The IT Law Wiki

Passive attack

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

A passive attack is

[a]n attack against an authentication protocol where the attacker intercepts data traveling along the network between the claimant and verifier, but does not alter the data (i.e., eavesdropping)."[1]
[a]n actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.[2]

A passive attack is "[a]n attack that does not alter systems or data.[3]

Overview Edit

The object of a passive attack might be to obtain data that is needed for an off-line attack.

References Edit

  1. NIST Special Publication 800-63, at 7.
  2. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  3. CNSSI 4009.

Also on Fandom

Random Wiki