- Passive: Passive attacks include traffic analysis, monitoring of unprotected
communications, decrypting weakly encrypted traffic, and capturing authentication
information such as passwords. Passive interception of network operations enables
adversaries to see upcoming actions. Passive attacks result in the disclosure of
information or data files to an attacker without the consent or knowledge of the user.
Examples include the disclosure of personal information such as credit card numbers
and medical files.
- Active: Active attacks include attempts to circumvent or break protection features, to
introduce malicious code, and to steal or modify information. These attacks are
mounted against a network backbone, exploit information in transit, electronically
penetrate an enclave, or attack an authorized remote user during an attempt to connect
to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS,
or modification of data.
- Close-in: Close-in attacks consist of regular individuals attaining close physical
proximity to networks, systems, or facilities for the purpose of modifying, gathering,
or denying access to information. Close physical proximity is achieved through
surreptitious entry into the network, open access, or both.
- Insider: Insider attacks can be malicious or nonmalicious. Malicious insiders
intentionally eavesdrop, steal, or damage information; use information in a fraudulent
manner; or deny access to other authorized users. Nonmalicious attacks typically result
from carelessness, lack of knowledge, or intentional circumvention of security for such
reasons as performing a task.
- Distributed: Distribution attacks focus on the malicious modification of hardware or
software at the factory or during distribution. These attacks introduce malicious code
such as a back door to a product to gain unauthorized access to information or to a
system function at a later date.
Classes of Attack
There are five classes of hacker attack: