Backdoor

What is Backdoor???

Backdoor is a technique, a system security mechanism that can bypass the system authentication without detected to access system or its data. As Wikipedia says,

A backdoor is a method, often secret, of bypassing normal authentication or encryption in a computer system, a product, or an embedded device (e.g. a home router), or its embodiment, e.g. as part of a cryptosystem, an algorithm, a chipset, or a "homunculus computer"^[ (such as that as found in Intel's AMT technology). Backdoors are often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems.

How it works...

Backdoor threats increase when multi user and networking operating systems are used by many organizations. For an example imagine a login system. Normally the Network Administrator install or create a backdoor for troubleshoot the system or some official uses. Here its a login credential. If the hacker can access to the system without alerting the administrator and create or use an existing login credential and that is a backdoor. So this threat increases when an organization is using multi user and operating system as their system.

Normally hackers use backdoors to install malicious software (malware) files or programs, modify code or detect files and gain system and/or data access.Even backdoors installed by network administrators pose security risks because they provide a mechanism by which the system can be exploited if discovered.

Actually backdoor is a programming technique which is used by system developers in development process. They are also commonly put into place through malware. A malware module may act as a backdoor itself, or it can act as a first-line backdoor, which means that it acts as a staging platform for downloading other malware modules that are designed to perform the actual attack. Encryption algorithms and networking protocols may also, at least potentially, contain backdoors.

How to prevent...

Actually backdoors can be very hard to detect. As i previously mentioned normally it will be a login credential. So it's hard to say this one is a backdoor and this is not. And the detection methods vary considerably depending on the system's operating system. Sometimes anti-malware software may detect backdoors softwares and as well as we can use protocol monitoring tool  to monitor network packets. In some other cases network administer may use some specialize to detect backdoors.

So when it come to prevention, we can use application firewalls as system firewall and avoiding untrusted softwares. As well as monitor network traffic for signatures that may indicate any presence of any backdoor.