Different Classes of Network attacks and how to defend them
Passive attack: A passive attack is a type of attack where the attacker simply monitor the network activity as a part of reconnaissance. A passive attack is difficult to detect, because the attacker is not actively attacking any target machine or participating in network traffc. An example of a passive attack is an attacker capturing packets from the network.
Prevention: Potential threats from Passive attacks can be eliminated by implementing good network encryption.
Active attack: Active attack is a type of attack where the attacker actively launching attack against the target servers. In active attack the attacker is actively sending traffic that can be detected.
Prevention: Active attacks can be prevented by using Firewalls and IPS (Intrusion Prevention Systems).
Close-in attack: A Close-in attack is a type of attack where the attacker is physically close to the target system. Attacker can the the advantages of being physically close to the target devices.
Prevention: Good physical security can prevent Close-in attacks.
Insider attack: An insider attack is an attack from inside users, who use their access credentials and knowledge of the network to attack the target machines.
Prevention: Good layer 2 security, authentication and physical security can prevent Insider attacks.
Distribution attack: Distribution attacks are the attacks using backdoors introduced to hardware or software systems at the time of manufacture. Once the hardware or software became functional, attackers can leverage the backdoor to attack the target devices.
Prevention: Trusted hardware/software vendors and integrity checks can prevent Distribution attacks.