Ethical Hacking, the Corporate World and You

Ethical Hacking is seen as a sunrise industry in the IT sector, with the goal of helping reduce the instances of cyber hacking in today’s business environment. It is a preventive and critical action a company can establish in order to assess possible damage, how to counter the damage and fully recover from the aftermath of a real cyber attack.

Unfortunately, as ethical hacking is a niche skill, only a small subset of the IT sector has and no college or university which offers an undergraduate degree program in Ethical Hacking. The current ethical hackers at the moment are self-taught individuals. However, the education sector is trying to bridge the gaps, even with the lack of a degree offering for such knowledge, short courses to start a career in ethical hacking.

The central skill in ethical hacking a learner needs to absorb is the concept of penetration testing. Also, known as red teaming or intrusion testing, penetration testing is a sophisticated process of breaking through the systems (including people) in order to gain access. That means the pen testing team will even simulate a social engineering attack against the employees of the target company unannounced. The tests are comprehensive to audit the readiness of the organization in the event of an unauthorized remote access, virus infection, social engineering/phishing attacks, and newer exploits.

Each country has their own respective laws that may render white hat/ethical hacking as legal or illegal. But most of the issues against ethical hacking are usually quashed with clear approval and consent of the company. Firms hire ethical hackers for the benefit of the company as a whole, as part of a defense strategy in hardening their IT security. Ethical hackers know their limits and responsibilities; it is clearly defined in their contracts:

Written express permission from the firm that they will be breaking in.

• Expose to the company after the pen testing all the results of their ethical hacking activity.
• Make sure the systems that will be ethically hacked will be restored to its original form, after the activity.
• Never violate any laws, company policies and keep the top secret and confidential files they learned from the hacking from outside access.

Aside from penetration testing, coverage of a short course in ethical hacking usually covers the following topics:

1. Wireless Hacking
2. Buffer Overflows
3. Denial of Service
4. Cryptography
5. Firewalls
6. Bug Exploitation
7. Fingerprinting and footprinting
8. Hacking Web applications and web servers
9. Session hijacking and network sniffing
10. Social Engineering
11. SQL Injections
12. TCP/IP penetration and forensics
13. Reverse Engineering

Those that want to proceed with learning ethical hacking techniques, there are some important things to be aware of:

• Don’t sign-up at a random offer of ethical hacking online class. Do some research if the educational institution has a track record for such short courses. This can be determined by checking the background of the instructors, their office and their registration.
• Setup a virtual hacking lab. It doesn’t need to be an expensive undertaking. This can be done with a powerful enough PC that can run a virtual machine for the simulated exploits.
• Look at all the course offerings and check their feasibility. Not all short courses in ethical hacking are created equal.
• Start with a free course, then if it is effective, use the ladder system to upgrade to a paid online course.