A masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example,authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.
→ Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
→ Passive attacks are very difficult to detect, because they do not involve any alteration of the data.Typically,the message traffic is sent and received in an apparently normal fashion,and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern.However,it is feasible to prevent the success of these attacks,usually by means of encryption.Thus,the emphasis in dealing with passive attacks is on prevention rather than detection.
→ The denial of service prevents or inhibits the normal use or management of communications facilities.This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g.,the security audit service).Another form of service denial is the disruption of an entire network,either by disabling the network or by overloading it with messages so as to degrade performance.