Page 103 - StudyBook.pdf
P. 103

General Security Concepts: Attacks • Chapter 2  87

                 can be used to install a back door. Sometimes this is done in stealth and other times
                 not.Types of backdoors can include legitimate programs like Microsoft’s Remote
                 Desktop,Virtual Network Computing (VNC) (available at www.realvnc.com), and
                 PC Anywhere (available at www.symantec.com), and malicious programs specifi-
                 cally written to provide back door access like BackOrifice, SubSeven, and T0rnkit.


                 TEST DAY TIP

                      Be less concerned with the specific functions of the different back door
                      programs available, and concentrate on the different types and their
                      general use. Knowing what a back door is used for is more important
                      on the test than knowing each of the types.




                    Most common antivirus software will detect specific malicious backdoors, but
                 unfortunately cannot help you when a legitimate program is configured to allow
                 back door access.You will only detect such a scenario by being aware of what ser-
                 vices are running on your system. Personal firewalls like the Windows Firewall or
                 Check Point’s Zone Alarm (available at www.zonelabs.com) that block outgoing
                 and incoming connections based on user configurable rulesets, are much more
                 effective in blocking legitimate programs configured as back doors.
                    Another kind of back door is one that is left in or written into a program by the
                 programmers.This is generally done within a program by creating a special password
                 that will allow access. For example,Award BIOS used to have a back door password,
                 which would bypass a password-protected machine. By entering CONDO at the
                 password screen, the security mechanism would be immediately bypassed.This kind
                 of back door can also be left by system administrators, to make maintenance “easier.”
                 Often, new administrators will bind a root shell to a high port on a UNIX host,
                 giving them immediate root level access by just Telneting to that port. Other, craftier
                 back doors can replace existing programs, such as the telnetd program.There is a
                 backdoor version of telnetd that will, with a preset username and password, grant
                 root access to attackers. Malicious programmers have also written back-door code
                 into some older versions of SSH1, which would e-mail the passwords of those log-
                 ging in to a specified e-mail account.This is why it is always important to verify the
                 MD5 checksum of software when downloading it from the Web.








                                                                              www.syngress.com
   98   99   100   101   102   103   104   105   106   107   108