should
have sufficient availability of information to satisfy the user request.

4-Authentication: Authentication verifies the identity of users, systems, or entities attempting to

access resources. This involves mechanisms such as passwords, biometrics, digital certificates, or
multi-factor authentication to ensure that only authorized individuals or systems are granted access.

5- Non-repudiation: Non-repudiation ensures that individuals or entities cannot deny their actions
or transactions. In some cases the sender sends the message and later denies it. But the non-
repudiation does not allow the sender to refuse the receiver.

6-Access control: The principle of access control is determined by role management and rule
management. Role management determines who should access the data while rule management
determines up to what extent one can access the data. The information displayed is dependent on the
person who is accessing it.

Zombie:

It denotes a computer or electronic device compromised by malware or malicious software.

Whenever a computer gets affected by malicious software then that computer can be controlled
by the attacker sitting at some different location and the owner won’t know about this. These
infected computers are termed to be ‘zombies’.
Types of Zombies:-

1. Botnet Zombies: These are the compromised devices or computers that are controlled by
Central Command and Control(C&C) servers by infecting computers with malware. These
devices form a network called botnets. These botnets allow the criminal to coordinate for
various cybercrime such as Distributing spam or DDOS.
2. Fileless Zombies: The problem with traditional malware is that they leave traces on the
affected systems. Fileless Zombie operates in memory and it almost leaves no trail on the
hard drive. These zombies are mostly undetectable from the traditional antivirus software
making them hard to identify and mitigate.
3. IoT Zombies: Many IOT devices such as smart homes medical devices or industrial devices
can be compromised and converted into zombies. These infected devices are a way to
launch a big attack or can be the entry point into a big network
4. Ransomware Zombies: Some malware encrypts the victim’s file, blocks those files in the
victim’s computer itself, and demands money to decrypt those files. This type of attack is
said to be a ransomware attack. These attacks can become a zombie controlled by a
ransomware controller.
5. Social Engineering Zombies: These zombies are not devices or computers they refer to
individuals who manipulate others to give sensitive information by using social
engineering tactics. Attackers use techniques such as fake websites, phone calls, or phishing
emails to manipulate people into providing sensitive information or making them install
malware by themselves.

Types of Viruses:-

1. File Infector Viruses: These viruses attach themselves to executable files (such as .exe or .dll
files) and infect them. When the infected file is executed, the virus activates and may spread
to other files on the system.
2. Boot Sector Viruses: These viruses infect the boot sector of storage devices, such as hard
drives or USB drives. When the infected device is booted, the virus loads into memory and
can infect the system's files or spread to other devices.
3. Polymorphic Viruses: Polymorphic viruses have the ability to change their appearance (i.e.,
their code) each time they infect a new file or system. This makes them difficult to detect
using traditional antivirus software, as their signatures change with each infection.
4. Ransomware: Ransomware encrypts the victim's files and demands payment (usually in
cryptocurrency) in exchange for the decryption key. It can spread through infected email
attachments, malicious websites, or vulnerabilities in software.
5. Spyware: Spyware is designed to secretly monitor and collect information about a user's
activities, such as browsing habits, keystrokes, or personal data. It can be used for malicious
purposes, such as identity theft.

S.
No. PHISHING PHARMING

In phishing, the attacker tries to

find the sensitive information Pharming is a more advanced technique to
1 of users by the means of get users’ credentials by making effort to
electronic communication enter users into the website.
illegally.
S.
No. PHISHING PHARMING

It is an attempt to scam people It simply redirects traffic from one website to

2 one at a time via an email or a different, identical-looking website to steal
instant message. information.

3 It is electronic mail fraud. It is similar in nature to email phishing.

It is a type of fraud in which an

It is a scam and seeks to obtain personal and
attacker tricks the victims into
4 private information through domain
providing personal information
spoofing.
by email or message.

It is relatively easy to initiate

5 It is more difficult to accomplish and identify.
and identify.

It involves a fraudulent email

containing a link to a website It poisons the DNS server, redirecting the
6
seeking personal details from users to different websites.
users.

7 It uses mail. It uses websites.

Phishing also uses additional

Pharming will employ strategies for data theft
methods for data theft like fax
8 such as DNS spoofing, DNS hijacking, and DNS
phishing, vishing, and
cache poisoning.
smishing.

Pharming negotiates with the DNS server to

send users to a fraudulent domain. Once the
Phishing employs lures like
9. hacker conducts a successful DNS assault
bogus links.
during pharming, the mainstream traffic to
the website is diverted.

It targets individuals one at a It simultaneously targets huge groups of

10.
time. individuals