The Difference Between Passive & Active ThreatsBusinesses and individuals ar

1. The Difference Between Passive & Active Threats
2.  
3. Businesses and individuals around the globe have felt the sting of cyber intruders who attack organizational networks with relative impunity. Some threats only deface a website, while others result in significant embarrassment or financial loss. While it is almost impossible to stop some attacks, it is important for organizations to recognize the difference between passive threats and active threats-- and the surprising risks of passive threats.
4.  
5. Passive Threats
6.  
7. A passive threat involves someone listening in on telecommunications exchanges or passively recording computer activity. An example of the former is an attacker sniffing network traffic using a protocol analyzer or some other packet capturing software. The attacker finds a way to plug into the network and begins capturing traffic for later analysis. Other attackers rely on keyloggers, usually as a Trojan horse in a "free download," to record keystrokes such as user IDs and passwords. The goal, regardless of the method, is just to listen and record the data passing through. The passive threat itself is not harmful, per se, but the information gathered during the session could be extremely damaging.
8.  
9. Active Threat
10.  
11. Active threats on computers involve using information gathered during a passive attack, such as user IDs and passwords, or an outright attack using technological "blunt instruments." Such instruments include password crackers, denial-of-service attacks, email phishing attacks, worms and other malware attacks. In an active attack, the attacker is out to bring a website down, steal information or even destroy computing equipment. As network administrators install defenses against existing attack tools, hackers develop more sophisticated tools and the game of technology leapfrog continues.
12.  
13. Defenses
14.  
15. Any individual or organization with an Internet connection should deploy a set of defenses that includes an Internet firewall, intrusion prevention systems, spam filters and personal firewalls at the very least. Network and security administrators should automate log analysis to spot attacks in progress or trends that indicate attempted intrusions. For instance, a number of failed login attempts might indicate that someone is attempting to guess a password and gain unauthorized network access. Failure to take measures to prevent threats or attacks is an abdication of responsibility on the part of network and security administrators. End users should also be educated in regards to cybersecurity.