| |
A backdoor is a means of accessing information resources that bypasses regular authentication and/or authorization. Backdoors may be secretly added to information technology by organizations or individuals in order to gain access to systems and data. Backdoors can also be an open and documented feature of information technology. In either case, they can potentially represent an information security vulnerability. The following are common examples of a backdoor.
HardwareHardware backdoors in computing equipment such as CPUs, data storage, peripheral devices or networking equipment. A backdoor may be placed in the software drivers for hardware. They can also be hardwired into devices and can potentially include a microprocessor and networking capabilities dedicated to the backdoor.Operating SystemsOperating systems often include remote administration tools that allow administrators and vendors to support users. These are typically secured but are an attractive target for malicious use because they are designed to gain control of a machine remotely. As such, administrators will often disable such tools in a secured environment.
Applications & SystemsApplications and systems may have backdoors secretly installed to achieve malicious objectives. Backdoors are also openly installed for administrative and integration purposes. When you install software you are placing trust in a vendor that they haven't added insecure or malicious backdoors that will leave you vulnerable. In the case of open source, it is possible to audit source code to detect backdoors.
Default PasswordsDefault passwords that are available when hardware, operating systems or software is first installed is viewed as a backdoor. APIs, Services & ComponentsIt is possible for backdoors to end up in software due to the use of external APIs, services and components. Information security policies at banks and other security focused organizations may review all APIs before they can be used. In other industries, it may be common to include external code and services without a security review.|
Type | | Definition | A means of accessing information resources that bypasses regular authentication and/or authorization. | Related Concepts | |
Information Security
This is the complete list of articles we have written about information security.
If you enjoyed this page, please consider bookmarking Simplicable.
© 2010-2023 Simplicable. All Rights Reserved. Reproduction of materials found on this site, in any form, without explicit permission is prohibited.
View credits & copyrights or citation information for this page.
|