Saturday, May 08, 2010

HAVE YOU LEFT YOUR BACKDOOR WIDE OPEN?

We all know what a backdoor is. If you live in a house with a backdoor you will understand the concept of locking it before leaving the house. Going back to make sure it is locked is normal. This is because an open backdoor ranks very high as a serious security vulnerability in the home. This same concept applies to the computer.

In computing, a backdoor (or trapdoor) is an undocumented way of gaining access to a program, online service or computer. This access is achieved by the use of hidden software tools to bypass security controls thereby allowing unauthorized access. Common software tools used in backdoor attacks are spyware and Trojans.

A frequent method of the backdoor attack can be found in emails where spyware is attached to innocuous looking attachments. Once you open the attachment, spyware is immediately downloaded. It then proceeds to sniff out installed firewalls in your computer or network. Once it recognizes a firewall, it attacks and disables parts of it. This allows an unauthorized remote attempt to access that particular computer or network.

Backdoors should be a special security concern for Kenyan companies. It is common knowledge that many IT employees usually have backdoor access to their former employer’s data and systems.

The IT sector in Kenya is as volatile as any other and employee turnover is quite high. This is bad news for employers because protecting sensitive company data becomes harder where former IT employees are concerned. Procedures and policies have to be constantly developed and refined to safeguard the company against backdoor attacks by former employees.

The responsibility for protecting a company’s digital jewels ultimately lies with the top management. However the first people who should come under serious scrutiny where backdoors are concerned are the IT security staff. It is their job to ensure that any employee who had privileged access to company data does not leave the company with a backdoor open.

In the past when everything was committed to paper you would find strong metal cabinets or safes in the office in which files were locked. Nowadays everything is digital but it still needs to be locked away in a digital vault. Forgetting to lock the backdoor to this vault is bound to happen and someone should constantly be going back to check whether it is locked.

No comments: