Vulnerability quiz: Question No. 8
What is the difference between a passive and active vulnerability assessment tool?
B. An active tool sends packets to its targets and reviews the results. A passive product monitors traffic and activity.
An active assessment identifies systems, services and vulnerabilities by sending out packets to invoke responses. It is a way of interrogating a system and analyzing the responses to those interrogations to have a better idea of the true vulnerabilities on a system. Most products have settings to control how aggressive this interrogation activity is. The "safer checks" are more benign and do not carry out the more dangerous penetration-testing features. The more aggressive the interrogation activities, the more likely it is that the systems will be brought down and negatively affected. An example of a "safe check" is scanning for open ports, and a more aggressive interrogation is sending remote buffer overflows. Different vendors have different definitions for "passive scanning," but it usually means using a sniffer-type product that can listen and analyze the environment and its traffic continuously.