Certified as ethical hacker
6th January 2003 (Computimes)
By Chandra Devi

DO you know that there are companies which hire hackers? They are no ordinary hackers, but certified professionals trained in the art of ethical hacking.

Unlike criminal hackers who break into computer systems for fun, revenge or profit, ethical hackers are those paid by organisations to hack into supposedly secure networks and expose flaws, according to Wordware Distributors (M) Sdn Bhd’s managing director Wilson Wong.

"While companies want to be able to take advantage of the Internet for electronic commerce (e-commerce), advertising, information distribution and access, and other pursuits, they are concerned about the possibility of being hacked," he says.

"To counter this, they have come to realise that one of the best ways to evaluate the threat to their interests would be to have independent computer security professionals attempt to break into their computer systems."

Although there are currently thousands of security consultants, very few are actually aware of measures to counter hacker threats, according to Wong. He says ethical hackers would use the same tools and techniques as the intruders, but they would neither damage the target system nor steal information.

Instead, they would evaluate the target system’s security and report back to the owners with the vulnerabilities they found and instructions on how to remedy them, he adds.

Wong says the art of ethical hacking and the skillsets required can be obtained by pursuing the Certified Ethical Hacker (CEH) certification programme offered by the International Council of Electronic Consultants (EC-Council).

EC-Council is a globally recognised professional organisation that offers several options for aspiring and practising e-commerce professionals to study topics identified as e-business industry standards skills for e-commerce professionals.

The organisation addresses skillsets and knowledge in the areas of e-business, customer relationship management (CRM), supply chain management (SCM), enterprise resource planning (ERP), e-security, knowledge management and project management.

Besides the CEH programme, Wordware, as master distributor of EC-Council certification programmes for the Asia-Pacific, also offers the Certified E-business Associate track, Certified E-business Professional track and Certified E-business Consultant track through its accredited training centres (ATCs).

On the CEH programme, Wong says the five-day programme will take students into an interactive environment where they will learn to scan, test, hack and secure their own system.

To achieve CEH, one must pass the Ethical Hacking and Counter-measures examination, which covers the standards and language involved in common exploits, vulnerabilities and counter-measures.

One must also show knowledge of the tools used by hackers in exposing common vulnerabilities as well as the tools used by security professionals for implementing counter-measures.

Wong says the programme is suitable for networking professionals, information technology managers and decision-makers who need to understand security solutions.

He adds that not just anybody can take the course as the ATCs will ensure that the applicants work for legitimate companies.

In addition to stringent selection, prior to attending the course, individuals will be required to sign an agreement stating that they will not misuse the newly acquired skills and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

All four EC-Council programmes are available at 35 ATCs in the country. Among them are KnowledgeCom Corp, Imperial College, Informatics Corporate Learning, Informatics Group and PTPL. Each programme costs between RM1,499 and RM2,999, and the exam fees range from RM136 to RM570.

More details can be found at www.wordware.com.my.