Acción de
apoderarse ilegítimamente de una información, en claro o cifrada, transmitida
por un canal.
Usualmente,
se consigue captando las emisiones de radiofrecuencia del citado canal.
[Ribagorda:1997]
An attack in which an
Attacker listens passively to the authentication protocol to capture
information which can be used in a subsequent active attack to masquerade as
the Claimant. [NIST-SP800-63:2013]
(I) Passive wiretapping done
secretly, i.e., without the knowledge of the originator or the intended
recipients of the communication. [RFC4949:2007]
Eavesdropping is simply
listening to a private conversation which may reveal information which can
provide access to a facility or network.
http://www.sans.org/security-resources/glossary-of-terms/
(I) A type of threat action
whereby an unauthorized entity directly accesses sensitive data while the data
is traveling between authorized sources and destinations. (See: unauthorized
disclosure.)
Usage: This type of threat
action includes the following subtypes:
·
"Theft":
Gaining access to sensitive data by stealing a shipment of a physical medium,
such as a magnetic tape or disk, that holds the data.
·
"Wiretapping
(passive)": Monitoring and recording data that is flowing between two
points in a communication system. (See: wiretapping.)
·
"Emanations
analysis": Gaining direct knowledge of communicated data by monitoring and
resolving a signal that is emitted by a system and that contains the data but
was not intended to communicate the data. (See: emanation.)
[RFC4949:2007]