Ethical Hacking and Information Security Training Program, Courses & Career choices

Ethical hacking career choice

2011-06-14T02:37:00.002+05:30

Just want to start a debate whether ethical hacking can be a career choice?

The views represented here are of the individual author's and Appin Security Group (http://www.appinonline.com) has no liability for same.

Know the Essential Skills to Become an Ethical hacker

2009-09-29T10:48:00.000+05:30

Computer security has become a major cause of worry for businesses and governments all over the world. Though internet has made e-commerce possible, helped in advertising products and services to millions of people, it has also led to the rise of criminal hacking. Due to this, a growing number of companies and governments are turning to ethical or white-hat hackers to get them out of the problem.

A certified ethical hacker tests the security of the systems, look for viruses and rectify the problems pertaining to the network security. But in order to become en efficient ethical hacker, you need to have competent skills along with the right attitude.

Programming skills
The knowledge of programming languages is a mandatory. You should learn the technique of C, C++, Python, Java, Perl and Lisp.

As a beginner, you can start by learning Python which is less complicated as compared to other languages but at the same time challenging enough. It is well-documented and well-designed. Afterwards, you can learn C, Lisp, Perl and java.
It is important to learn Perl as it is used extensively for web pages and system administration.

All these languages have different approach to programming, and by acquiring the knowledge of each one of these would make you much more efficient hacker. Each language has its own significance and at the end of the day you would benefit by learning each one of them.

UNIX
You can’t become a hacker unless you learn and understand UNIX. After all UNIX is the platform on which the Internet is built upon. Though there are other platforms, it is not possible to read the code or modify them. However with UNIX you can read how the operating system is written and modify it. Hence, learn to hack on open-source UNIX by getting a Linux or BDS-UNIX installed on your personal computer and practice on it daily for hours.

HTML
To become a hacker, you should know how the World Wide Web functions. And having knowledge of web is not just restricted to how to use the browser. You should make efforts to learn and write HTML.

Usage of English
In order to become an efficient ethical hacker, you need to have a good command over the English language, as it is the English language which dominates the Internet. All the books on hacking come in English language. Hence concentrate to improve on this part too.

Apart from all this, read lots of books on hacking. The more you read; the better. Buy books or enrol in some libraries and take them on rent. And don’t hesitate in experimenting. To become a white-hat hacker, you need to have the curiosity to learn about new things.

In fact, you can also take up hacking course. There are several reputed institutes which offer certified hacking courses with theoretical as well practical training. Getting proper training from prestigious institutes would benefit you a lot and help you in becoming a professional, certified ethical hacker.

Are You Secured on the Net?

2009-09-19T12:03:00.001+05:30

Are You Secured on the Net?

Are You Secured on the Net?

We all are living 2 lives these days one is the real life and the other one is the virtual life- the life on the internet. We have net friends, social networks, dating, scrapping, and personal information on the internet. The average time spend by an individual on the internet is also increasing. The question that comes to our mind is that are we secured in the virtual world. You would have seen the movie matrix where every human being had 2 lives – Real and Virtual and if one dies in the virtual world he/she dies in the real world too. The similar is the case here if not the same.

Do you access internet from cyber cafes?

You went to a cyber café, checked your emails, bank accounts and came back home. Next day your accounts were hacked. If this has not happened with you, it’s about to happen soon. Whenever you are accessing your emails, bank accounts through an un trusted network like cyber cafes there might be a strong possibility that they installed softwares known as keyloggers, trojans or sniffers which can capture your passwords. The question comes how does one detect this? Have a look at the figure on your right. This shows the taskbar of your windows system. If you see unknown icons here, for e.g.- you may see a guy with black hat in the figure shown consult your cyber café guy and ask him what is it and until you are assured that its not a harmful software don’t use the computer.

Cyber Café Owners should implement strong policies and not allow computer users to install their own softwares in order to prevent this crime.

Do you chat to strangers/net friends?

So you chat using yahoo messenger, MSN, Rediffbol or ICQ. Almost everyone uses them, makes net friends, share photos and other stuff online. An example of photo sharing on yahoo messenger is shown in the picture underneath

If you receive files through the internet from people then you might be in trouble. A person might pretend to be your friend but is a social hacker who will use your trusting nature to hack you. You might be saving his photograph but it might contain a virus or a spyware that may infect your computer. It may also contain a hidden software known as a trojan that will automatically install on your system and used by the hacker to control your system. This has led to serious crimes in the past and is only bound to increase. The solution to this is being smart on the internet and not falling in traps of such people. It’s better to take more time to trust a person than to fall in such traps.

Have you put your profile on orkut, fropper or any other social network?

We are living in the age where online social networks, online dating have become an important part of our lives. But this source of entertainment has dangers of privacy. Time and again pictures loaded on social networks are morphed and converted to pornographic or nudity. Privacy has become an important issue with these social networks. With the evolution of social networks online dating sites like fropper have become famous too and people have become open to the concept of online dating. In fact its an evolution in itself. However while using these entertainment sources we should be cautious of not putting pictures that can be easily morphed and be stringent in trusting a person. It’s generally recommended that do-not give away information regarding you which can be used harmfully by a person on the internet.

Do you ask your friends to check your emails?

You might be lazy o check your emails sometimes. But does that mean that you can be lazy enough to share passwords with friends on the internet. It’s generally suggested that you should not share your passwords with anyone. The more number of people who know your passwords the greater chances are of it being hacked. This can cause serious problems to both your real as well as virtual lives if you are unaware. Your email id can be used to conduct cyber crimes using your emails. It can be used by people in your social groups to make you un-popular or affect your relationships with your friends. It can also be used by smart hackers to crack your other sensitive passwords be that of your bank accounts for that matter.

Did you check that email received was send by your friend or not?

Emails can be spoofed and send by another person’s id without hacking into email accounts. Thus it is very important to check whether the email received by you is actually sent by your friend or not. This can be done by simply checking the email header and identifying whether the email generated from the correct source. For example: If it is an email from xyz@yahoo.com and the originating server which comes in the email header is not yahoo.com it means it’s a spoofed email. For details you may visit: www.appinlabs.com

Did you logon to your bank account one day only to find it hacked?

A very common crime known as Phishing has become prevalent these days. Here the attacker sends you a spoofed email from your bank accounts email address asking you to immediately change your password by clicking on a link. Actually this link takes you to a page which is same as your bank page but is hosted by a hacker who intends to capture your username and password. You can see a copy of a Phishing page of Yahoo email. The crime can be prevented by following:

1) Check the authenticity of the email

2) Don’t click the URL written in the email instead typing in the URL on the web browser.

3) Always remember a bank or email account never gives a short notice to update your information.

Countermeasures

1) Be cautious on the internet. Trust process has to be more stringent than the real world.

2) Don’t put sensitive information on the internet

3) Install your anti-virus and firewall and keep them updated

4) Follow all the above mentioned measures to prevent yourself being a victim of cyber crimes.

Career in Information Security/Ethical Hacking

2009-09-19T12:00:00.000+05:30

Career in Information Security/Ethical Hacking

-What is the entry level post?
Network Security Administrator
Application Security Tester
Forensics Tester
Ethical Hacker
Junior Security Auditor
Security Certified Programmer
Security Certified Information User

-What is the starting salary?

In India the starting salaries are of the range Rs 15K-50k depending on qualifications. For e.g- A person who has done B.Tech computer science along withh a security certification like MASE will normally get around Rs 30K as a starting salary and a person who has done diplomas etc with security certification like MASE will get around Rs 15K once he completes the probabation period. Then he moves on to drawing higher salaries with time and experience. Security sector is one of the highest paid sector in the world and for India it will be no different. The salaries go up to infinite range and security experts earn 15 lakh per annum and company’s CISO ( Chief Information Security Officer ) earns around Rs 25 lakhs per annum

-What is the growth curve like starting as a fresher, where can he go?

Network Security administrator -> Network Security Manager -> Security Officer -> Chief Information Security Officer
Ethical Hacker/Penetration Tester -> Security Consultant and Manager -> Chief Information Security Officer
Application Security Tester -> Application Security Developer -> Application Security Manager -> Chief Application Security Officer
Forensics Tester -> Forensics Manager – > Forensics head
Junior Security Auditor -> Security Auditor
Secured Programmer-> Security Project Manager

And many more…

- What is the industry growth rate both india and world ?

over 30% in India and around 21% in the world

What are kinds of DATA THEFT?

Theft of Intellectual Property/Softwares etc stolen -

These thefts occur at 2 levels

a) Ideation and Software design for the software – This means the theft occurs at a stage when the software is not made but thought of and designed. This can occur if any of your employees in the core project team leaves the company during the project and joins the competitor where he presents the same architecture. He can either have the documents of the software design or have the architecture in his mind. The theft can be prevented by implementing laws such as an employee is not allowed to leave a company midway of project, creating laws that abide him to do that ( employee contract) and heavy penalty enforced in case he does it. The theft can also occur technically by hacking into the project team’s individual laptops or computer when they are at home. This can also be prevented by processes and technical security which can be taught to them.

b) Theft of the software program – This is not that easy and is done in following ways
- Project is outsourced to a third party who copies the software and perhaps sell under different brand name
- Software program is stolen from the core team’s computer by hacking when they might take the software home for testing, coding etc
- Individual software uncompiled codes stolen which can be later combined to form the software ( E.g.- An Appin employee shares the security software code with friend from competitor company for checking the code, to prove his/her capability )

These thefts can be done intentially by your own employees for financial gain by using emails, removable devices or captured by hackers by using techniques of social engineering or technical hacking. For preventing these a team should be maintained for technical security, its up gradation comprising of security people, ethical hackers, security managers etc along with enforcement of laws and security processes within an organization. You also need to consult specialists in security, have regular training programs to stay aware about the latest threats and ways adopted. This is information age and you need to understand, implement and upgrade your information security skills, awareness programs on Information Security for everyone in the organization. Information can be leaked at all levels and hence should be secured at all levels

Other kind of data thefts that happen include customers databases, confidential proposals, strategy documents and even board room meeting minutes. Some case have been reported. For e.g – A famous Data Center had some client data copying in the past, A famous gas company’s statistics were stolen, Some other internet based companies are hacked and their data is copied often, even government information has been stolen by hacking into web servers and other attacks done by countries that are against India. I will not name a company because this is classified information. They could sue us for providing this information. Top companies have been hacked like we heard the recent case of airtel.
These can be prevented by taking measures as mentioned above along with special security consulting companies taking care of your information security

India is it equipped?

Though Indian companies has started adopting security but we still have a long way to go till it becomes a part of our psychology. We lock our houses but forget the same about digital information. We need more technical man power, companies should increase their budgets to save their reputation, clients and business secrets. We need to become a security conscious nation else our BPO and IT industry which is reputed in the world will lose its reputation and fall down on growth rates. We have to be more secured than any other nation . We are sure to achieve this if we all work together.

BPO’s

BPO & Data processing facilities are basically classified into different segments with respect to their capabilites, revenues , turnovers .
One is a set of huge BPO’s like Convergys, Genpact, HSBC, Wipro Spectramind etc which are very secured. The problem is still we have seen thefts in
HSBC, Wipro Spectramind in last couple of years.

Then there is another set of BPO’s which are smaller in size and don’t have adequate security processes and infrastructure. It is very easy to copy data, leaque data etc.
The reason is not that they can’t do it. They are just not aware and hence none of the employees are aware too.

Then there are very small BPO’s which are ranging froma head count of 5- 100 people which don’t follow security policies at all.

Thus overall Indian BPO industry needs to raise its standards in Security, take more training programs, consult experts as this is the primary industry of India and hence the reputation and revenue loss is big if a crime occurs

2009-08-13T12:03:00.000+05:30

5 Surefire Tips to Protect Your Computers from Hackers

Hacking attacks are constant worry and perennial headache for any network administrator. More interestingly and ironically, the best defense against them comes from hackers themselves. But these hackers are of a different kind and breed - they are 'ethical hackers'.

While companies and government organizations all across the world are spending huge sums on hiring professional network security experts or ethical computer hackers, you can make your computer secure by being a little more careful and by keeping your system equipped with next generation anti-hacking solutions. Let's see how...

1. Always use the latest version of anti-virus software applications. With good anti-virus software, whenever a hacker tries to access your machine you would be warned about it so that you can take necessary steps before any damage is done.

2. Always keep the firewalls in active mode as it will prevent unauthorized entry by the hackers.

3. Keep checking the programs running on your system on a regular basis. In case, you come across some program that you might not have installed or which does not form part of standard operating system, then be alert and cross check it as it might be some sort of spam.

4. To minimize risk against virus attacks and hackers, keep your operating system up to date as it allows the machine to be aware of the latest discovered security holes. If you don't do that, you are just giving open invitation to the hackers who just evolve from every failed or 'taken care of' hacking attack.

5. Never ignore the patches when they arrive for installation. Usually what happens is that a hacker makes a way to enter your computer through some common programs. By installing security fixes and patches you make your computer safe from hackers as they are developed with the sole motive to fix security related issues.

Well, these tips are just the primary precautions to keep your system safe from the hands of hackers. But it's better to take help of experts to take care of security measures. Many companies nowadays employ ethical hackers with knowledge of network security, cracking and hacking to counter the menace of criminal hacking.

Let me explain a little more. Hackers are broadly categorized into three groups:

- Black-hat hacker- These are the malicious or criminal hackers that break into networks or computers, or create computer viruses.

- Grey-hat hacker: These are skilled hackers who have mixed characteristics of white and black-hat hackers. They usually hack for fun or challenge but in the process can do some pretty damaging things.

- White-hat hacker: These are ethical hackers whose task is to provide security and protection to IT systems. Such people are employed by companies to enhance their IT security and keep their network systems free of hackers and spammers.

Ethical hacking is thus fast becoming a chosen career option for young IT pros given the fact that the IT security market worldwide is growing by leaps and bounds. There are various courses available for computer hacking and network security training. Professional cracking tutorials and other courses prepare IT security pros for attractive careers in big organizations.

2009-08-13T11:55:00.000+05:30

Ethical Hacking Course for a Bright Future

Also known as white hat hacker, an ethical hacker is an expert in anti-hacking techniques who works to prevent malicious hackers from stealing or damaging important data and ensure that computer systems and networks are safe.

Generally, these type of ethical hackers work day and night to provide security to IT systems. At times, they can even break into any other system in the course of an investigation on the ground of doubts. Both black hat hackers (also known as crackers) and white hat hackers essentially do the same thing, but an ethical hacker has altruistic motivations.

How To Become An Ethical Hacker
Earlier to become an ethical hacker there were three main ways - a history or expertise in malicious hacking, being a bright computer science graduate, and possessing a training background in systems or administration or a combination of all three.

Nowadays it has become easier for people to become an ethical hacker as there are many private institutions and colleges, who are offering full-time ethical hacking training, embedded system training, network security training and many more courses.

The ethical hacking training courses have been designed on the basic principles of how to catch a thief by employing their own tricks against them. Usually, an ethical hacking training course covers the following topics, such as:

Basics of networking
Basics of operating systems
Basics of databases
Techniques of windows hacking
Restoration of deleted files
Editing of registries
Cracking of password
Counter measure of password breaking
Computer forensics
Firewalls
Network hacking
Security tools
Hacking tools
Tracking of e-mail
Router hacking
Port scanning
Vulnerability of windows platform
Viruses and their mode of spreading

After the completion of the course, one gets the opportunity to practice hacking in an ethical way to ensure the security of confidential and important data. Moreover it also instills in students a strong ethical sense of what they should and shouldn't do as security professionals.

Major benefits of ethical hacking training course

For students, a good ethical hacking training course helps to build a successful career in many big and small IT firms or other corporate firms. The future prospect of ethical hackers is bright as more and more companies are taking all possible steps to ensure security of various data and networks.

A full time ethical hacking training course opens doors for those who want to build a professional career in teaching. This course will never be out of market and in future many more private institutions, colleges and universities will include the ethical hacking training course in their curriculum given the ever-burgeoning market demand for IT security professionals.

The benefits of training ethical hackers are much higher as compared to the risks associated with it. But it is essential to do the course from a reputed institution or college to get the maximum benefit.