Career in Ethical Hacking

What is Hacking? 

In computer networking, hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. The term "hacking" historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the Internet and other networks.

Hacking vs. Cracking

Malicious attacks on computer networks are officially known as cracking, while hacking truly applies only to activities having good intentions. Most non-technical people fail to make this distinction, however. Outside of academia, its extremely common to see the term "hack" misused and be applied to cracks as well.

Cracker

One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish ‘worm’ in this sense around 1981–82 on Usenet was largely a failure.Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by cracking rings. While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it’s necessary to get around some security in order to get some work done).Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit,very secretive groups that have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe themselves as hackers, most true hackers consider them a separate and lower form of life. It’s clear that the term cracker is absolutely meant to be derogatory. One shouldn't take the tone too seriously though, as The Jargon File is done with a sense of humor, and the above is said with a smile. As we can see from the above, illegal or perhaps immoral activity is viewed with disdain by the “true hackers,” whomever they may be. It also makes reference to cracker being a possible intermediate step to hacker, perhaps something to be overcome.

Script Kiddie

The term script kiddie has come into vogue in recent years. The term refers to crackers who use scripts and programs written by others to perform their intrusions.If one is labeled a “script kiddie,” then he or she is assumed to be incapable of producing his or her own tools and exploits, and lacks proper understanding of exactly how the tools he or she uses work. As will be apparent by the end of this chapter, skill and knowledge (and secondarily, ethics) are the essential ingredients to achieving status in the minds of hackers. By definition,

a script kiddie has no skills, no knowledge, and no ethics.

Difference between Hacking and Ethical Hacking

Hacking is getting "unauthorized" access to a computer system or a resource Ethical hacking involves  getting authorized access to resources in order to test if that resource is vulnerable against attacks. The main difference between both the terms lies in the intent of the hacker. A hacker(cracker) breaks into a system or network to use the gathered information in a illegal way whereas an ethical hacker finds the loopholes in the security system only to strengthen it.

Ethical Hacker

An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known aspenetration testing, intrusion testing and red teaming. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat.

One of the first examples of ethical hackers at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems. According to Ed Skoudis, Vice President of Security Strategy for Predictive Systems' Global Integrity consulting practice, ethical hacking has continued to grow in an otherwise lackluster IT industry, and is becoming increasingly common outside the government and technology sectors where it began. Many large companies, such as IBM, maintain employee teams of ethical hackers.

Ethical hackers attempt to assess the vulnerability of computer systems or networks at the request of the system or network owners. By using the same methodology and resources available to criminal hackers, ethical hackers help identify the weak spots which can be exploited and then programmers are roped in to build up defences to protect the hardware or software. The information security industry is growing at a rate of 21% globally. Frost and Sullivan has estimated that there are 2.28 million information security skilled personnel around the world, which is expected to grow up to 4.2 million by 2015. Ethical hacking is also known as penetration testing, intrusion testing and red teaming

An ethical hacker’s work is  interesting in a way that s/he develops, tests and implements ways in which a network and its data can be protected. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the good guy wears a white hat and the bad guy wears a black hat  

Ethical Hacking as a career

• The payoff

A fresher after successful completion of an internship can start at Rs. 2.5 lakh per annum and with a year’s experience, s/he can move to the Rs. 4.5 lakh per annum bracket Professionals with work experience of five years or more can expect somewhere between Rs. 10 lakh and Rs. 12 lakh per annum

• Skills/TRAITS

1. Primarily the capability to inscribe programmes in several encoding languages akin to C, C++, Perl, Python, and Ruby are a requisite
2. Being an ethical hacker definitely calls for one to be creative in their understanding of things and coming up with out-of-the-box solutions
3. Comprehension of assembly language is also indispensable for those into evaluating disassembled binaries
4. Acquaintance with an assortment of operating systems like Microsoft Windows, various versions of Linux, etc, is crucial
5. Knowledge in diverse network devices, counting switches, routers and firewalls is absolutely required 
6. An ethical hacker should possess a fundamental understanding of TCP/IP protocol, for example, SMTP, ICMP and HTTP
7. Besides technological dexterity, s/he also needs to have soft skills 
8. Possibly the most essential ability, on the other hand, is flexibility. This is so because while testing software and security systems, ethical hackers cannot expect threats that might crop up, so the ability to be ingenious is imperative

• Getting there

After passing your Class 12 examinations in science (with physics, chemistry and maths), do a bachelor’s in computer science or computer engineering from a recognised university in the country. While pursuing your undergraduate programme, you may enrol in a certificate course in ethical hacking, which might train you in the various elements in the field. These days, ethical hacking competitions are a rage in engineering colleges. If you are interested in making a career as an ethical hacker, make sure that you participate in these events. You should also enjoy working on computers because a sound base in information technology is a must to excel in this field

Career in Online Security

Career in Online Security

The recent report of NASSCOM says that there is a demand for two lakh information security professionals worldwide. As netizens, our lives stand exposed to the innumerable mishaps of the cyber world. For those who have a special place in their heart for computer science along with a knack of understanding the space of internet beyond the obvious, a career as an online security analyst could well be the ideal way to turn your passion into a fruitful career.

WHAT IS THE JOB?

The comfort of technology comes with the threat of criminal hackers who misuse confidential data available on the web. Online security analysts hack with legal permission to strengthen systems and make the system penetration proof. “An online security analyst is responsible for protecting all sensitive information within a company. They are responsible for insuring all networks have adequate security firewalls to prevent unauthorised access and must develop reports to share with administrators and stake holders in a company about the efficiency of security policies and recommend changes. Analysts also ensure that security systems are updated with any software or hardware changes in the company along with documenting security information in the company including physical and internet security,” explains Dr Zaki Qureshi, founder and chairman, E2labs Information Security, India’s first anti-hacking company. An online security analyst should understand the working of different protocols and services and should give viable solutions in case of security breaches.

Also, in the recent years, there has been an alarming increase in the number of email frauds and other cyber crime cases. In such a scenario, the demand for online security analysts has seen an unprecedented rise. Ankit Fadia, an independent computer security consultant says, “Online security analysts are ethical hackers. They are hired by leading companies, especially banking institutions, to secure their website as well as online transactions. Today, companies commonly employ a dedicated team of online security analysts who avert cyber crime on a daily basis.”

HOW DO I BECOME AN ANALYST?

In spite of the growing demand for professionals skilled in ethical hacking, there are only a few recognised institutes which offer complete training in ethical hacking. While a background in computer science is preferred, certifications are available which act as an advantage and provide an entry into the online security industry. Certifications help a person to understand the technical aspect along with training to deal with security breaches. Asian School of Cyber Law offers courses in cyber law and security. Month-long hacking courses like those conducted by Ankit Fadia Certified Ethical Hacker are available in more than 100 cities across India. You can also pursue a year-long PG Diploma course in Cyber Security and a two-year masters’ degree in cyber law and cyber security offered by IMT Ghaziabad. Some of the most well-known certifications are offered by the International Council of E-commerce. The certified ethical hacker is a certificate course offered by the organisation covering a basic area of ethical hacking and students can avail this programme in several study centers in Asia. 

While being computer savvy and gadget friendly are important pre-requisites, keen interest in networking and continuously updating programming skills are essential in this field. “While education in this field is an advantage, the most important skill required to be a successful online analyst is to have an insatiable passion for the newest developments in the field of computers and the ability to think like a criminal,” stresses Fadia.

WHAT IS THE INDUSTRY LIKE?

While there is no hard and fast rule to become a security analyst, training in ethical hacking along with programming knowledge is a good way to make an entry into the industry. Assessing risks, creation of high complexity security plans and the ability to defend the systems from dangerous attacks are some of the high points of this career. “An online security analyst’s job is more interesting than that of a regular programmer. It is almost like solving a mystery and a regular day at work involves hacking into the company’s website, finding out the security loopholes and developing programmes to fix it,” informs Gitesh Suchak, practice lead, Liquidhub, Hyderabad. Suchak’s opinion is echoed by Shyamoli Chattopadhay who has worked as a network administrator with Infosys. Says Chattopadhay, “The best part of the job is the delight of being a step ahead of the thief’s mind.” Due to the demand in this industry, starting salary ranges between four to six lakh per annum and experienced professionals can earn a salary of 30 to 40 lakh per annum.

So if you are looking to pursue something more exciting than programming and look forward to new challenges daily, you may want to consider becoming an online security analyst.