Beware of the computer ‘backdoor’

By MUTHOGA KIONI

If you live in a house with a backdoor, you must lock it before leaving the house. Going back to make sure it is locked is normal. This is because an open backdoor ranks very high as a security vulnerability in the home. This same concept applies to the computer.

In computing, a backdoor is an undocumented way of gaining access to a program, online service or computer. This access is achieved by the use of hidden software tools to bypass security controls thereby allowing unauthorised access. Common software tools used in backdoor attacks are spyware and Trojans.

A frequent method of the backdoor attack can be found in emails where spyware is attached to innocuous looking attachments. Once you open the attachment, spyware is immediately downloaded.

Remote attempt

.

Keep Reading business

•  Government splashes Sh100m for comfort zones in counties
•  Rethink data policies to increase internet access, ICT players tell State
•  Kenya leads global push to raise Sh322tr from climate taxes Premium
•  Harambee Sacco eyes Sh4bn in member's capital expansion share drive
•  End of an era: Hilton finally up for sale, taking with it nostalgic city memories Premium

It then proceeds to sniff out installed firewalls in your computer or network. Once it recognises a firewall, it attacks and disables parts of it. This allows an unauthorised remote attempt to access that particular computer or network.

Backdoors should be a special security concern. It is common knowledge that many IT employees usually have backdoor access to their former employer’s data and systems.

The IT sector in Kenya is as volatile as any other and employee turnover is quite high. This is bad news for employers because protecting sensitive company data becomes harder where former IT employees are concerned. Procedures and policies have to be constantly developed and refined to safeguard the company against backdoor attacks by former employees.

Privileged access

The responsibility for protecting a company’s digital jewels ultimately lies with the top management. However, the first people who should come under serious scrutiny where backdoors are concerned are the IT security staff. It is their job to ensure that any employee who had privileged access to company data does not leave the company with a backdoor open.

In the past, when everything was committed to paper you would find strong metal cabinets or safes in the office in which files were locked. Nowadays everything is digital but it still needs to be locked away in a digital vault. Forgetting to lock the backdoor to this vault is bound to happen and someone should constantly be going back to check whether it is locked.

The writer is an ICT Security and Forensic Specialist. Email: [email protected]