Gauri Chhabra
Have you ever gravitated towards viruses, or wondered how your friend could get hold of your password and smuggle into your mails or got interested in Distributed Denial of Service attacks? If yes, you might consider ethical hacking as a career option.
The term ethical hacking may sound like an oxymoron. How can hacking be ethical? Well, it means hacking or penetrating a system for legal purposes.Plainly put,ethical hacking is hacking for Samaritan purposes. It is the process of penetrating the secure network to detect weaknesses in the system that can be susceptible to loopholes and dangers and fixing the system so as no one else can take advantage of it. While the normal hackers discover the vulnerability and use it to take advantage of the users of the certain product without anybody knowing it – the ethical hacker discovers it and patches the problem before anybody else discovers it.
You need to be an expert in computer and networking to be an ethical hacker. You would be required to use the same testing tools as your counterparts but would be required to report and solve problems instead of taking advantage of the loopholes. Ethical hacker has earned the sobriquet of a white hat, a term that owes its genesis to the old English movies where the Samaritan wore a white hat. Today, organizations hinge on security systems and this has created the need for ethical hackers, who in order to catch a miscreant think like a miscreant.
Getting in:
What you need to do to get started on the road to becoming an ethical hacker depends on where you are in the IT field.You can takeup a certification in Ethical Hackingafter Graduation /Postgraduation in Computer Science and Information Technology.For a hacker, networking know-how is vital. Discover and play with Unix/Linux commands and distributions. Make sure you also learn some programming–maybe C, LISP, Perl, or Java. And spend some time with databases such as SQL.Besides, you need to have a Systems thinking approach, analytical reasoning, out of the box thinking, and an attitude of going to the depth of every problem.
Certifications:
Certified Ethical Hacker (CEH):
It involves earning the certification from the EC-Council (http://www.eccouncil.org/) after two years of security-related IT experience. The certification will help you understand security from the mindset of a hacker. You’ll learn the common types of exploits, vulnerabilities, and countermeasures.
The course of study covers creating Trojan horses, backdoors, viruses, and worms. It also covers denial of service (DoS) attacks, SQL injection, buffer overflow, session hijacking, and system hacking. You’ll discover how to hijack Web servers and Web applications. You’ll also find out how to scan and sniff networks, crack wireless encryption, and evade IDSs, firewalls, and honeypots.
Through approved EC-Council training partners, you can take a live, five-day onsite or online training course to prepare for the CEH cert. You can generally take live online classes over five consecutive days; onsite courses typically offer the content spread over a couple weeks for locals. In addition, you can take self-paced courses and work with self-study materials with or without the training courses. The EC-Council also offers iLabs, a subscription based-service that allows you to log on to virtualized remote machines to perform exercises.
Other Certifications offered by EC-Council:
Licensed Penetration Tester – LPT
EC-Council Certified Security Analyst – ECSA
EC-Council Network Security Administrator – ENSA
EC-Council Certified Incident Handler – ECIH
Computer Hacking Forensic Investigator – CHFI
Chief Information Security Officer – CCISO
Certified Information Systems Auditor (CISA)
Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)
Institute Scape:
*DOEACC, PG Diploma in IT,www.cedtic.com.
*Calicut PG Diploma in Information Security and System Administration.
*Institute of Information Security, offering certifications in Certified Professional Forensic Consultant, Certified Information Security Consultant, Certified Professional Hacker,www.iisecurity.in
*University of Madras, M.Sc in Cyber Forensics and Information Technology,www.unom.ac.in
Job Responsibilities:
You would be the one who:
*Conducts security and vulnerability assessments, penetration testing, and ethical hacking of enterprise systems, networks, and applications to identify security weaknesses, compliance issues, and vulnerabilities.
*Coordinates and manages intrusion detection, intrusion prevention, event correlation, and security and event logging vendors and technologies.
*Monitors and tests wireless technologies for known and unknown vulnerabilities, rouge nodes, unauthorized access, and adherence to enterprise configuration standards.
*Researches threats and vulnerabilities and recommends actions to help mitigate threats, reduce risk, and remediate vulnerabilities.
*Documents, logs, and investigates security incidents. Performs case management throughout the incident lifecycle for complex security incidents.
*Manages the design, development, implementation, and review of security testing technology standards, processes, and operational workflows.
*Participates in the IT Risk Assessment process.
Career Pathways:
Information Technology companies:
If you have a background of networking, you can get the job of network security administrators, network defense analysts, web security administrators, application security testers, security analysts, forensic analysts, penetration testers and security auditors. Database developers, software developers and web designers are some more options. You would be responsible for testing large systems, try to diagnose any loopholes in them which can make them crack able. Next, you would be responsible for ensuring that the system is secure. Secure programming, authorized hacking and network security surveillance are niche areas that you can major in.
You would be responsible for thedesign, execution, and oversight of a formal, enterprise-wide security and vulnerability identification and testing programs. Besides, you would perform periodic and scheduled testing of the company’s public and private networks and technologies for known and unknown vulnerabilities and coordinate security incident investigations. On the whole, you would be responsible for consultation with IT, compliance, audit, and other stakeholders to ensure security is addressed throughout the development lifecycle
The Road ahead:
The road to Ethical Hacking as a career looks very silky. As a complement to the Information Technology sector, Ethical hacking is expected to grow exponentially in the next few years. Today, the leading IT giants like Wipro, Google, Accenture, IBM and Infosys are hiring ethical hackers in order to conduct audits and suggest fixes in case of any vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses.
So, gear up and brace yourself for the silky world of ethical hacking.
Follow our WhatsApp channel
