The Digital Sentinel
The turn of an era has seen all our valuable and sensitive data
migrate from locked file cabinets to the open Internet; this creates a great need for ethical hackers to secure the data and keep it
away from the infiltrators’ hands
By Ayan Sinha
HACKER (noun) : 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities.
2. One who programs enthusiastically or who enjoys programming rather than just theorising about programming (dictionary.com)
The advent of cutting edge technology in a digital epoch has been the prime reason that our lives have become much easier than several years before, when the Internet was slow, net banking was unheard of, online payment portals were scarce and considered unsafe when available. It took a long time to ease the access to various portals, prepare the infrastructure and make things easier for the common man. The underlying reason for this slow progress was the vulnerability faced by the system. Technology works both ways – it is a creator and a destroyer, it carries both the energies, the Yin and the Yang. While organisations were engrossed in heavily safeguarding the security over the Internet and various portals, some radical and irrational groups were busy finding loopholes in the system and using them to their own advantage. Their purpose: stealing passwords, hacking into the systems and servers of large organisations, publishing sensitive information on the web and using stolen credit card information to meet their own ends. These were the black-hat hackers who exploited the vulnerabilities in the system for personal gain or other reasons.
This period also gave birth to ethical hacking at a worldwide level. Now the first question that lingers in our mind is: how can you consider breaking into someone else’s system ethical? The answer: organisations found a unique way to handle the intrusion problem, which was hiring a brain that thinks like the enemy. In a modern version of setting a thief to catch a thief, they recruited their own hackers and paid them to break into their systems or networks. These were the white hats – the hackers who would help organisations to find the exposed and vulnerable areas and fix them.
Ethical Hacking –
Cracking a Crisis
Computer security became a major concern for businesses and governments who needed to expand through the Internet. Everyone wanted to take advantage of e-commerce, advertising, and the easy distribution and access to information, but they were apprehensive about the security issues. To fortify their systems, they brought in independent computer security experts whose work was similar to the auditors who come in to verify the bookkeeping records. This team of ethical hackers would use the same tools and techniques used by the intruders and try to break in to the system; the only difference between the two being that ethical hackers neither damage nor steal information. Instead, they evaluate the security measures and report the vulnerabilities back to the owners so that they may find a remedy. This method of evaluating a system’s security originated in United States where the US Air Force conducted a security evaluation of the Multics operating systems for potential use as a top secret system. The evaluation revealed multiple hardware vulnerabilities, software loopholes and procedural security issues within the system. In 1993, Farmer and Venema published one of the most notable works on ethical hacking, containing methods and techniques to detect the vulnerabilities within a system. They packaged all their work into a single, easy-to-use application called SATAN (Security Analysis Tool for Auditing Networks). This tool met with negative media attention, mostly because its use was misunderstood. While a major portion of the crowd looked upon it as an automated hacking tool, the SATAN in fact detected security issues and even advised users on how to correct them.
Ethical Hackers – Preventing Hacktivism
Hackers have very strong programming and computer networking skills and are usually in this business for several years. They are also adept at installing and maintaining systems that use popular operating systems such as UNIX. Their base skills are augmented by detailed hardware and software knowledge, removing the need to be well-versed in security systems, since the high level of their programming application can get them through any system. The only difference between a white hat and a black hat is that the former does it legally to prevent information leaks, and the latter does it criminally to access sensitive information, to steal or to forge, or does it just for fun. Ethical hackers are completely trustworthy and usually handle sensitive information with great care. Organisations trust them with their valuable data, and, as the hackers try to compromise their security, they come across information that should remain secret. The information, if leaked into the market, could probably cause huge financial losses to the clients. Hence these hackers play the role of actively protecting the organisation’s data. One of the most vital attributes of an ethical hacker is patience. A hacker might have to monitor systems for days or weeks just to find the right moment to intrude. This intrusion cannot be automated and has to be done manually. A typical evaluation can take weeks of tedious work and persistence. Some portions of the evaluation must be done outside working hours just to simulate the timing of a real attack.
An Ethical Hacker’s job
The job of an ethical hacker is governed by three simple
questions:
1. What can an intruder see on the target systems?
2. What can an intruder do with that information?
3. Does anyone at the target end notice the intruder’s
attempts or success?
These are the facts that are collected by the hackers
before starting their work. A hacker must know what kind of sensitive information is stored in the system and how much of it an intruder can access; how valuable the data is to the hacker; and whether or not someone will make an attempt to access that data. If that data can cause major financial gains to the intruder then the security risks are high. Most importantly, a hacker should be aware of whether the current security
system is capable of detecting an intrusion and preventing it; and if yes, to what extent.
Become a Hacker – Ethically!
The career of an ethical hacker is an illustrious one. If you are good at what you can do, organisations reward you generously. For this, you must have a thorough knowledge of computer systems and networking and also be adept at programming in different languages. The International Council of E-commerce Consultants (EC-Council) provides a professional certification known as the Certified Ethical Hacker (C|EH). It also offers another certification course known as Certified Network Defense Architect (C|NDA), which is designed only for United States Government Agencies. Some of training
institutes for ethical hacking in India are:
Institute of Network and Security (INS), Pune
Course Offered: Ethical Hacking
Appin Technology Lab, Bangaluru
Course Offered: IT Security and Ethical Hacking
Cognex Technology Pvt Ltd., Chennai
Course Offered: Ethical Hacking and Counter Measures
In India, apart from these, some of the most popular courses in ethical hacking are offered by Ankit Fadia, an independent computer security and digital intelligence consultant with a strong experience in Internet security. He offers courses such as Certified Ethical Hacker and Certified Cyber Security Expert. For more information on these courses you can visit www.ankitfadia.in.
The path of an ethical hacker is a righteous one, and fame and glory that can be attained are unfathomable. The
opportunity for earning equals your expertise in
hacking. If you have the talent in you, then the world of cyber
security awaits you.
|
