Career in Ethical Hacking.…
What is Ethical Hacking?
With the growth of the Internet, computer security has become a major concern for businesses and governments. They want to be able to take advantage of the Internet for electronic commerce, advertising, information distribution and access, and other pursuits, but they are worried about the possibility of being HACKED. At the same time, the potential customers of these services are worried about maintaining control of personal information that varies from credit card numbers to social security numbers and home addresses.
In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records.
In the case of computer security, these TIGER TEAMS or ETHICAL HACKERS would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems’ security and re-port back to the owners with the vulnerabilities they found and instructions for how to remedy them
History and Now….
Whilst in the 80’s hacking was common only amongst computer programmers with vast experience and knowledge of multiple technologies, now almost anyone can hack given the availability of the fiercest software’s available freely on the internet. “You no longer need to be a genius to hack. I say all you need is the Internet and the Desire.
After the events of 9/11 of WTC , we are no longer able to expect a common and traditional mode of attack. An attack can come in any mode and from any source. The best way to defend ourselves is to think like the enemy as this will allow us to predict their next move.
In November 2002, the International Council of E-Commerce Consultants (EC-Council), a leading provider of e-Business certification and Internet Security programs, announced a new certification program designed to provide security education and training services for penetration testing professionals.
The EC-Council developed a unique five day security training course called “Ethical Hacking & Countermeasures,” which prepares students for the CEH exam 310-50. As the only course of its kind in the world leading to an Ethical Hacker Certification, it teaches how hackers hack, the tools they use, how to hack via Linux and Windows 2000, how to hack firewalls and how to implement an effective security framework for both e-commerce and day to day operation and how to apply countermeasures to avoid those risks. The Certified Ethical Hacker certification has become the fastest growing certification in the security industry.
There are four basic kinds of hacks:
IP Hack: Someone can be hired to hack a specific IP address, giving them little or no information beforehand (You have to be careful if the IP address is an overseas server. You cant hack the wrong IP address, like a foreign government's computers, causing an international incident.);
Application Hack: A much more sophisticated hack that you can is diving deep into databases and down production servers. Only experienced hackers, with strict guidelines governing their actions, will be allowed to perform such tests. Organisation will never hire a "reformed" black-hat hacker for this type of test;
Physical Infrastructure Hack: This is where you can try to get into your facilities to access your systems or go dumpster diving looking for confidential information such as passwords discarded on sticky notes; and
Wireless Hack: Here you can exploit wireless access points from the back of a van. and report the findings back to employers instead of stealing passwords. You can check out employers tele workers as well to see if home offices are a source of entry to there organisations network.
For any of these tests, a reputable firm with clearly defined methodologies to hire you, and you could be part of it.
Career as a Ethical Hacker with/with out necessary Certification Opens a wide range of scope due to lot foray of international organisations in India, Indians are known to be good mathematicians this gives them edge over other countries employees. A Ethical Hacker can see growth path towards handling a complete Networking Department as he knows the things at system level. Loyalty towards profession and employee pay key role
Salaries are no bar for such a profession….
Prashant Mali is and IT Security & CyberLaw Consultant .
Sr. Partner & Chief Executive – Byford Consulting Inc.