ETHICAL HACKER

Pratibha Sahu

pursuing MBA

Ever had thoughts of becoming a hacker, an ethical one that is? The EC-Council has released a certification called Certified Ethical Hacker (CEH). Its goal is to certify security practitioners in the methodology of ethical hacking. This vendor neutral certification covers the standards and language involved in common exploits, vulnerabilities, and countermeasures.

If you have been to a bookstore lately, you've most likely seen that there is an abundance of books on hacking and "how to hack." Until now, few organizations have worked toward quantifying ethical hacking, defining its legalities, or specifying its useful role in modern organizations. This is what the EC-Council is attempting to do with this certification.

Who Are Ethical Hackers?

An ethical hacker is most similar to a penetration tester. The ethical hacker is an individual who is employed or contracted to undertake an attempted penetration test. These individuals use the same methods employed by hackers. In case you were unsure; hacking is a felony in the United States. Ethical hackers have written authorization to probe a network. Only then is this attempted hack legal, as there is a contract between the ethical hacker and the organization. In 1995, long before today's more stringent guidelines, one individual received 3 felony counts, 5 years probation, 480 hours of community service, and a $68,000 legal bill for failing to insure proper authorization. Don't let this happen to you!

How is Ethical Hacking Performed?

Primarily, ethical hackers are employed in groups to perform penetration tests. These groups are commonly referred to as "Red Teams." These individuals are being paid by the organization to poke, prod, and determine the overall level of security. Again, what is important here is that they have been given written permission to perform this test and have detailed boundaries to work within. Don't be lulled into believing that the penalties for illegal penetration are low, it is a felony!

Why must organization have a Ethical Hackers?

Organizations must secure their IT infrastructure and networks. Just as corporations employ auditors to routinely examine financial records, so should corporations audit security policy. We have all seen the havoc that a lack of real financial audits can cause. Just as accountants perform bookkeeping audits, ethical hackers perform security audits. Without security audits and compliance controls, no real security exists. This is a big problem. There are plenty of individuals waiting to test and probe your organization's security stance. These individuals range from government and corporate spies, to hackers, crackers, script kiddies, or those who write and release malicious code into the wild. Their presence in your network in not a good thing!

The legal risks of ethical hacking

When ethical hackers track down computer criminals, do they risk prosecution themselves?

Security researchers at this week's Usenix conference in Boston believe this is a danger, and that ethical hackers have to develop a uniform code of ethics for themselves before the federal government decides to take action on its own.

Blogs