YOU HEARD THE SAYING, “To catch a criminal, you have to think like one!” Ethical hacking or legal hacking involves breaking into systems and servers with an objective of making them more secure and uncovering vulnerabilities to shield them from cyber attacks. Apart from just protection from criminal cyber activities, the ethical hacker also plays a pivotal role in other aspects of enterprise security such as encryptions, security protocols and firewalls.
Ethical hacking emerged as a US$3.8 billion industry in the US alone, last year. As per National Association of Software and Services Companies (NASSCOM), there is a requirement of over 77,000 hacking professionals in India. Despite the escalating demand, ethical hacking has still not been able to grab the interest of students to take it up as a full-time profession. Hence India has only 22,000 professional hackers as of now. NASSCOM also iterated that the digital security scenario in India is threatened at $8 billion annually.
The scope for Ethical Hackers is immense, in both India and abroad. The information security industry is undergoing a current worldwide growth rate of 21%. The need for information security for security compliance in India is mandatory for all companies with an IT backbone. The requirement for such personnel is especially high with organisations in the IT/ITES space. However, internet security is no longer a grave concern for IT companies alone. Today every business has some form of online presence and therefore cyber security has become a key focus area across sectors.
There are several categories within hacking to be understood as a first step. The first is Trojan programs that share files via instant messenger. Trojan is a malicious program which is also known as a Virus. The latest instant messengers come with huge capabilities like file sharing and computer sharing. The Hackers in the current day are using this mode to deliver the Trojan and hack into your computer. Then, there are various ways through which a hacker can impersonate other users. The most commonly used method is eavesdropping on unsuspecting users to retrieve user accounts, passwords and other user-related information. Denial of Service (DoS) is another category through which a hacker can launch an attack on an instant messenger user. A Partial DoS attack will cause the user end to hang or will use up a large portion of CPU resources causing the system to become unstable. Phishing Techniques that are common today include Link Manipulation, Filter Evasion, Website forgery and Phone phishing.
In order to become an Ethical Hacker, one needs a solid grounding in Computer Sciences. This is imperative if one has to out do the sharp, aggressive and dedicatedly malevolent criminal hackers. It is therefore advised to study Ethical Hacking at a post graduate level, after pursuing a B.Tech or B.Sc course from a reputed organisation. This equips the student with both strong theoretical foundations as well as practical specialisationst.
Ethical Hacking involves subjects like Computer Networks, C++ or Java, UNIX Knowledge Cyber, System and Data Security. Apart from this, know-how of assembly language is crucial for those who want to analyse disassembled binaries. Also, a profound familiarity with a variety of operating systems (Microsoft Windows, various versions of Linux, etc) is of paramount importance. An ethical hacker ought to have a basic understanding of TCP/IP protocols like SMTP, ICMP and HTTP.
Becoming a successful ethical hacker also requires several soft skills such as creativity, great inter-personal skills and an eye for detail. Analytical thinking, logical thinking and a positive outlook are a must in a profession where often you may encounter situations where every effort of yours is outwitted by a criminal hacker. This is when resilience, motivation and a never-say-die attitude come into play.
Designations attained by ethical hacking aspirants are Network Security System Administrator/Manager, Network Security Engineer, Systems/Applications Security Executive, Ethical Hacker, Data security specialist, Computer Forensics Investigator, IT Security Administrator/Consultant/ Manager, Security Certified Programmer etc.
In India, there are several institutes where one can study to become a professional legal hacker. Some of these are Ethical Hacking Training Institute, New Delhi, School of Vocational Education and Training, Indira Gandhi National Open University (IGNOU) and Indian School of Ethical Hacking, Kolkata. NIIT and the International Council of Electronic Commerce Consultants (EC-Council) also recently came up with a programme to train 15,000 aspirants in professional hacking.