-
Table of Contents
Ch. No. Title Page No
1. What is cyber security? 1
1.1Why do we need cyber security? 1
1.2Cyber Law India. 1
2. Internet Threats 2-15
2.1 E-mail Threats. 2-4
2.2 Website Threats. 5-8
2.3 Network Threats. 9-11
2.4 Phone Threats 12
2.5 Debit and credit card threats. 13-14
2.6 Trojans, spywares and viruses. 15-16
2.7 Wi-Fi Security. 17
3. Some common methods used in attacks. 18-19
3.1 Phishing. 18
3.2 Password Cracking. 19
4. Security on Internet. 20
5. Career in Cyber Security. 21
-
What is Cyber Security?
Cyber security is information security as applied to computers
and networks. The field covers all
the processes and mechanisms by which computer-based equipment,
information and services
are protected from unintended or unauthorized access, change or
destruction. Computer security
also includes protection from unplanned events and natural
disasters.
Why do we need cyber security?
There are many numbers of reasons. The cyber community changes
in an unbelievable pace.
The nature of the Internet as a tool for communication and
education has been used and misused
for personal gain, which resulted in cyber-attacks and
unprecedented rise in cyber-crime rates.
These rates are expected to increase more rapidly in the coming
years if cyber security is not put
in place.
1-Hackers are everywhere, they find loopholes and
vulnerabilities in our system and thus they
can read or manipulate our private data or confidential
information. Moreover, they can create
backdoors so that they could access our system whenever they
want.
2- Internet scams and frauds are rampant. These include
phishing, a very organized cyber-crime,
which deceives people into giving their banking details.
3- Viruses, worms and malwares are very harmful for our
computers and systems. They can slow
down our systems and even damage it. Malwares could send our
logs to other person (hacker).
4- Spyware, as the name hints, can spy on you. A computer
program automatically installed on
your computer, spyware tracks personal information you entered
and sends it to its creator.
Cyber Law India: With anonymously growing of internet, it has
become necessary to make a body that has controls over the
internet. Because one can miss use it and can commit
crimes. India also has a cyber-law. It covers these areas:-
1. The basic of Internet Security.
2. Basic information on Indian Cyber Law.
3. Impact of technology aided crime.
4. Indian IT act on covering the legal aspect of all online
activities.
5. Types of Internet policies required for an organization.
6. Minimum Hardware and software, security measures required for
an organization to
protect data.
-
Internet Threats:-
E-Mail Threats
Electronic mail (email) is a widely used communication mechanism
that can be categorized into
two basic types of web-based service: an open web-based email
service and a closed web-based
service. The first category provides web-based email accounts to
anyone for free or at a fee. The
second category provides email accounts that are managed by
organizations for employees,
students, and members only. Commercial and social websites rely
on the security of email
accounts. Large amounts of email exchanges are occurring daily,
some of which contain personal
information, company secrets, and sensitive information. This
makes email accounts very
valuable and becomes one of the main causes of email
hacking.
Email spam
As rules that govern unsolicited emails tighten, spammers
attempt to find new ways around
them. Attackers often send massive email broadcasts with a
hidden or misleading incoming IP
address and email address. Some users may open the spam, read
it, and possibly be tempted by
whatever wares or schemes are offered. If the spammer were to
get a hold of a companys
sending email and IP address, the impact on the company's
business would be devastating. The
-
companys Internet connection would be terminated by its Internet
Service Provider (ISP) if its
email and IP address are added to the black list of known
spamming addresses. Effectively, this
would shut down the companys online business because none of the
emails would reach their
destination.
Virus
Some emails incorporate a virus as a means of transportation.
The Sobig virus is an example of
such technology, creating a spamming infrastructure by taking
over unwilling participants PC.
This was a major threat to email security as spam will continue
to spread and trigger dangerous
viruses for malicious intent.
Phishing
This type of attack uses email messages from legitimate
businesses that the user may be
associated with. Although the messages look authentic with all
the corporate logos and similar
format as the official emails, they ask for verification of
personal information such as the account
number, password, and date of birth. 20% of unsuspecting victims
respond to them, which may
result in stolen accounts, financial loss, and even worse,
identity theft.
-
Email Privacy
To maintain privacy of your Email and to Protect our Email ID
from being hacked
we must follow some basic steps as follows,
1. Enable two step verification in your Email accounts.
2. Enable Login-notification for your email and get notification
in your mobile whenever
you login.
3. Set a strong password with a mix of alphabets, numbers and
special characters.
4. Enable login- notification for you Facebook accounts to
prevent unauthorized
access.
5. Enable HTTPS in your email settings and your Facebook account
settings.
6. Never share your password with anyone. Even to your closest
person.
7. Setup a recovery question which is difficult to answer and
never setup an easy &
guessable answer to your security question.
8. Never click on any links sent through mail or chat. It may be
a link which can steal
your cookie or inject any viruses.
9. Always check your address bar for proper website address
before logging in.
10. Whenever you Need to Forward an Email to More than One
Person use the BCC
Option to Write Addresses.
11. If you are Unable to Access Your Email Account Immediately
Report it to the
Service
Provider. They Give You a Option of Forgot Password/Account
Hacked etc.
12. Avoid Using FREE WIFI Access At Public Places.
-
Website Threats:-
Website is set of related webpages hosted by a webserver,
accessible via a network such as the
Internet or a private local area network through an Internet
address known as a Uniform resource
locator. All publicly accessible websites collectively
constitute the World Wide Web. A website
is scripted or written in languages like HTML, PHP, .net, XHTML,
CSS, java script, J query etc.
Most used webservers are:-
Apache
IIS
Google
NGINX
Authentication Process of websites:
Most of the websites today requires the user to sign up for
their services. And then we have to
sign-in each time when we need the service. Some common examples
are Facebook, Gmail,
twitter, forums, shopping websites, internet banking, online
storage, etc. Each website gets the
username and password from the user and sends it to the server,
where it is verified by
comparing it with the details in its database and then the user
is allowed to use the specific
service offered by the website. All these things happen in few
seconds over the internet.
-
Attacks on Websites & Web Applications
There are several Attacks performed on websites and web-based
applications every minute, and
most of the attacks are due to improper coding and poor
programming skills.
Some of the common attacks performed on website / web-
applications are as follows
1. SQL Injection
2. XSS
3. RFI & LFI Attacks
SQL Injection Attacks- An SQL injection is probably the most
abundant programming flaw that exists on the internet at present.
It is the vulnerability through which an unauthorized
person can access various critical and private data. The SQL
injection is not a flaw in the web or
DB server, but is a result of the poor and inexperienced
programming practices. And it is one of
the deadliest as well as easiest attacks to execute from a
remote location.
Let's see an example, where the username admin with the password
i3indya can log into the
site. Suppose the SQL query for this is carried out as
below:
SELECT USER from database WHERE username=' admin' AND
password='amity'
-
If the above SELECT command evaluates true, the user will be
given access to the site otherwise
disallowed. Think what we could do if the script is not
sanitized.. This opens a door for the
hackers to gain illegal access to the site.
In this example, the attacker can enter the following user data
in the login form:
Username: a or 1=1
Password: blank
So, this would make our query as:
SELECT USER from database WHERE username=' a' or 1=1-- ' AND
password=''
Cross Site Scripting Attack ( XSS )
Cross Site Scripting or XSS is an attack which allows a hacker
to insert malicious codes into the
webpage either temporarily or permanently. These codes which are
inserted mostly run on client
side ( The end-user or victim ) and some on the server side (
Affecting all users of that website ).
It is a common vulnerability found in several web applications ,
Due to breaches of browser
security, XSS enables attackers to inject client-side script
into Web pages viewed by other users.
There are two types of XSS,
1. Persistent XSS ( Stored XSS )
2. Non-Persistent XSS ( Reflected XSS )
Stored XSS
Stored XSS vulnerability is a more devastating variant of a
cross-site scripting flaw, it occurs
when the data provided by the attacker is saved by the server,
and then permanently displayed on
"normal" pages returned to other users who normally visit that
page. A classic example of this is
with online message boards where users are allowed to post HTML
formatted messages for other
users to read. This is a severe threat to the users of that
website.
Reflected XSS
Reflected XSS vulnerability is the most common type of XSS.
These vulnerabilities show up
when the data provided by a web client, most commonly in HTTP
query parameters or in HTML
form submissions, is used immediately by server-side scripts to
parse and display a page of
results for and to that user, without properly sanitizing the
request.
-
It is most commonly found in the search box of several websites
which doesnt sanitize the input
given by the users. Which means it accepts special characters
and other variables and allow
script to be run using the search box or other holes.
RFI & LFI Attacks
Remote File Inclusion ( RFI )
Remote File Inclusion (RFI) is a type of vulnerability of
website which allows an attacker to
include a remote file, usually through a script on the web
server. The vulnerability occurs due to
the use of user-supplied input without proper validation. This
can be used just to display contents
of a file and can also be used for the following attacks-
A. Code execution on the web server
B. Code execution on the client-side such as JavaScript which
can lead to other attacks such
as cross site scripting (XSS).
C. Denial of Service (DoS)
D. Data Theft/Manipulation
Local File Inclusion ( LFI )
Local File Inclusion ( LFI ) is a vulnerability where the local
files of the webserver can be
accessed by anybody by using their website in a browser. The
attacker can traverse the entire
directory of the webserver therefore allowing access to
sensitive data and password files.
The LFI can be exploited by using ../ to traverse one directory
up in a webserver. Therefore if
multiple ../ is used then the attacker can access the root
directory of the webserver and view
sensitive files such as the passwords. Usually in Unix servers
the folder containing the passwords
is in etc/passwords file.Suppose if a site is vulnerable to LFI
, then the example below will
display the contents of the password file of a Unix server.
www.examplesite.com/index.php?page=../../../../../../../etc/password
This is the RFI & LFI Attacks these can be prevented by
restricting the access to folders and by
sanitizing the user inputs.
-
Countermeasures:-
1- Secure Programming is needed for programmers to prevent
website and website users from
being attacked
2-Users must be careful not to click on any unwanted links in
websites.
3-Never use same password for different websites, even if one is
compromised, you are safe.
4-Inputs must be sanitized in the web applications and web
forms.
-
Network Attacks:-
A computer network or data network is a telecommunications
network that allows computers to
exchange data. In computer networks, networked computing devices
(network nodes) pass data
to each other along data connections. The connections (network
links) between nodes are
established using either cable media or wireless media. The
best-known computer network is the
Internet.
Footprinting
Footprinting is the act of gathering information about a
computer system and the companies it
belongs to. Footprinting is the first step hackers take in their
hacking process. Footprinting is
important because to hack a system the hacker must first know
everything there is to know about
it.First, a hacker would start gathering information on the
targets website. Things a hacker would
look for are e-mails and names. This information could come in
handy if the hacker was
planning to attempt a social engineering attack against the
company.
Port Scanning
The point of port scanning a server is to detect its open ports
the ports listening services. Once a
hacker knows all the services running on your server, he could
search for possible vulnerabilities
they may have and exploit them to take control of our website.
Along with finding out what ports
are running, the hacker needs to also find out what operating
system the server is running. There
-
are always a lot of operating system vulnerabilities out there
to choose from. So by knowing the
operating system, the hackers chances of taking over the server
go up.
Denial-of-Service (DoS) There are many types of DoS attacks, but
they all have one
purpose: to make the target server unavailable for legitimate
users. The most common type of
DoS attack is when the hacker sends a flood of information to
the target server causing it to use
up all of its resources, and in return pushing it offline, or
causing it to deny requests from
legitimate users trying to access it.
Buffer Overflow (BoF) A buffer overflow happens when a program
attempts to store
more data into a buffer, or a data storage area, then it was
meant to hold. Because the buffer was
only meant to hold a certain amount of data, the extra
information overflows into other buffers
causing them to be overwritten with malicious code created by
the hacker. Once this code is
executed, the hacker can receive full control of the server.
ARP spoofing- It is a technique whereby an attacker sends fake
(spoofed) Address
Resolution Protocol (ARP) messages onto a Local Area Network.
Generally, the aim is to
associate the attackers MAC address with the IP address of
another host (such as the default
gateway), causing any traffic meant for that IP address to be
sent to the attacker instead.
ARP spoofing may allow an attacker to intercept data frames on a
LAN, modify the traffic, or
stop the traffic altogether. Often the attack is used as an
opening for other attacks, such as denial
of service, man in the middle, or session hijacking
attacks.[2]The attack can only be used on
networks that make use of the Address Resolution Protocol (ARP),
and is limited to local
network segments.
There are a few things we can do to stay secure from network
hacking attempts-
1. Keep all your software up to date. There will always be new
vulnerabilities coming out, and
your responsibility is to patch them immediately after a patch
comes out.
2. Implement a firewall. This will keep most of the bad data out
and good data in.
3. Install anti-virus software.
4. Scan your system with a vulnerability scanner. This may
reveal possible vulnerabilities in your
system.
-
Phone Hacking:-
Phone hacking is the practice of intercepting telephone calls or
voicemail messages, often by
accessing the voicemail messages of a mobile phone without the
consent of the phone's owner.
All smartphones, as computers, are preferred targets of attacks.
These attacks exploit weaknesses
related to smartphones that can come from means of communication
like SMS, MMS, wifi
networks, and GSM.
Malware Apps -Just as malware downloaded from the Internet can
crack open our computer,
malware apps can leave our phone exposed. The major app stores
usually try to prevent malware
apps from getting spread through their platforms, but malware
apps do get through and can even
be distributed through Web pages as a download. Common sense is
a fair barrier against
malware. Right now, the true extent of malware app penetration
is unknown and may be
exaggerated.
Phishing-Phishing may be actually more effective on a mobile
Internet browser because the
smaller address bar makes it less likely that a user will
carefully check the address before
entering information. The best way to protect yourself from
phishing is to enter important
addresses those for sites where you will be entering private
information from scratch.
GSM encryption Algorithm Sometimes algos used by GSM services
could be cracked and
lead to voicemail hacking. Nohl working with others around the
Internet -- has created a
guidebook for cracking the Global System for Mobile
communication's 64-bit A5/1 algorithm,
which was adopted in 1988. 3G networks use 128-bit encryption to
protect Relevant
Products/Services caller privacy and the new A5/3 algorithm is
being "phased in," GSM
Association.
Countermeasures:-
Being skeptical-A user should not believe everything that may be
presented, as some
information may be phishing or attempting to distribute a
malicious application. It is therefore
advisable to check the reputation of the application that you
want to buy before actually
installing it.
Permissions given to applications-The mass distribution of
applications is accompanied by the
establishment of different permissions mechanisms for each
operating systems. It is necessary to
clarify these permissions mechanisms to users, as they differ
from one system to another, and are
not always easy to understand.
Mobile Antivirus- Many antiviruses for cell phones are
available. E.g. Avast Mobile Security,
Quick Heal, Kasper Sky, etc.
-
Credit Card & Debit Card Hacking:-
Nowadays Internet banking and credit cards are very common
methods of funds transfer and
online shopping. And the most interesting thing is that it is
done over SSL. So people always
have a misconception that their accounts cannot be hacked as
their transactions are secured by
extra security Layer i.e. SSL but its quite easy to break the
SSL. So its always better to secure
your computer and internet connection rather than depending on
payment sites.
The fatal flaw that enabled the sensitive information to be
stolen is possible when an end-user is
not properly educated on an easy to do and well-known SSL
exploit SSL MITM. The hackers
take benefit of that to get access your sensitive data. Hacker
runs a series of utilities to redirect
other users data through his machine. He runs a number of other
utilities to sniff the data, act as
an SSL Certificate Server and to be the Man-the-Middle. He send
us a fake SSL certificate, thus
we actually connect to his machine instead of banks system. In
this case, our credentials are
being transmitted between our browser and the hackers machine.
The hacker is able to grab that
traffic, and, because he gave us the certificate to encrypt the
data/credentials, he can use that
same certificate to decrypt our data/credentials.
-
Phising is also used to steal credentials.
Countermeasures:-
Educate the end-user on the Security Alert and how to react to
it.
Utilize One Time Passwords, such as RSA Tokens, to prevent the
reuse of sniffed credentials.
When using SSL VPN, utilize mature products with advanced
features, such as Junipers Secure
Application Manager or Network Connect functionality.
-
Trojans, Spywares and Viruses
A Trojan or a Trojan Horse is a is a malicious application that
acts like a legitimate file or
helpful program but whose real purpose is, for example, to grant
a hacker unauthorized access to
a computer. Trojans do not attempt to inject themselves into
other files like a computer virus.
Trojan horses may steal information, or harm their host computer
systems.
Trojans are mostly embedded with legitimate software or
downloaded from websites by some
Ads etc., It is a very dangerous form of Malware which can
perform advanced operations like the
following,
1. Use of the machine as part of a botnet (e.g. to perform
automated spamming or to
distribute Denial-of-service attacks)
2. Electronic money theft
3. Data theft (e.g. retrieving passwords or credit card
information)
4. Installation of software, including third-party malware
5. Downloading or uploading of files on the user's computer
6. Modification or deletion of files
7. Keystroke logging
8. Watching the user's screen
9. Crashing the computer
10. Anonymizing internet viewing
Viruses
A computer virus is a type of malware that, when executed,
replicates by inserting copies of
itself (possibly modified) into other computer programs, data
files, or the boot sector of the hard
drive; when this replication succeeds, the affected areas are
then said to be "infected".
Your computer may be infected if you recognize any of these
malware symptoms:
Slow computer performance
Erratic computer behavior
Unexplained data loss
Frequent computer crashes
-
Spywares
Spyware is software that aids in gathering information about a
person or organization without
their knowledge and that may send such information to another
entity without the consumer's
consent, or that asserts control over a computer without the
consumer's knowledge. Spyware can
collect almost any type of data, including personal information
like Internet surfing habits, user
logins, and bank or credit account information. Spyware can also
interfere with user control of a
computer by installing additional software or redirecting Web
browsers. Some spyware can
change computer settings, which can result in slow Internet
connection speeds, un-authorized
changes in browser settings, or changes to software
settings.
Worms
A computer worm is a standalone malware computer program that
replicates itself in order to
spread to other computers. Often, it uses a computer network to
spread itself, relying on security
failures on the target computer to access it. Unlike a computer
virus, it does not need to attach
itself to an existing program. Worms almost always cause at
least some harm to the network,
even if only by consuming bandwidth, whereas viruses almost
always corrupt or modify files on
a targeted computer.
Security Against Malwares
1. Install a good antivirus. Free or Paid is good, but dont used
cracked or pirated versions.
2. Install real-time anti-spyware protection
3. Update your Anti-virus programs daily.
4. Perform scans on your computer daily.
5. Disable autorun to prevent infection from pendrives.
-
Wi-Fi Security.
Wireless/Wi-Fi is a technology which allows devices to connect
with each other to exchange
data in a computer network or for connecting to high speed
internet. It is also called WLAN. Wi-
Fi devices can connect to each other or to an access point to
connect with each other and to the
internet. Wi-Fi devices works are based on IEEE 802.11
standards.
There are three types of Wi-Fi securities available-
1- Open Wi-Fi.
2- WEP.
3- WPA/WPA2.
WEP Cracking- Wired Equivalent Privacy (WEP) is a security
algorithm for IEEE 802.11
wireless networks. WEP, recognizable by the key of 10 or 26
hexadecimal digits, was at one
time widely in use and was often the first security choice
presented to users by router
configuration tools. WEP can be easily hacked using sniffing.
Packet sniffing allows individuals
to capture data as it is transmitted over a network. Packet
sniffer programs are commonly used
by network professionals to help diagnose network issues and are
also used by malicious users to
capture unencrypted data like passwords and usernames in network
traffic. Once this information
is captured, the user can then gain access to the system or
network. Tools like Aircrack-ng and
Backtrack OS are capable of hacking any WEP encrypted network
easily.
WPA/WPA2- It is an advancement to WEP . WPA2 also improves the
security of Wi-Fi
connections by requiring use of stronger wireless encryption
than what WPA requires.
Specifically, WPA2 does not allow use of an algorithm called
TKIP (Temporal Key Integrity
Protocol) that has known security holes (limitations) in the
original WPA implementation.
Several different forms of WPA2 security keys exist. WPA2
Pre-Shared Key (PSK) utilizes keys
that are 64 hexadecimal digits long and is the method most
commonly used on home networks.
Security Tips:-
1. Change Default Administrator Passwords (and Usernames).
2. Turn on (Compatible) WPA / WEP Encryption.
3. Change the Default SSID.
4. Enable MAC Address Filtering.
5. Disable SSID Broadcast.
6. Assign Static IP Addresses to Devices.
7. Enable Firewalls On Each Computer and the Router
8. Turn Off the Network During Extended Periods of Non-Use.
-
Some Common methods used in attacks
1- Phishing
Phishing is the act of attempting to acquire information such as
usernames, passwords, and
credit card details (and sometimes, indirectly, money) by
masquerading as a trustworthy
entity in an electronic communication. Communications purporting
to be from popular social
web sites, auction sites, banks, online payment processors or IT
administrators are commonly
used to lure unsuspecting public.
1. Attacker convinces the victim to click on the link of fake
login page which resembles a
genuine login page.
2. Victim enters his credentials in fake login page that goes to
attacker.
3. Victim is then redirected to an error page or genuine website
depending on attacker.
Countermeasures:-
Do not reply to emails that request financial information, even
if it appears to
be from a trusted source.
Do not reply to emails from unrecognized senders.
Secure websites are indicated by a lock on the browser's status
bar or the prefix
"Https://" instead of Http://. "
Information from an email is temporarily stored on a computer's
local disk and
can be retrieved by another user if it is not properly
deleted.
If your browser has a pop-up blocker, enable it.
Do not copy any website addresses from a pop-up window into your
browser.
-
Password Cracking
Nowadays, passwords are the only form of security on most
websites and computer systems. It
has become one of the most common and easiest ways for a hacker
to gain unauthorized access
to your computer or network.
Social Engineering Social engineering is when a hacker takes
advantage of trusting human
beings to get information from them.
Dictionary Attack- A dictionary attack is when a text file full
of commonly used passwords, or
a list of every word from the dictionary is used against a
password database. Strong passwords
usually arent vulnerable to this kind of attack.
Brute-force attack- Brute-force attacks can crack any passwords.
Brute-force attacks try every
possible combination of letters, numbers, and special characters
until the right password is found.
Brute-force attacks can take a long time. The speed is
determined by the speed of the computer
running the cracking program and the complexity of the
password.
Rainbow Tables- A Rainbow table is a huge pre-computed list of
hash values for every possible
combination of characters. A password hash is a password that
has gone through a mathematical
algorithm that transformed it into something absolutely foreign.
A hash is a one way encryption
so once a password is hashed there is no way to get the original
string from the hashed string. A
very common hashing algorithm used as security to store
passwords in website databases is
MD5.Well when we login and submit our username and password, a
script takes our password
and runs it through the md5 algorithm. The outcome hash is
compared to the hash stored in the
database. If they are the same, we are admitted.
If I were to run the word cheese through the md5 algorithm, the
outcome would be
fea0f1f6fede90bd0a925b4194deac11.
Countermeasures:-
Use strong passwords upto atleast 10 characters with
combinations of uppercase,
lowercase, numbers and symbols. E.g. P@5$w0rD_)(*
Never ever use name, pet name, any relatives name, phone number,
car number in
password which could be easily guessed.
Never use any password in more than one account or IDs.
Never click on any unknown link sent by any person, it could be
phishing or cookie-
grabbing.
Never share password with any person.
-
Security on Internet.
Hacking is another side of Cyber. Some people are very notorious
and net savvy. They love to
keep, update themselves and bring innovative ideas. Hacker is
one of them, spending almost all
time on internet and doing illegal activities and spreading it
all over the world. Thus infecting the
internet and making people to do like those ultimately
increasing cybercrimes.
Staying Safe on Internet
Internet is the playground of Hackers and Malicious programs, To
be safe on the internet we
have to follow some basic rules.
1. Always Use Genuine Antivirus/Internet Security Software
Regularly Updated with
Internet.
2. Keep your Firewall ON and Updated.
3. The Browser should be kept free from toolbars which get
automatically installed on your
browser.
4. Never Save Your Passwords on your Browsers and Instant
Messengers like Yahoo,
Google, and Skype etc.
5. Keep your Browser Temporary Cache, Cookies Clear on Regular
Basis.
6. While Browsing Don't Install Shortcuts and Toolbars from Pop
Ups and Ads.
7. Don't Download Pirated Stuff from Untrusted Sites. (e.g.
Music, Videos, Free Software)
8. Always Install Software's Available at the Parent Sites.
9. Don't Click on Suspicious Links/Hyperlinks Which Are Luring
and Tempting.
-
Career in Cyber security
According to naukri.com there are 5800 vacancies in field of
cyber security and
network security. Cybersecurity is one of the hottest fields in
technology today
and the trend will continue for the foreseeable future. As noted
in a Best Jobs
article on the CNN Money website, cyber security is among the
top ten fastest
growing careers in America, with a 27% growth rate. All
industries, from retail
sales to hospitals to power plants, are dependent on information
technology
(IT), and cybersecurity is critical to ensuring IT assets are
protected.
The Certified Ethical Hacker is a professional certification
provided by the
International Council of E-Commerce Consultants
(EC-Council.)
An ethical hacker is usually employed by an organization who
trusts him or her
to attempt to penetrate networks and/or computer systems, using
the same
methods as a hacker, for the purpose of finding and fixing
computer security
vulnerabilities. Unauthorized hacking (i.e., gaining access to
computer systems
without prior authorization from the owner) is a crime in most
countries, but
penetration testing done by request of the owner of the victim
system(s) or
network(s) is not.
A Certified Ethical Hacker has obtained a certification in how
to look for the
weaknesses and vulnerabilities in target systems and uses the
same knowledge
and tools as a hacker.
Companies like Google, Yahoo, IBM, etc. always look for people
who can find
vulnerability and bugs in their systems and pay a lot of
money.
Government organizations like CBI, NIA, Indian Army and other
defense
services hire many cyber security analysts every year and an
ethical hacker can
always build his own career as a white hat.
By:-
Neeraj Negi ([email protected])