Gone are the days when hacking was considered as a dark and grimmy job! It is now one of hottest career opportunities available in the market. If working overnight when everybody is asleep and trojans, buffer overflows or DDoS attacks gives you excitement and thrill, then you might consider a career in becoming an Ethical hacker.
What is Ethical Hacking
Hacking is the process of exploiting vulnerabilities to gain unauthorized access to systems or resources. Here, we will talk about Ethical Hacking i.e. hacking with ethics.
Ethical hacking is a flourishing career that you can have, protecting companies and corporates websites and personal information from the real hackers. Ethical hacking is process of checking and testing the organisation network for he possible loopholes and vulnerabilities. They perform hacking in ethical ways, without causing any damage to the computer system, thereby increasing the security perimeter of an organisation.
Information security refers to protecting or safeguarding any kind of sensitive information and information systems from unauthorised access, disclosure, alteration, disruption and destruction. If sensitive information falls into wrong hands, then the respective organization may face a great threat.
Types of hackers
- Black Hats – Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers.
- White Hats – Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts. Ethical hackers are generally White hats, they work for an organization protecting them from threats. However they can also become Grey hat at times.
- Grey Hats – Individuals who work both offensively and defensively at times. They might be a white hat during the day and may perform some kind of malicious activities at night.
- Script kiddies – An unskilled hacker who compromises system by running scripts, tools, and software developed by real hackers without proper knowledge of their inner working.
- Spy Hackers – Individuals employed by the organisation to penetrate and gain trade secrets of the competitor.
Why ethical hackers are needed?
The recent attacks on sony, paypal, adobe and other major online service has given the world a strong message over the urgent need of ethical hackers. There has been a a huge rise in Internet crimes all around the globe. With the advent of Internet in each and every household, the cyber crime rate has also increased in the recent years. Data breach, cyber wars, corporate espionage, government spies has become common now a days. Thus the need of Ethical hackers is also on rise.
click the link here to have a look on the worlds biggest data breaches and hacks.
Increase in cyber crime report. source : CEH
Last year ethical hacking was estimated to be a US$ 3.8 billion industry in the US alone. According to Nasscom, India will require at least 77,000 ethical hackers every year whereas we are producing only 15,000 in a year, currently. Ethical hacking is growing at a tremendous pace and offers a plethora of lucrative job opportunities. It is one of the highest paid jobs in the IT industry.
What it really takes to become an ethical hacker ?
Personally speaking, I am also following the same path and have seen many different types of students who just want to become a hacker because it sound’s cool. Whatever you see in movies is not true exactly and yeah, it’s cool to work as an ethical hacker but it really requires a lot of dedication, serious studies,online research and time. You can’t master it within months if you are a beginner. It will take a lot of time as there are so many concepts to grab on. It may even take years to really become a good Ethical hacker.
The first and foremost step you need to do to pursue it as a career option is to ask out your inner self whether you seriously want to consider it or not. You need a deep passion from within to enter this field. I am saying so because it’s really a tough path to walk on. You would have to spend many sleepless nights to gather information. Very few people have idea about it, so you can’t take help from general folks. The resources are limited and are few in number. You would have to build contacts, work very hard to get your step into it.
If you are really passionate and things like TCP/IP or trojans or exploits thrills you then read below how to make a career in it as a beginner.
If you are a computer science student, you will come across a networking paper in your college. Study it very well. If you are not in college or from a different stream then buy this book and read it in very detail or some other good book about networking. My personal recommendation is Data communications and Networking – Forouzan. I am giving the download link over here. It will build a strong concept regarding how networks work and understanding of different protocols at different layers.
You need not to be a linux pro but atleast you should learn the UNIX operating system as it is regarded as the original operating system built by hackers. Read my previous post about linux here to have a brief idea about linux. Also learn about Windows and Mac OS. You should be familiar with linux commands,their directory structures,etc.
You must have a very good command over Programming languages like C/C++/JAVA and some scripting languages like Python/PHP/Perl. You do not need to master them all but you should have a general idea about how they function.You should be able to write scripts on linux shell or write and run automated scripts using python.
What to do after that?
There are a lot of online sources to learn from. I will list a few. Since, it needs a lot of practise, it will take time. you can even take a professional level course or training from some local ethical hacking trainer. It will give you a brief idea about the overall content, then research through it online.
some online resources:
- security tube – www.securitytube.net (It’s a very good initiative by Sir vivek Ramachandran to educate students about infosec for free. Almost all video lectures are provided free here.)
- The Hacker News – www.thehackernews.com (A very good place to keep yourself updated about latest threats in hacking world)
Attend different Hacker conferences held all around the world to increase your knowledge, meet with real hackers, make contacts and socialize with them. I am listing a few of them.
Apart from these, there are many others too. Meanwhile you should also follow different security blogs and keep in touch with security domain people.
Professional & Global level certifications
C|EH (certified Ethical Hacker) – This is the worlds one of the most advanced ethical hacking course with 19 of the most current security domains any ethical hacker will ever want to know when they are planning to beef up the information security posture of their organization.
The goal of this course is to help you master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation. You walk out the door with hacking skills that are highly in demand, as well as the internationally recognized certified ethical hacker certification! This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.
The exam is very costly(around 500$) but it’s certification is worth it. Many companies demand their their employees to obtain such certification to enter into security domain.
CEH certification is in much demand.
OSCP(Offensive security certified professional) – I consider this one to be the best as this gives more hands on training and requires much more deeper knowledge than C|EH, but according to the market demand, it is not considered as much as C|EH. If you want a sure job in IT security, then go for a C|EH certification.
There are others in the market but these two are much more recognized everywhere.
CISSP is a very demanding certification too.
In a nutshell, I would say few points to finish my talk:
1. Need a mindset to exploit things even its a human mind, computer or electric appliance.
2. Sound knowledge of operating systems, application software, Internet and hardware. Every wanna be professional hacker should be perfect in at least one programming language
3. They should have basic knowledge of networking, routers and servers.
4. Knowledge of database management is must.
5. knowledge of One web designing language and one server side scripting language.
6. CEH certificate or a local vendor certification can also work.
If you have to really get into this, then make google as your best friend. It will solve all your queries. Spend time on solving a problem and finding the solution of it before asking anyone else. There are even divisions in Ethical hacking field when you get upto a professional level like Network pentesting,software pentesting, web application pentesting, malware analysis, crypto analysis, reverse engineering and some more.
You have to select any one of them and then further expertise in it. I would start posting about a series of hacking articles very soon. We attended defcon conference some time back. It was really great and I am sharing some stills from there and sorry for bad picture quality 🙂
Some stills from Defcon conference.