Does your computer need a backdoor?

Even the most experienced system administrator will occasionally forget their password or get locked out of the system. It is not uncommon for admin or super users to create a backdoor so that they can quickly access the system without a password reset. Computer equipment manufacturers and vendors also quietly implement this backdoor method, but backdoors have consequences on system security that may leave you at risk.

Whether you call it a backdoor, trapdoor or Trojan horse, these methods should be known to only a trusted few.  When equipment vendors put something in place so that they can gain system access, especially when they make it permanent, they will be criticized for sacrificing security for convenience.

On any system, security and convenience have an inverse relationship.  The more secure a system, the harder to access.  The more accessible, the lower the security. Somewhere between the two extremes are systems that are easy for the users with a good element of safety.

If you are in an industry with regulations, standards and requirements, you have to follow them no matter how inconvenient they may seem.  You cannot implement backdoor methods that put your customers at risk, give hackers an edge or make your understanding of security suspect.

The following article is about equipment used on control systems, but the implementation of a backdoor is not unique to this industry.  It is, however, a reminder that we must find ways to balance convenience and security.  A couple of suggestions would be to notify the customer, allow the customer to disable the backdoor and use a login/password pair that is not tied to something like the MAC address. The first two are easy.  Modifying the login/password is more challenging and still susceptible to hacking, but stronger authentication is needed.

Equipment Maker Caught Installing Backdoor Account in Control System Code

 

About Mary

Mary is the CEO of LAN Systems. She is an electrical engineer who feels her greatest strength is the ability to connect with people. LAN Systems provides IT managed services and solutions to growing companies and non-profit organizations. You can contact Mary at mary@lansystems.com.

Speak Your Mind

*