The IT Law Wiki

Definitions[]

Electronic messages[]

An active attack is an attempt "to alter system resources or affect their operation."[1] It includes the falsification of data and transactions through such means as: (1) alteration, deletion, or addition; (2) changing the apparent origin of the message; (3) changing the actual destination of the message; (4) altering the sequence of blocks of data or items in the message: 5) replaying previously transmitted or stored data to create a new false message; or (6) falsifying an acknowledgement for a genuine message.[2]

System security[]

An active attack is

[a]n attack on the authentication protocol where the attacker transmits data to the claimant or verifier. Examples of active attacks include a man-in-the-middle, impersonation, and session hijacking."[3]
[a]n actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.[4]

References[]

  1. IETF Network Working Group, Internet Security Glossary, Version 2 (RFC 4949) (Aug. 2007).
  2. Id.
  3. NIST Special Publication 800-63, at 4.
  4. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).

See also[]