A trojan was recently discovered on a server. There are now concerns that there has been a security
breach that allows unauthorized people to access data. The administrator should be looking for the
presence of a/an:
A.
Logic bomb.
B.
Backdoor.
C.
Adware application.
D.
Rootkit.
Explanation:
There has been a security breach on a computer system. The security administrator should now check for
the existence of a backdoor.
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so
on, while attempting to remain undetected. The backdoor may take the form of an installed program
(e.g., Back Orifice) or may subvert the system through a rootkit.
A backdoor in a login system might take the form of a hard coded user and password combination which
gives access to the system.
Although the number of backdoors in systems using proprietary software (software whose source code is
not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers
have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs,
although such cases may involve official forbearance, if not actual permission.
Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer
(generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors
appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such
as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as
DRM measures—and, in that case, as data gathering agents, since both surreptitious programs they
installed routinely contacted central servers.
Incorrect Answers:
A: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious
function when specified conditions are met. For example, a programmer may hide a piece of code that
starts deleting files should they ever be terminated from the company.
Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute
a certain payload at a pre-defined time or when some other condition is met. This technique can be used
by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host
systems on specific dates, such as Friday the 13th or April Fool’s Day. Trojans that activate on certain
dates are often called “time bombs”.To be considered a logic bomb, the payload should be unwanted and unknown to the user of the
software. As an example, trial programs with code that disables certain functionality after a set time are
not normally regarded as logic bombs. A logic bomb is not a security breach that allows unauthorized
people to access data.
C: Adware is free software that is supported by advertisements. Common adware programs are toolbars
that sit on your desktop or work in conjunction with your Web browser. They include features like
advanced searching of the Web or your hard drive and better organization of your bookmarks and
shortcuts. Adware can also be more advanced programs such as games or utilities. They are free to use,
but require you to watch advertisements as long as the programs are open. Since the ads often allow you
to click to a Web site, adware typically requires an active Internet connection to run.
Most adware is safe to use, but some can serve as spyware, gathering information about you from your
hard drive, the Web sites you visit, or your keystrokes. Spyware programs can then send the information
over the Internet to another computer. So be careful what adware you install on your computer. Make
sure it is from a reputable company and read the privacy agreement that comes with it. Adware is not a
security breach that allows unauthorized people to access data.
D: A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or
computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level
access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it
allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly,
other machines on the network.
A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a
“backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network;
and alter existing system tools to escape detection.
The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and
Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits
are available for a number of operating systems, including Windows, and are increasingly difficult to
detect on any network.
While a rootkit does allow an attacker administrator-level access to a computer, a backdoor is a specific
term used to describe a security breach that allows unauthorized people to access data.http://en.wikipedia.org/wiki/Backdoor_%28computing%29http://en.wikipedia.org/wiki/Logic_bomb
http://techterms.com/definition/adware
http://searchmidmarketsecurity.techtarget.com/definition/rootkit