Backdoor

Concept Of Backdoor



A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect 
or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. 

What are Backdoor?

In simple words backdoors are something that gives the attacker acces to the victim's system without there knowledge.
OR
A back door is a means of access to a computer program that bypasses security mechanisms. Let me spell it. In simple words backdoor is a piece of code(It can be trojan, php shell. perl shell etc) injected by a hacker once he brenched the security of a system and welcomes him every time when he want to access the system. No matter even if the security of a system is patched(some exceptions)!
A Backdoor is a remote administration utility that allows a user access and control a computer, usually remotely over a network or the Internet. A backdoor is usually able to gain control of a system because it exploits undocumented processes in the system's code.
These utilities may be legitimate, and may be used for legitimate reasons by authorized administrators, but they are also frequently used by attackers to gain control of a user's machine without their knowledge or authorization.
A typical backdoor consists of 2 components - the client and its server(s). An attacker will use a client application to communicate with the server components, which are installed on the victim's system. The server components can be delivered to the victim's system in numerous ways - as part of a worm or trojan payload, as an e-mail attachment, as a tantalizingly-named file on peer-to-peer networks, etc.
Once installed, the server component will open a network port and communicate with the client, to indicate that the computer is infected and vulnerable. An attacker can then use the backdoor's client to issue commands to the infected system. Depending on how sophisticated a client is, it can include such features as:
  • Sending and receiving files
  • Browsing through the hard drives and network drives
  • Getting system information
  • Taking screenshots
  • Changing the date/time and settings
  • Playing tricks like opening and closing the CD-ROM tray
and so on.

Types of Backdoor?

Chris Wysopal’s research categorizes three types of backdoors:

1. Crypto backdoors. Portals that are lightly encrypted and easy to break through; these are used often in the hacking world.

2. System backdoors. The rootkit phenomenon. Using a vulnerability to establish ongoing root access to a system.

3. Application backdoor. The back door inserted when someone subverts the development process. Types include:
 a. Special credential backdoor--the most common, a privileged account known only to  those who designed it and those whom they share it with.
 b. Malicious backdoors--ones planted by programmers who intend to do harm or are  paid by those who intend to do harm.
 c. Support backdoors--one left intentionally for support staff to gain easy access to an  application for troubleshooting.

Defending Against Backdoors

1. Running background checks on programmers who work on software that will be critical or involve significant transactions--in other words, “high-value targets.”
2. Scanning applications for the most common and easiest-to-find back doors, understanding that this process won’t detect all backdoors
3. Asking your vendors what they do to prevent backdoors from getting planted in their software.

Thank You

Comments