Certified Ethical Hacker: Not Your Everyday Job
The term "hacker" doesn't just apply to crooks, thieves and anyone else looking to subvert computer security systems for malevolent purposes. Some hackers are in the business of improving security. Certified Ethical Hackers are paid by companies and government agencies to test their computer systems against the sort of attacks the bad guys often attempt to pull off.
Oct 7, 2009 8:39 AM PT
Computer infrastructure has become the foundation of businesses, governments, and militaries across the globe. Unfortunately, the onset of computer dependence has only opened a myriad of opportunities for cybercrime and potentially devastating consequences. Unlike in the past, when criminals would have to physically peculate information, cybercrime involves finding network loopholes, running snippets of code, and virtually having access to billions of bits of data within seconds.
Although many establishments that use online networks to carry highly sensitive and confidential information neglect to close these "backdoor openings" (making it too late), others have circumvented the possibility of hackers gaining entry into their data by commissioning trusted third parties to assess any vulnerabilities. Individuals such as Jonathan James, Kevin Mitnick, and Kevin Poulsen have given the term "computer hacker" a bad rap; however, their moral counterparts, ethical hackers, are able ease the minds of companies and governments.
True ethical hackers can be certified by the International Council of E-Commerce Consultants (EC-Council) through various tests, background checks and screenings. An individual that is trained as a Certified Ethical Hacker (CEH) is often employed by a private or public network security company or department that works with private businesses, government agencies and even the military. As computers advance, the Internet evolves and networks expand, the need for Certified Ethical Hackers is growing.
The government has developed its own specific certification entitled the Certified Network Defense Architect (CNDA), which is open only to selected individuals. However, the coursework and testing is synonymous with that of a CEH. A CNDA is capable of working for the United States government and/or military. The Department of Homeland Security's National Cybersecurity Division (NCSD) directly and indirectly employs many CNDAs. These individuals constantly combat the vulnerability of the government's computer infrastructure as well as the nation's in general.
The Department of Defense's Information Processing Techniques Office (IPTO) and Defense Information Systems Agency are also homes of CNDAs. These individuals complete various tests on new military networks, software, devices and other diverse information technology-related materials. The role of these personnel is to develop gapless computer infrastructure in prohibiting malicious hacking of any branch of government and its subsidiaries. Although some ethical hackers are employed by these government agencies, others seek employment with private network security and information technology professional companies.
IT companies that work specifically with the security of private networks employ Certified Ethical Hackers. These third-party businesses work with firms and corporations of any trade or business. As identity theft is a major concern with the World Wide Web, companies that hold highly sensitive information are at stake to protect that data for their customers and clients. There have been various scandals in which malicious hackers have stolen an innumerable amount of personal information such as credit card numbers, Social Security numbers, names, phone numbers and addresses. Companies that keep these records on file have great concern in being confident that this information is not vulnerable to any outside source.
Furthermore, millions of individuals are starting to do all of their financial record keeping online through banks' Web sites. How would a banking company explain to their customers that a hacker had stolen all of their account numbers, names and addresses and has the potential to drain their accounts? Although it may sound far-fetched, the possibility is definitely a reality. Banks have a great deal of pressure to protect their technological mainframes -- not to mention the fact that to remain competitive with other banks, they are almost required to provide online services. Everything is being driven to the Internet these days. As more business is done through information technology, the greater the risk of crime and theft; no more iron bars, locks and brick walls to keep that money safe.
So how do all of these gaps in a technological society apply to the Certified Ethical Hacker? A CEH will be the inspector who would, in layman terms, go around after the bank was built and check for any way in or out of the secured building. After a company has established an essential network, whether it's a bank or not, a network security company of IT professionals, including CEHs, will perform vulnerability tests, or penetration tests, to check for any areas lacking security. These third-party IT companies will assess susceptible areas and develop a report for the business. The most crucial part of this process is that it takes place prior to the network going live. A company that wants to remain in business will always make this arrangement, as unsecured networks are easy targets for malicious hackers, and it only takes seconds for something to happen.
Although identity theft is a concern of the general population and businesses, there are other bits of data that a hacker may be seeking as well. What if someone intercepted emails, user names and passwords from the U.S. Department of Defense? Although hard to believe, it has been done; actually, only in September of 2000. Jonathan James, a 16-year-old from Florida, was "fooling around" and developed a back door in a server for the DoD. He was able to run a program that intercepted thousands of highly confidential emails about biological, chemical and nuclear weapons. Despite these horrifying facts, the security of this information has been fortified over the years, greatly diminishing the opportunities for malicious hacking, with partial thanks to CEHs and CNDAs.
Certified Ethical Hackers have more than a job in the IT world, as they have the privilege and know-how to keep the general population safe from cybercrime. CEHs and CNDAs play a critical role in the prevention of malevolent cyberattacks on businesses, government and military. As the potential threat toward any network, server or database is always a possibility, the profession of ethical hacking is only to grow.
Ryan Corey is the director of admissions at the Academy of Computer Education (ACE), a computer training school in the Washington, D.C., metro area.