Back Doors

I l @ ve RuBoard

Back Doors

A back door is an unauthorized method of access. Once a hacker has access to a system, he will want to be able to continue to have access to that system even if he is discovered . To do this he will unlock a number of back doors. Back doors create an alternate method of gaining access if the primary access is cut off. The term back door is also used to indicate alternate methods of accessing data through back doors in application code.

Most back doors can be discovered if you do regular auditing of the integrity of the programs and configuration files on your system. A program that compares the current state of a file to a known good state of the file should detect any planted back doors. This program needs to validate the file's permissions, owner, group , size , and a digital signature using a strong cryptographic algorithm.

I l @ ve RuBoard

Anonymously

Anonymous access is any connection a service supplies without authenticating the identity of the user . A number of information system services allow anonymous access, usually limited to "safe" access. However, this "safe" access can often be used to gather information or can be exploited to gain more access than expected.

There is no accountability with anonymous access. Activities can be monitored . However, with no identification information about the person performing the action, there is no way to associate the activities with an individual. Sometimes there is information on the source of the anonymous connection, but it is often unreliable.

I l @ ve RuBoard

Active Sessions

An active session is a user's connection after he has authenticated his identity and has been granted privileges. If a hacker can access a session in this state, he can get access without the need for authentication. He can interact with the system as the user whose session it was.

Unattended Sessions

An unattended session occurs whenever a user leaves a session active when it is not being used. This allows anyone who has access to the terminal device access to that session. As far as the system is concerned , he or she is the person who left the session unattended. He or she has all the privileges of that user and will be able to perform any operation which that user could perform as that user. Unattended sessions generally occur when someone physically steps away from his or her terminal or PC without logging off or locking it. Setting automatic log-off or terminal locking features for idle sessions will help, but user awareness is critical to reducing this vulnerability.

Session Hijacking

Hijacking is the process of interrupting the communications between the server and the client systems so that the attacker is able to insert information into the session or completely take over the session. Hijacking is accomplished by being able to spoof the communication protocol. Some implementations of the TCP protocol use very predictable sequence numbers , which allows someone on the network to intercept and take over the session.

Researchers at the University of Maryland found that by using tools developed as part of the Open1x project, an open source implementation of the IEEE protocol, they could perform session hijacking and man-in-the-middle attacks on Wireless Lans. The wireless security standard brought in to replace the flawed Wireless Encryption Protocol (WEP)is just as defective.

Lars Davies, research fellow at the Centre for Commercial Law Studies, warned network managers to remain on guard where wireless was concerned. "If you use a wireless network, you are essentially open to the world." ^[47]