Backdoors

A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. A term used for gaining unauthorized access after a compromise has been given. An attacker will use the easier access to the compromised system to get around any security mechanisms that are in place.

However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. For example, Nimda gained entrance through a back door left by Code Red.

Whether installed as an administrative tool or a means of attack, a back door is a security risk, because there are always crackers out there looking for any vulnerability to exploit. In her article "Who gets your trust?" security consultant Carole Fennelly uses an analogy to illustrate the situation: "Think of approaching a building with an elaborate security system that does bio scans, background checks, the works. Someone who doesn't have time to go through all that might just rig up a back exit so they can step out for a smoke -- and then hope no one finds out about it."

Maintenance Procedures That Can Create Back Door Vulnerabilities There are many data center procedures regularly developed by the technical staff that can inadvertently introduce security vulnerabilities. For example:

  1. Server backups
  2. Centralized logging and monitoring
  3. User account administration
  4. Administrative remote access

These vulnerabilities are introduced because of the following common practices:

1.Technical staff members generally design data center procedures on an ad hoc basis, without appropriate security controls, because they give higher priority to building such controls into procedures that involve the user community. Simply put, the technical staff trusts itself. The lack of a formal process to build internal procedures can mean that these processes may contain serious security deficiencies. This is the primary reason that security vulnerabilities exist in data center procedures.

2.Data center maintenance processes are often assigned access rights that are much higher than necessary. This problem is compounded by the fact that many IT personnel who perform administrative duties already have highly escalated access rights. The level of security risk introduced by such data center processes varies depending on the level of authority assigned to the process and the number of individuals or other systems that are authorized to execute it.

3.In some data centers, there has been a proliferation of duplicate, overlapping, or obsolete procedures in the production environment. Depending on the types of data they interact with or the administrative access they provide, it is common for these procedures to possess varying levels of risk exposure to the environment. Each procedure by itself may be manageable, but as various processes with varying risk tolerances form inter-relationships, it becomes difficult to maintain a defined risk profile for the data center as a whole. Even worse, as procedures become obsolete they are often just abandoned, leaving back door vulnerabilities that are unattended and, eventually, unknown.

The technical staff often considers these vulnerabilities as a necessary risk in managing the infrastructure. Because of their strong technical skills, personnel may feel confident that they have any risks associated with these procedures well under control. However, the technical staff can be lulled into a false sense of security regarding its ability to track and manage all of the back door vulnerabilities that they have introduced over time.

Example: Tape Backup

A tape backup provides a good example of how a data center procedure can be implemented in a manner that creates a significant back door vulnerability. IT staff often place tape backup procedures into production with little formal control. They install and configure the software to execute the backup and enter a task into the schedule to perform the backup at required intervals.

What can make this scenario potentially disastrous is that the execution of the tape backup will almost always require escalated system privileges. Thus, the backup will execute in privileged mode often at the OS, network, data repository, and application system levels. In most environments, if a malicious individual can penetrate the tape backup infrastructure, he will gain access to the organization’s most sensitive data.

How to Minimize Back Door Vulnerabilities

What must you do to ensure that there are not significant back door vulnerabilities in your data center? Computer Economics recommends the following actions as principles for minimizing security risks in data center procedures.

1.Address data center procedures in the security policy. Individuals that create and 
  maintain data center procedures need guidance concerning the principles outlined in 
  this article. It is far better to build such procedures correctly at the outset rather 
  than identifying vulnerabilities through security audits.

2.Invest in administrative tools. Technology cannot solve every problem, but selecting 
  appropriate tools to support administrative procedures will lessen the need for technical
  staff to maintain high system access rights for routine data center management activities.
   There are also, of course, productivity benefits in automating data center maintenance 
   procedures. 

3.Separate duties. The internal control principle of “separation of duties” should be 
  applied to all data center maintenance procedures. Protect against the potential for abuse
  by assigning individuals with overlapping duties and enforcing mandatory vacations for
  individuals with escalated privileges.

4.Rotate strong passwords. Create a schedule for rotating passwords for administrative 
  infrastructure access. While the schedule should be aggressive, it would be impractical 
  to change them as often as user passwords. Any password rotation schedule is preferable to
  the practice seen in many data centers, where administrative passwords are virtually 
  never changed.

5.Assign unique passwords. Do not recycle old passwords and do not use the same password for
  the entire administrative infrastructure. The use of a single password is the most 
  prevalent security. shortcut that is seen today.

6.Use centralized authentication management. Directory services or other types of 
  centralized authentication mechanisms can make password and access control management 
  far more feasible for large environments.

Organizations with significant back door security vulnerabilities, as discussed in this article, have numerous avenues for unauthorized access and abuse. While the management practices outlined above are relatively inexpensive and easy to implement, they do require regular enforcement and a strong commitment on the part of management to provide oversight and, if required, disciplinary action.