The most common way to open a back door in a computer is by opening a port, usually one of the more obscure ports that won't likely already be in use (unless another hacker has gotten there first). The rootkit often sets up a default password, such as "password" so the next time the hacker connects through this particular port, he or she just needs to type in this default password to get back into the computer.
If the hacker had taken time to insert Trojan versions of monitoring programs beforehand, these Trojaned monitoring programs will ignore both the open port (reporting it as closed when it's really open) and any activity coming from this back door.
If a hacker opens a port as a back door, a system administrator might discover this open port during a routine port scan of the system. To mask their presence even further, hackers may create special "open sesame"-type back doors that remain shut until the hacker transmits a certain command to the computer. When the computer receives this seemingly innocuous command, the back door opens a port and the hacker slides right through.