Are you an ethical hacker?

Are you an ethical hacker?

ON THE JOB

Try on the role of protector, by helping governments and private companies save their data from the clutches of cyber crime, suggests George Jason

The IT boom has made the whole world a global village. As a result of which, countries are now connected to each other through business, entertainment, awareness and education. It is no longer difficult to contact anybody from anywhere — all you need is an Internet connection and few clicks of the mouse.

Cyber crime

At the turn of the 21st century, the use of the Internet was limited, as compared to the present (thanks to search engines like Google or Yahoo.) Over the last 10 years, the Internet’s usage has increased manifold, but with every good story, comes a villain. And in this case, it is criminal hackers.

There has been an alarming increase in the number of cyber crime cases, be it hacking e-mail accounts, stealing sensitive data, copying address books, intercepting data, cracking passwords, Trojan attacks or espionage in recent years. Cyber crime has come to threaten personal, societal and national security.

No wonder there is an increased concern for protection against criminal hacking among companies — big or small, private or public. It is this concern that has given an immeasurable boost to the career of ethical hackers.

Ethical hacking involves finding weaknesses in a computer system and patching it up. Hacking means exploring a computer’s designed features, and learning how to exploit or take advantage of those features.

Career opportunities

Ethical hackers (EH) use their knowledge in a constructive manner to help organisations, companies, governments to secure documents and sensitive information on the Internet. An EH, with legal permission, strengthens systems and makes them penetration-proof, unlike the hacker who purposely indulges in cyber crime.

To test a security system, ethical hackers use the same methods as criminal hackers, but instead of taking advantage of the loopholes, they work against the perpetrator and report problems to the owner. The process is also known as intrusion testing, penetration testing or red teaming. Hacking is not legal in India and all one needs is the title of a Certified Ethical Hacker (CEH) to get into the field.

To become an ethical hacker, being computer savvy and gadget friendly are important pre-requisites.

A recent report confirms that cyber crime has surpassed illegal trafficking as the leading criminal money-making source. With its high returns, low risks and obscure nature of revealing evidence, online networks have become the favoured technology space for criminals. This has created a dire need for IT professionals, who can understand the mindset of cyber criminals, to hunt down their illegal activities. Here is a list of work profiles for ethical hackers:

*Network Security Systems Manager
*Network Security Systems Administrator
*Network Security Engineer
*Systems/Applications Security Executive
*Web Security Administrator
*Web Security Manager
*Security Auditor
*Ethical Hacker
*Data Security Specialist
*Chief Information Security Officer

A science background is preferred for students willing to enrol in different degree and diploma courses. If one is a Science or Commerce graduate, but wishes to work as an engineer, he/she may get trained in a particular computer application and manufacturing process.

Ethical hackers are technically-skilled IT professionals with a strong desire to troubleshoot software issues and prevent malicious hackers from causing damage to network systems. To be a professional ethical hacker, motivation, dedication,  and formal training are key.

He/she will require in-depth networking knowledge, including what ‘normal’ packets look like. By using this knowledge and various other programmes, an ethical hacker can craft custom packets that assist in information gathering and compromising the network. This, when combined with the ability to write programmes like C, C++, Perl, Python, a professional can build any tool necessary.

An ethical hacker also should have a basic understanding of TCP/IP protocols such as SMTP, ICMP and HTTP. This allows them to confirm the results from automated scans instead of having to rely on the predictions of an automated test. This is essential for ensuring accurate reports.

In addition to technical skills, an ethical hacker needs a number of soft skills also. The ability to write effectively is a basic necessity, especially while putting together reports that summarise the results of a penetration test or  the details of new exploits. Critical-thinking is another important skill. Ethical hackers must follow precise methodologies in their work and thoroughly analyse data. This practice helps to ensure consistency and accuracy of results obtained.

Perhaps, the most important skill is adaptability. When testing software and systems, ethical hackers never predict the results. So the ability to be resourceful and flexible are vital. Strong mathematical skills and logical reasoning are the other qualities required in this field.

Certifications like CISA (Certified Information System Auditor), CISM (Certified Information Security Management) and CISSP (Certified Information Systems Security Professionals) would help a person to start a career in cyber security. Other vendor specific certifications like CCSP (Cisco Certified Security Professional) and MCSE (Microsoft Certified Systems Engineer) also help. Ethical hacking courses can be learnt through authorised computer training institutes in India.

(The writer is the vice president of Comguard Networks)

DH Newsletter Privacy Policy Get top news in your inbox daily
GET IT
Comments (+)