A software bug or some undocumented software feature that a cracker leaves behind, after exploiting a system, to be able to reenter at a later point in time. Note, however, that back or trap doors can be a function of poor software design; that is, during its development, a programmer may have built in a software bug that was not removed when the software was put in production. The unwitting consumer who purchases the software becomes, in a sense, a target-in-waiting for a crack attack.
Back doors try to evade conventional clean-up methods by system administrators, such as ongoing changes to passwords, cleaning of the registry/configuration files, and the removal of suspicious software. Moreover, back doors tend to evade logging procedures; thus, even though every incoming connection to a system is supposedly logged, chances are that the back door provides a means of logging in without being logged. Finally, back doors are covert in the real sense that they hide well. Even if the system administrator scans a system looking for suspicious software, chances are the back door has used techniques capable of missing the scan.
One more essential point about back doors is this: Users of computer systems are, in large part, the cause of their own cracking misfortunes. Although most computers today allow BIOS passwords (the software that first runs when the computer starts) to be set to prevent the booting of the computer without an administrator’s first typing the password, because so many users lose or forget their passwords, BIOSes frequently have back door passwords to permit the legitimate password to be set. Furthermore, much remote network equipment such as routers, switches, and dial-up banks have back doors for remote telnet.
Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; Pipkin, D.L. Halting the Hacker: A Practical Guide to Computer Security. Upper Saddle River, NJ: Prentice Hall, 2003.