Ask the Expert

Good and bad back doors

What is the term for a hole deliberately left in the security of a system by designers or maintainers? Why would they do this? Can you site any examples that have been exposed? Why is this important to us?

    Requires Free Membership to View

A crime? A breach of professional ethics?

The real term is a back door. There are good back doors and bad back doors.

How can there be a good one, you might ask? I'll give a real world example. I have a DSL router in my house, and there's a little reset button on it that I can press and it will reset the router to a known state with a known password.

Let's face it, it's ridiculous to have a security system that's so secure that if you forget something (or your sysadmin leaves or is hit by a bus) then you have to throw the thing away. There is a principle in security design that physical access is all. Usually, there's a way to get into a system if you can touch the thing. Without such a mechanism, forgetting a password makes it a boat anchor.

Now on the other hand, there are bad back doors. Perhaps one of the most notorious was a Swiss company that supplied cryptographic hardware to much of the world that had a back door in it so that the U.S. government could read encrypted data from that machine. Recently, a network security expert was arrested for fixing some systems, but leaving in a back door for himself.

There are other examples of back doors, and of course, there are always rumors that back doors exist in some systems when in fact they do not.

This was first published in May 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: