Q

Good and bad back doors

What is the term for a hole deliberately left in the security of a system by designers or maintainers? Why would they do this? Can you site any examples that have been exposed? Why is this important to us?


A crime? A breach of professional ethics?

The real term is a back door. There are good back doors and bad back doors.

How can there be a good one, you might ask? I'll give a real world example. I have a DSL router in my house, and there's a little reset button on it that I can press and it will reset the router to a known state with a known password.

Let's face it, it's ridiculous to have a security system that's so secure that if you forget something (or your sysadmin leaves or is hit by a bus) then you have to throw the thing away. There is a principle in security design that physical access is all. Usually, there's a way to get into a system if you can touch the thing. Without such a mechanism, forgetting a password makes it a boat anchor.

Now on the other hand, there are bad back doors. Perhaps one of the most notorious was a Swiss company that supplied cryptographic hardware to much of the world that had a back door in it so that the U.S. government could read encrypted data from that machine. Recently, a network security expert was arrested for fixing some systems, but leaving in a back door for himself.

There are other examples of back doors, and of course, there are always rumors that back doors exist in some systems when in fact they do not.


This was first published in May 2001

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close