What You Must Know About Being An Ethical Hacker

With demand for ethical hackers on the rise in India, what is it that specialists in cyber security must have know-how about? Read on. 

Rasool Kareem Irfan, senior manager, Tata Communications Transformation Services (TCTS), who is part of TCTS Security Practice and is responsible for security and compliance of infrastructure used for B2C services, shared his insights on the key ethical hacking concepts and the check list of essential tools to enable ethical hacking. Here is a low down: 

5 phases of hacking  

1. Reconnnaisance: In this phase, attacker gathers as much information as possible about the target prior to launching the attack.

2. Scanning: Here, the attacker scans the network for specific information based on information gathered during reconnaisance 

3. Gaining access: Attacker obtains access to the operating system or app on the system or network

4. Maintaining access: Attacker retains ownership of access to launch further attacks

5. Clearing tracks: Attacker destroys evidence for various reasons such as maintaining access and evading punitive actions  

Talking about the key hacking tools that prove as an essential aid to the ethical hacker at each of the five stages, Rasool shared the following slide as a quick checklist:  

During the webinar, Rasool shared that the demand for ethical hackers is on the rise in the country but there is a lack of security specialists who have great cyber security skills. 

If you are passionate about ethical hacking as a profession, this is the right time to take that leap as Rasool says that by the end of 2015, India would require about 5 lakh cyber security professionals.   

TimesJobs.com data highlights that about 62 per cent jobs for ethical hackers demand 2-5 years of experience. 

Apart from knowledge of the specific technologies and tools mentioned in the above paragraphs, TimesJobs.com data also reveals the key specialisations the industry is looking for in ethical hackers: 

• Web application security experience with thorough understanding of web app vulnerabilities

• Knowledge of application security architecture and experience in application level attacks and bypassing firewalls 

• Knowledge of mobile platforms such as Android, iOS, Blackberry and information on mobile app penetration testing methodology.

• Understanding of the software development lifecycle in a large enterprise and knowledge of securing windows and UNIX/Linux OS.

• Experience, understanding and flair for computer forensics, network exploitation, ethical hacking, penetration testing and tool development  

• Familiarity with Security Standards and groups (OWASP, WASC, FISMA) 

Source : techgig.com