Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.4  Attacks
           9  1.4.2  Backdoors

Previous Topic/Section
1.4.2  Backdoors
Previous Page
Pages in Current Topic/Section
1
Next Page
How Do Backdoors Get Onto a System?
Next Topic/Section

What’s a Rootkit?

In addition to providing an unauthorized way into the system, a malicious backdoor may include additional functionality to hide itself or provide additional capabilities to the attacker. For example, backdoors are often paired with software packages known as rootkits. Rather than attaching themselves to application programs and running on top of the host operating system, rootkits attempt to drill down to the kernel level or OS utility level and replace, modify or divert core operating system functions. A rootkit is not a type of attack, but rather a set of utilities that an attacker can install on a system once compromised. In effect, they support the use of a system by intruders through a backdoor. These utilities alter system data files, configuration/registry entries, and even system-supplied programs and operating system libraries. As a basic example, a rootkit with a filename rootkit.exe may contain programs to prevent any process (like Windows Task Manager) from showing this file in its output.

This makes them very difficult to detect, as they are operating at the kernel level and effectively filtering what applications and users are allowed to see. Normally, rootkits are seen under (and originally come from) UNIX based operating systems, however, versions are available for Windows69.

Rootkits take their name from the UNIX system administrator name “root”, which has complete control over the system – they literally are “kits to provide you with root access” and ways to maintain it by hiding your activities and the existence of the rootkit itself on your system.

Rootkits

A rootkit
70 is a set of one or more utilities used to replace core OS functions, with the goal of giving additional capabilities to an attacker, including the ability to hide their presence from legitimate system users. Rootkits are often used in conjunction with, and may even be built in to, backdoor programs by script kiddies.


One of the more insidious facets of rootkits (also true of Trojans, worms and viruses, described in section 1.5) is their creation and purpose. To code a Trojan or rootkit requires a detailed understanding of the target system’s architecture and some considerable coding ability. But to use these tools requires only a few point-and-click type operations, which again makes them favorite tools of the script kiddie. Searching Yahoo for “+rootkit +download” returned almost 1,400 matches, which seemed to be split between tools to detect rootkits, and tools to create them.


 __________________

69. http://www.rootkit.com

70. http://www.megasecurity.org/Tools/Nt_rootkit_all.html

Previous Topic/Section
1.4.2  Backdoors
Previous Page
Pages in Current Topic/Section
1
Next Page
How Do Backdoors Get Onto a System?
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.