Page 1483 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1483

developers to continuously authenticate to the system. Occasionally,

               developers leave these back doors in the system after it reaches a
               production state, either by accident or so they can “take a peek” at
               their system when it is processing sensitive data to which they should
               not have access. In addition to back doors planted by developers,
               many types of malicious code create back doors on infected systems
               that allow the developers of the malicious code to remotely access
               infected systems.


               No matter how they arise on a system, the undocumented nature of
               back doors makes them a significant threat to the security of any
               system that contains them. Individuals with knowledge of the back
               door may use it to access the system and retrieve confidential
               information, monitor user activity, or engage in other nefarious acts.


               Escalation of Privilege and Rootkits


               Once attackers gain a foothold on a system, they often quickly move on
               to a second objective—expanding their access from the normal user
               account they may have compromised to more comprehensive,
               administrative access. They do this by engaging in escalation-of-
               privilege attacks.

               One of the most common ways that attackers wage escalation-of-

               privilege attacks is through the use of rootkits. Rootkits are freely
               available on the internet and exploit known vulnerabilities in various
               operating systems. Attackers often obtain access to a standard system
               user account through the use of a password attack or social
               engineering and then use a rootkit to increase their access to the root
               (or administrator) level. This increase in access from standard to
               administrative privileges is known as an escalation-of-privilege attack.


               Administrators can take one simple precaution to protect their
               systems against escalation-of-privilege attacks, and it’s nothing new.
               Administrators must keep themselves informed about new security
               patches released for operating systems used in their environment and
               apply these corrective measures consistently. This straightforward
               step will fortify a network against almost all rootkit attacks as well as a
               large number of other potential vulnerabilities.
   1478   1479   1480   1481   1482   1483   1484   1485   1486   1487   1488