BackDoor
Monday, October 19, 2009 23:04
In the computer security field, a backdoor is basically a computer program that gives an attacker easy access to a computer system and bypasses security measures that are currently in place. Computer programmers sometimes install backdoors in the programs they write, but they use the backdoor to access the program for the purpose of troubleshooting the software. For this definition, we will limit our discussion to backdoor programs that attackers use. Backdoors, whether used as a troubleshooting tool or as a means of gaining undetected access to a computer system, are a security risk.
Backdoors can be in the form of an installed program or can be a modification to an existing software program. Many computer worms install a backdoor on a computer system as part of an exploit. Backdoors can be used to gain remote access to a computer system but can also be used by spammers so they can send out junk e-mail from the computer system. Backdoors usually provide interactive access to an attacker which enables them to access and use a variety of services running on the computer system. Non-interactive backdoors such as a SMTP server allow the spammer to send out junk e-mail as noted previously.
A backdoor will frequently run over protocols such as Telnet, Rlogin and SSH. They can be hard to detect because the backdoor may use a well-known protocol such as Telnet but run on another port that is not associated with the protocol. Conversely the backdoor may run on a well-known port using a different protocol than what is usually run on the port number.
Make sure you disable unnecessary services or protocols and close unused ports. Along with that, make sure you are using software that will detect most known types of malware including backdoors.
Related posts: