3.

Difference between Active Attack and Passive Attack

Active Attacks:
Active attacks are the type of attacks in which, The attacker efforts to change or modify
the content of messages. Active Attack is danger for Integrity as well as availability. Due
to active attack system is always damaged and System resources can be changed. The
most important thing is that, In active attack, Victim gets informed about the attack.

Passive Attacks:
Passive Attacks are the type of attacks in which, The attacker observes the content of
messages or copy the content of messages. Passive Attack is danger for Confidentiality.
Due to passive attack, there is no any harm to the system. The most important thing is
that In passive attack, Victim does not get informed about the attack.

Difference between Active Attack and Passive Attack:

S.N
O Active Attack Passive Attack
1. In active attack, While in passive attack,
 Modification in Modification in the information
information take place. does not take place.

Active Attack is danger

for Integrity as well Passive Attack is danger
2. as availability. for Confidentiality.

In active attack attention is While in passive attack attention

3. on detection. is on prevention.

Due to active attack system While due to passive attack, there

4. is always damaged. is no any harm to the system.

In active attack, Victim While in passive attack, Victim

gets informed about the does not get informed about the
5. attack. attack.

In active attack, System While in passive attack, System

6. resources can be changed. resources are not change.

While in passive attack,

Active attack influence the information and messages in the
7. services of the system. system or network are acquired.

In active attack, While passive attack are

information collected performed by collecting the
through passive attacks are information such as passwords,
8. used during executing. messages by itself.

Active attack is tough to Passive Attack is easy to

restrict from entering prohibited in comparison to active
9. systems or networks. attack.
 4. Key distribution schemes using an access control center and/or a
key distribution

Center have central points vulnerable to attack. Discuss the security implications
of such centralization.
 The central points should be highly fault-tolerant,
 should be physically secured, and
 should use trusted hardware/software

Fault tolerance refers to the ability of a system (computer, network, cloud cluster, etc.) to continue
operating without interruption when one or more of its components fail.

The objective of creating a fault-tolerant system is to prevent disruptions arising from a single point of
failure, ensuring the high availability and business continuity of mission-critical applications or
systems.

Fault-tolerant systems use backup components that automatically take the place of failed
components, ensuring no loss of service. These include:

 Hardware systems that are backed up by identical or equivalent systems. For example, a

server can be made fault tolerant by using an identical server running in parallel, with all operations
mirrored to the backup server.

 Software systems that are backed up by other software instances. For example, a database
with customer information can be continuously replicated to another machine. If the primary
database goes down, operations can be automatically redirected to the second database.

 Power sources that are made fault tolerant using alternative sources. For example, many
organizations have power generators that can take over in case main line electricity fails