Which of the following is not a form of passive attack?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Data diddling involves alteration of existing data and is extremely common.
It is one of the easiest types of crimes to prevent by using access and accounting controls, supervision, auditing, separation of duties, and authorization limits.
It is a form of active attack.
All other choices are examples of passive attacks, only affecting confidentiality.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 10: Law, Investigation, and Ethics (page 645).
Passive attacks are typically used by attackers to obtain unauthorized access to a system or network without disrupting the normal operation of the system. Passive attacks are not easily detected as they do not modify or alter the system's resources. Instead, they focus on the interception and monitoring of data traffic to collect sensitive information that can be used for malicious purposes.
Here is a brief description of each of the options provided in the question:
A. Scavenging: This is a form of passive attack that involves the collection of information that has been discarded or deleted from a system. Attackers can use various tools to recover data from the hard drive, backup tapes, or other storage devices that have not been completely erased.
B. Data diddling: This is a type of attack in which an attacker modifies data that is already stored on a system. This can involve changing or deleting data to cover up fraudulent activities or to cause a system to malfunction.
C. Shoulder surfing: This is a form of passive attack in which an attacker observes the actions of a user while they are entering sensitive information such as passwords or credit card numbers. The attacker may use various methods such as binoculars, hidden cameras, or simply standing close enough to the victim to see their screen or keyboard.
D. Sniffing: This is a form of passive attack in which an attacker intercepts and monitors network traffic to collect sensitive information such as passwords or credit card numbers. The attacker can use various tools such as packet sniffers or network analyzers to capture the data as it travels across the network.
Based on the descriptions provided above, it is clear that all of the options except for Data diddling are examples of passive attacks. Data diddling is an active attack that involves modifying data on a system, which makes it an active attack. Therefore, the answer to the question is B. Data diddling.