One question that comes to mind is: what makes hacking “ethical”? After all, by its very definition, a hack is something that exploits and takes advantage of vulnerabilities for a specific gain. There are cases when hacking is justified though, such as the following:
1. Express consent (almost always through a contract) is given by the company that allows you to probe their network. This will allow you to identify the potential
risks in their security.
2. You will not harm the company’s assets in the process (exceptions may apply).
3. When the work is completed, it should be closed out so no one can exploit it
afterwards.
4. Any vulnerability you find should be reported to the company.
Doing these will separate the white hats from malicious or “black-hat” hackers. Despite the shady characteristics of the job, white hats have helped corporations make leaps and bounds in protecting the information we entrust to them in our daily transactions. Being a white hat hacker is essentially like someone asking you to play the bad guy. These companies have built up a wall around their vital systems, and they want to see just how strong that wall is against a real-life threat (you). This way, you have to have all the abilities of a real hacker without all the bad intent.
But wait… There’s more!
But it doesn’t end with good intentions - you need to have proof of that, or how will anyone trust you?
To get that proof, you need to be a Certified Ethical Hacker or CEH. This is a qualification that can be obtained in the assessment of security systems through penetration testing processes. One will take an exam (formally labeled “312-50”), which gets updated every now and then.
To take the exam, one will first have to go through training at an ATC or Accredited Training Center. If you don’t want to and opt to self-study, you must have proof of at least 2-years’ worth of relevant security work experience (or educational background equating to this). Then, there are 150 questions answerable in 4 hours, coupled with a testing and reservation fee. Pass it, and voila! You are officially an ethical hacker!
Who says hackers can’t get credentials?
No comments:
Post a Comment