Active detection occurs when an automatic response is taken to detect an intrusion on the network. It may involve increasing the sensitivity level of the detection, which collects additional information about the intruder or the attacker on the network. Passive detection merely logs the intruder and notifies someone by email or pager. It does not actively try to stop the intrusion; thus, another person acting as the system administrator would be required to act in response to the distress. This is by stopping the attack and possibly noticing the intruder. Unfortunately, it does not identify the intruder.
Both detection methods are used over a network, and a local workstation since both have a plug-in for communication with central management control. This enables one to utilize the product of passive response in a decentralized dynamic reaction system. At the same time, active detection over a network or even a local working station is used to block the attacker’s source address by restarting the server, resetting Transmission Control Protocol sessions, or closing connection ports.
Advantages and Disadvantages of the Detection Methods
Advantages of Passive Detection
- It does not require the analyzer to interact with the network to detect weaknesses and hosts.
- Detection takes place continuously. Hence, it is real-time; there is no wastage of time during the discovery process.
Disadvantages of Passive Detection
- When detection wrongly considers an action as a potential invasion, it affects a forged alarm, also referred to as a false positive.
- This could also result in an excessive administrator load; for example, repeated alarm notice more than two times is very irritating.
- These methods are not preventive; therefore, they should never replace firewalls. Instead, they should be used to complement a firewall.
- This detection method is also a possible target to attack since they also have bugs or exploits.
Advantages of Active Detection
- This form of detection provides a view of hackers. Hence, the manager can manage the risks before major effects.
- Information provided by this detection is great in terms of numbers. This can be done without support from the platform.
- Scanning is centrally done in the security architecture’s location. Hence, the detection is highly scalable. No software installation is required.
Disadvantages of Active Detection
- One challenge is the encryption of data. This is because most data are in a position to scrutinize condensed records. Hence, encrypted information remains a challenge since detection methods cannot access the throughway to every device in the network connections.
- Detection may mistakenly block a legitimate user IP address.
- Scanning is slower in small offices with weak links over slow network connections. This has been frequently seen in parts of South America, Africa, and Asia.
- Attackers can detect weakness and take advantage of the host’s connection to a network.
- Detection is prolonged.
- Nonconnected targets pass without being scanned. The detected vulnerability is only discovered upon connection to the network.