Thursday, 19 February 2015

A Career in Ethical Hacking

Ethical hackers prevent us from hacking and the hacker activities. In a true sense hacking was a harmless activity, but later associated with crime and criminals. Companies employ ethical hackers to test system security and report problems without taking any advantage. Ethical hacker is sometimes called a white hat and an unethical hacker is called a black hat. White hats try to break the system to fix the problem where as black hats break the system for financial benefit.
 

For hacking to be deemed ethical, the hacker must obey certain rules.
1. Hacker must have permission to probe the network and attempt to identify security risks.
2. Must respect the individual's or company's privacy and only go looking for security issues.
3. Must report all security vulnerabilities detected to the company, not leaving anything open for someone else to come in at a later time.
4. Must let the software developer or hardware manufacturer know about any security vulnerabilities located in their software or hardware if not already known by the company.
The work that ethical hackers do for organizations has helped improve system security and is quite successful.


        The main advantage ethical hacking is that companies are able to pay computer techs to attack their own system to learn where the weak spots are. This prevents identity theft and the leaking of vital information. When a company learns about security lacking in their system, it allows them to implement stronger security measures.
        The disadvantage of ethical hacking is the temptation that arises from the knowledge that is gained. A person may be tempted to do something unethical for personal gain. Further disadvantages could lead to security breach and development of malicious viruses or malware.
        The various types of hacking are e-mail hacking, google hacking, websites and databases hacking, windows passwords cracking, metasploit, wireless cracking, mobile hacking, etc.
Various techniques implemented in hacking are:
 
1. Phishing:
         It the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. Phishing emails may contain links to websites are infected  malware. is typically carried out by email spoofing   instant messaging, and it often directs users to enter details in a fake website whose look and feel  almost identical the original site. Various Phishing techniques are Spear phishing, Clone phishing, Whaling etc.
 
2. Key logger:
        A logger a hardware device or a software program that records the real time activity of a computer user including the keyboard keys they press. Most key loggers allow not only keyboard keystrokes be captured but also are often capable of collecting screen captures from the computer. Key loggers are sometimes part of malware  downloaded onto computers without the owners' knowledge. Detecting the presence of a key logger on a computer can be difficult. There are 2 types of key loggers:
a. Software key logger
     i. Remote
     ii. Local
b. Hardware key logger * Perfect key logger is software which captures the keystrokes on victim system. * www.blazingtools.com to detect if keylogger is present in the system.
 
3. Trojan horse:
         A horse, or , is a hacking program which gains privileged access to the operating system, often including a backdoor allowing unauthorized access to the target's computer. do not attempt to inject themselves into other files like a computer virus. Trojan horses steal information, or harm their host computer systems. may use drive-by downloads  install via online games or internet-driven applications in order to reach target computers.
* Beast Trojan horse is software to create Trojan horses and to send to the victim system
 
4. Social engineering:
        A It is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. It can be easier to trick people than to hack into computing systems by force. Social engineers get personal information or access to computing systems by exploiting people's natural tendency to want to trust and be helpful, and by taking advantage of our tendency to act quickly when faced with a crisis. Social Engineer commonly use email, the Internet, or the telephone to trick people into revealing sensitive information or get them to do something that is against policy.
Some different types of social engineering are: * Spam scams/phishing: through e-mails, steal personal or private information or passwords, or trick you out of money. * Impersonation: attackers pose as someone in authority, or an IT representative, in order to obtain information or direct access to systems. For targeted attacks, hackers will even go through dumpsters or do other research so they know enough to convince you to trust them.
 
BNC:
         A  (short for ) is a piece of software that is used to relay traffic and connections in computer networks, much like a proxy. Using a BNC allows a user to hide the original source of the user's connection, providing privacy  well as the ability to route traffic through a specific location. A BNC also be used to hide the true target to which a user connects.
* Tomodo firewall and zone alarm firewall are the 2 firewalls which can help the victim to     close all the proxy paths. * www.whatismyip.com to show the original public ip address * www.proxy.org show 1000’s of proxy’s that a hacker can use to hide his public ip     address. * www.newipnew.com to get new proxy ip address * Tor software is used to create chain of proxy addresses * www.sectools.org to download ip bouncers by hackers * Cavaj is a decompiler of java which gives source code by inputting .class file * Havij is an advanced SQL injection tool used by hackers to extract data from database    by copying URL of a website. Make sure the sites are not venerable to hackers. * Wireshark software is the best sniffer (a technique that captures packets over network)     in the world, which can show the various operations performed on a webpage.
    Key stroke is the most frequently used hacking technique by level – 1 hacker.
Career Opportunity

    
According to the Government of India, a demand for 4.7lakh Cyber Security Professionals is estimated by 2015. Various organizations including banks, hotels, airlines, telecom companies, ITES companies, outsourcing units, retail chains, Internet companies, E-Commerce ventures, police departments, government agency and others are hiring full time Cyber Security experts to improve the security of their network infrastructure. 

         To become a CEH a 4/6 months Training is provided in Certified Ethical Hacker various Ethical Hacker Analysts 5 Cities Across India (Delhi, Bangalore, Lucknow, Chennai and Hyderabad).
 

Skills required:
1. Ability to write programs in many programming languages C, C++, Perl, Python, and Ruby.
2. Working with web applications, Microsoft .NET and PHP. Knowledge of assembly language is also essential for those who want to analyze disassembled binaries.
3. Knowledge of a variety of operating systems (Microsoft Windows, various versions of Linux, etc) is critical.
4. Experience with various network devices, including switches, routers and firewalls is also important.
5. An ethical hacker should also have a basic understanding of TCP/IP protocols such as SMTP, ICMP and HTTP.
6. In addition to technical skills, an ethical hacker needs good soft skills.
7. Perhaps the most important skill, however, is adaptability.

A fresher may work as an intern for a couple of months and can start with a minimum of Rs 2.5lakh per annum. With one year of experience, one can expect up to Rs 4.5lakh per annum. Those with work experience five years or more can get from 10-12lakh per annum.
 

Job designations:
        Ethical hacking faculty, Ethical hacking manager, Ethical hacking trainer etc.

No comments:

Post a Comment