2.2.13 Active (Intrusive) vs Passive (Non-Intrusive) Security Assessment

Active (Intrusive):
1. Hands-on testing
2. Might require a device to be taken offline
3. Used to discover open ports and IP addresses
4. Backups should be performed before the scan
5. Can be detrimental to the system
Passive (Non-Intrusive):
1. No direct effect on your network
2. Might be using documentation only to test the security of a system.
3. Required in real-time, mission-critical networks.
4. A backup of the system is normal procedure.