The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a
modification to an existing program or hardware device. It may also fake information about
disk and memory usage.
Unlike other exploits, denials of service attacks are not used to gain unauthorized access or
control of a system. They are instead designed to render it unusable. Attackers can deny
service to individual victims, such as by deliberately entering a wrong password enough
consecutive times to cause the victim account to be locked, or they may overload the
capabilities of a machine or network and block all users at once. These types of attack are, in
practice, very hard to prevent, because the behaviour of whole networks needs to be analysed,
not only the behaviour of small pieces of code. Distributed denial of service (DDoS) attacks
are common, where a large number of compromised hosts (commonly referred to as "zombie
computers", used as part of a botnet with, for example; a worm, trojan horse, or backdoor
exploit to control them) are used to flood a target system with network requests, thus
attempting to render it unusable through resource exhaustion.
An unauthorized user gaining physical access to a computer (or part thereof) can perform
many functions, install different types of devices to compromise security, including operating
system modifications, software worms, key loggers, and covert listening devices. The
attacker can also easily download large quantities of data onto backup media, for instance
CD-R/DVD-R, tape; or portable devices such as key drives, digital cameras or digital audio
players. Another common technique is to boot an operating system contained on a CD-ROM
or other bootable media and read the data from the hard drive(s) this way. The only way to
defeat this is to encrypt the storage media and store the key separate from the system. Directaccess attacks are the only type of threat to Standalone computers (never connect to internet),
in most cases.
Eavesdropping is the act of surreptitiously listening to a private conversation, typically
between hosts on a network. For instance, programs such as Carnivore and NarusInsight have
been used by the FBI and NSA to eavesdrop on the systems of internet service providers.
Spoofing of user identity describes a situation in which one person or program successfully
masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
Tampering describes an intentional modification of products in a way that would make them
harmful to the consumer.
Repudiation describes a situation where the authenticity of a signature is being challenged.