Ethical Hacking

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 27

A Career in

Ethical
Hacking

1
UNIVERSITY OF MUMBAI
DEPARTMENT OF LIFELONG LEARNING AND EXTENSION

CERTIFICATE
Name of the Student:
PARAS MODI

Class: FY LLB Div: D Roll No.:210

College: JITENDRA CHAUHAN COLLEGE OF LAW

Address: Mithibai College Campus, 8TH Floor, Bhakti Vedanta

Marg, Vile Parle (W), Mumbai – 400056.

Project: Career

Title: A Career in Corporate Law Submitted To:

DLLE, University of Mumbai

Signature of Student Signature of Teacher


(Paras Modi) (Dr. Sharmila Ghuge)

Signature of Field Signature of the


Principal Co-ordinator of College with Seal
(Dr. Shrima Bannerjee) (Dr. Priya J. Shah)

Signature of the Director, DLLE with Seal


2
(Dr. Kunal Jadhav)

3
Acknowledgements
I would like to thank Dr. Priya J. Shah the I/c Principal of Jitendra Chauhan College of
Law for permitting me to take up Career Planning as a project. I would also like to thank
Dr. Dilip Patil, the Director of DLLE for sensing the need of our generation to extend our
support to the community.

Dr. Shrima Banerjee was a caring field co-ordinator who provided valuable advices as
to how to go about the extension work. I am grateful to Dr. Sharmila Ghuge Assistant
Professor of Jitendra Chauhan College of Law for guiding us throughout our extension
work activity and motivating us to work more all the time.

Last but not the least, I would like to thank Mr. Anand Shaw the Student Manager for
helping us and providing us the necessary support whenever required.

Place: Mumbai Date: 24.02.2023

4
A CAREER IN ETHICAL HACKING

OVERVIEW

Hacking has been a part of computing for almost five decades and it is a very broad
discipline, which covers a wide range of topics. The first known event of hacking had
taken place in 1960 at MIT and at the same time, the term "Hacker" was originated.

Hacking is the act of finding the possible entry points that exist in a computer system or
a computer network and finally entering into them. Hacking is usually done to gain
unauthorized access to a computer system or a computer network, either to harm the
systems or to steal sensitive information available on the computer.

Hacking is usually legal as long as it is being done to find weaknesses in a computer or


network system for testing purpose. This sort of hacking is what we call Ethical
Hacking.

A computer expert who does the act of hacking is called a "Hacker". Hackers are those
who seek knowledge, to understand how systems operate, how they are designed, and
then attempt to play with these systems.

There are various benefits of ethical hacking. It prevents the data from being stolen by
attackers. Today, data is the key driver behind any organization. The attackers can
intrude into the system and steal the sensitive information to put it to the wrong use.
Ethical hackers prevent this mishap, they run tests and ethically breach into the system
to strengthen the security system.
Ethical hacker jobs are also in demand due to the increased concern of businesses to
prevent their data. The data could be of any kind of any industry, such as banking,
education, government, military, etc. the ethical hackers break into the system and
identify the weak areas, they gain insight into what could eventually be a weakness in
the system. Ince identified they make sure that the systems are protected from the
potential threat.

5
To ensure success as a certified ethical hacker, you should have advanced knowledge of
computer and internet security systems, high-level hacking skills, and the ability to
create clear and concise reports. A top-notch certified ethical hacker quickly identifies
security flaws and provides useful advice on how to improve the system.

There are various phases of ethical security. Those phases of cyber security are-
1. Identification 
2. Protection
3. Detection 
4. Reaction
There are various benefits of hacking, such as-
1. Timely identification of vulnerabilities
2. Enough time to devise a strategy for protective measures
3. Protects the data from unauthorized access
4. Build trust from the users in the market
5. Helps in the growth of the organization

The ethical hacking related career maybe not be like the old traditional careers but they
are new age careers that are here to stay. The data is becoming more centric for
organizations. The establishments are willing to spend on data security.

6
TYPES OF HACKING

We can segregate hacking into different categories, based on what is being hacked. Here
is a set of examples –

 Website Hacking − Hacking a website means taking unauthorized control over a


web server and its associated software such as databases and other interfaces.
 Network Hacking − Hacking a network means gathering information about a
network by using tools like Telnet, NS lookup, Ping, Tracert, Netstat, etc. with the intent
to harm the network system and hamper its operation.
 Email Hacking − It includes getting unauthorized access on an Email account and
using it without taking the consent of its owner.
 Ethical Hacking − Ethical hacking involves finding weaknesses in a computer or
network system for testing purpose and finally getting them fixed.
 Password Hacking − This is the process of recovering secret passwords from data
that has been stored in or transmitted by a computer system.
 Computer Hacking − This is the process of stealing computer ID and password by
applying hacking methods and getting unauthorized access to a computer system.

7
TYPES OF ETHICAL HACKER

Here, in this section, we will discuss various types of ethical hackers and also other
careers.

Security Architect: A security architect designs, builds, and implements computer


security and networks for an organization. A security architect holds the responsibility
of building up complex security structures and ensuring their effective functioning.

Security Consultant: A cybersecurity expert security expert is known as a security


consultant. Security consultants are responsible for identifying cybersecurity risks,
problems, and coming up with solutions. Security consultants guide ways to protect
physical capital and data.

Chief Information Security Officer (CISO): A chief information security officer is a


senior role. He/she is considered as more powerful in their respective department.
CISOs are responsible for building security teams, overseeing all activities related to the
security of an organization. CISO reports directly to the CEO or CIO. 

Data Scientist: Data scientists are generally called big data wranglers, collecting and
analysing vast collections of data from multiple sources. The job of a data scientist
includes computer science, mathematics, and statistics. 

Computer Programmer: A computer programmer is a specialist in one computer


programming field, or he or she can write code for software of several kinds. A computer
programmer explains the procedure of developing, writing, reviewing, debugging and
managing computer program source code. Within a programming language, this source
code is composed so that the computer can understand it.

Computer Systems Engineer: A computer system engineer is a professional who


updates, modifies, installs, tests software programmes and hardware devices in a
computer system. He or she is also involved in designing and planning data
communication systems for computer networks such as LAN, WAN and intranet.
8
Software Engineer: A software engineer designs several types of software, like
operating systems, computer games, business applications and communication systems.
A software engineer applies mathematical analysis and computer science concepts to
develop and build computer applications. 

9
CERTIFIED ETHICAL HACKER RESPONSIBILITIES

 Meeting with clients to discuss the security system currently in place.

 Researching the company's system, network structure, and possible penetration sites.

 Conducting multiple penetration tests on the system.

 Identifying and recording security flaws and breaches.

 Identifying areas of high-level security.

 Reviewing and rating the security network.

 Creating suggestions for security upgrades.

 Compiling penetration test reports for the client.

 Suggesting alternate upgrades.

 Conducting penetration tests once new security features have been implemented.

10
CERTIFIED ETHICAL HACKER REQUIREMENTS

 Bachelor’s degree in information technology or computer science.

 CEH Certification.

 Proven work experience as a certified ethical hacker.

 Advanced knowledge of networking systems and security software.

 In-depth knowledge of parameter manipulation, session hijacking, and cross-site


scripting.

 Technical knowledge of routers, firewalls, and server systems.

 Good written and verbal communication skills.

 Good troubleshooting skills.

 Ability to see big-picture system flaws.

11
JOB PROFILE OF AN ETHICAL HACKER

A career in ethical hacking will require a person to check for any vulnerabilities within
different organizations’ computer systems, formulate ways to ensure the protection of
information of an organization, communicate with clients, and deliver written reports
after task completion. They must possess a thorough knowledge of computer tools,
programming, and networking. Transparency is the key element for a career in ethical
hacking. Ethical hackers must be transparent with clients while going through their
computer systems. As an ethical hacker, you will need to simulate breaches to the
network security of an organization, conduct advanced evaluations to identify
vulnerabilities in computer systems, and take necessary steps to combat the potential
risk areas. Also, ethical hackers must always stay updated with the latest industry
trends.

Ethical hackers’ job is usually confined indoors within an office setting, probably in
computer labs or server rooms. Their work routine varies depends on their daily work.
There are days when the work shift can extend over 12 hours because of some critical
emergency in the organisation. One can work as an independent consultant or as an
employee of a company.

The job integrates high working pressure and its responsibilities range from finding a
bug in the IT environment to providing a solution to making the IT environment
stronger against external threats. Government organizations, IT security firms, financial
institutes, and telecommunication companies are some of the most prominent recruiters
of ethical hackers.

12
HOW TO BECOME AN ETHICAL HACKER?

Below is a stepwise pathway to becoming an ethical hacker:

Step 1: After the 10th, opt for the science stream with physics, chemistry, mathematics,
and computer science as your main subjects.

Step 2: After the 12th, opt for B. Tech, BE, or B.Sc. in Computer Science/IT engineering.
You can also enrol for professional courses on cybersecurity and ethical hacking offered
by reputed institutes.

Step 3: After graduation, pursuing higher education as M.Tech or M.Sc in Computer


Science will be fruitful. Candidates for postgraduate and doctoral programs from
government-recognized institutes like IITs and IISc need to go through the GATE
examinations. You might also find scholarship opportunities based on your merit. 

Step 4: Master the trending programming languages, including C, C++, Python, Java, and


Ruby.

Step 5: Try to obtain professional certifications in the field such as CISSP, TICSA,
Security+, Cloud computing, risk management, and application development. The CEH
(Certified Ethical Hacker) course is highly recommended to help people get
polished skills, and it is a mandatory requirement for many organizations.

13
SKILLS REQUIRED TO BECOME AN ETHICAL HACKER

If you want to know how to become a certified ethical hacker then you should keep
reading this article, a career as an ethical hacker. Below, we have mentioned the skills
that are required for an ethical hacking career path.

Computer Skills: Business organizations depend heavily on computerized technology


to perform immense quantities of tasks efficiently. Having good computer skills implies
that one can complete duties that may not be entirely feasible for candidates. And if we
discuss the profession of an ethical hacker then it implies that the duties of an ethical
hacker can never be accomplished without using a computer system. Individuals in the
ethical hacker career path also need to be allowed to use the Windows command line
and edit the database and configure their own networking requirements.

Tech Savvy: The understanding of information security and also technologies is also a
necessary skill. A candidate who seems to have a firm grip on security could regulate the
security administrator’s built hurdles. Skills such as Public Key Infrastructure, Secure
Sockets Layer, Intrusion Detection Systems, Firewalls, and more are also essential for a
hacker to learn. Safety involves protecting, and also safety or preventive actions are
taken. Security Concepts significantly decrease the risk of falling victim to cyber-attacks
and disruption by businesses. Security Concepts help guard your computers against
harmful spyware. It also guarantees the safety and security of data sharing.

Programming skills: Almost all of the ethical job duties of hackers will indeed require
programming skills associated with the framework. Ethical hacking is a demanding task
and offers interesting jobs in the modern age, where almost every multinational
corporation uses a variety of programming languages to own the virtual space on the
world wide web. Individuals in the ethical hacker career path must be trained in one
language and have some additional professional skills. Individuals in ethical hacking
career path must know coding programming languages such as C/ C++, HTML, SQL, R,
Python, Java, JSP, ASP, and other computer languages.

14
Technical skills: Technical skills are very important and needed to perform multiple
activities that require expertise. They are also most popular in information technology,
mechanics, engineering, science, financial services, and maths. Often it takes technical
skills to perform machinery, tools, software, and software development. An ethical
hacker must have sound technical knowledge. Some of the technical skills that an ethical
hacker should possess are given below.

15
CAREER OPTIONS IN ETHICAL HACKING

1. Government/Private Firms
There’s an increase in cyber threats and because of this government and private
organizations are constantly in search of Ethical Hackers who can be helpful in
protecting organizations from threats or attacks in cyberspace. There is also the
opportunity to work as a freelancer and work for multiple organizations.
Governments require ethical hackers to keep cyber threats and cyber terrorism at bay.
For every nation, it is important to keep the data of high importance and the data of its
citizens secure. 
The white hat hackers or ethical hackers as we may call them, provide the government
with the security of the data. These cybersecurity experts find loopholes in the existing
system and take measures to strengthen the system.

2. Network Security Engineers


Network Security Engineer handles the implementation, maintenance, and integration of
corporate WAN, LAN, and other server architecture. They are also responsible for
looking after the implementation and administration of network security hardware and
software and enforcing the network security policies.
They make sure the system is protected from all kinds of threats, bugs, malware, attacks,
etc. They prevent the system from any sort of breaches and provide a safe environment. 
They strengthen the cybersecurity mechanism. The requirement for these professionals
is high, as they are required in almost every industry such as banks, healthcare,
education, transportation, etc.

3. Network Security Administrator


A network security administrator writes the network security policies while also
performing frequent audits to ensure that the security policies are correctly
implemented and are up-to-date. In addition, they also take corrective steps for any sort
of breach.

16
These professionals make sure to update the security systems and prevent any threats
by monitoring the network. They strengthen the organization’s computer network
system. Apart from other functions, updating the network systems is also another set of
responsibilities of network security administrators.
On average, the salary of network security administrators is 6.7 lakhs per annum. The
average salary ranges from 3.5 lakhs per annum to 10.6 lakhs per annum.

4. Security Consultant:
Security consultants evaluate the existing IT systems and infrastructures for any
weaknesses, and then they develop and implement IT security solutions to prevent any
unauthorized access, data modification, or data loss.
The security consultants analyse and strengthen the security systems. They study the
potential breaches and oversee the company’s preventive mechanism.
On average the salary of the security consultant is 10.9 lakhs per annum. The salary
ranges from 5.4 lakhs per annum to 20.0 lakhs per annum.

5. Penetration Tester:
A penetration tester’s job is to break into the system or find possible exploits in different
computer systems and software. The penetration tester’s primary responsibilities are: to
plan and design penetrative tests, carry out tests and other simulations, create reports
and recommendations, advise management on security improvements, working with
other employees to improve organizational cybersecurity. 
This makes for a good ethical hacking career. They perform testing on computer
systems, applications and even networks. They have tools to examine, assess and
identify the weaknesses in the system. Based on their findings they advise and help in
strengthening the systems. With their efforts, penetration testers are able to protect
digital assets.
On average, the salary of a penetration tester is 7.2 lakhs per annum. The average salary
ranges from 2.0 lakhs per annum to 26.0 lakhs per annum.

17
PROS AND CONS OF A CAREER IN ETHICAL HACKING

Pros

 There’s a huge demand in the market for ethical hackers.


 It is an unconventional career path that can be of high earning potential.
 Helping to prevent cybercrimes.
 Identifying the weaker areas of the IT environment.
 Getting to build a robust IT environment against outer threats.
 There’s a demand for ethical hackers to test Security IT firms’ products and make
them more robust. 

Cons

 Even though the demand is high, the process of selection and hiring is quite
inconsistent.
 The certification and the courses’ completion need to be from a recognized
university/institute or else it would become bothersome for a career in ethical hacking.
 There’s a shortage of research facilities in India.
 It is highly possible that the work may mostly be part-time.
 It is a highly analytical and focused field, where there’s less interaction.
 Many people out there are using ethical hacking for the wrong purposes, which is
leading a lot of companies to not be able to build trust in ethical hacking/hackers.

18
TOP ETHICAL HACKING INSTITUTES IN INDIA

One can start their UG in computer science and go forward with various certifications
and further studies. Some institutes that provide computer science for UG level are:

 Delhi Technological University, Delhi


 IIT, Delhi
 IIT, Bombay
 IIT, Kharagpur
 IIT, Kanpur
 IIT, Roorkee
 IIT, Guwahati
 IIT, Bhubaneswar
 BITS, Pilani
 NIT, Trichy

Specific courses/ certificates on ethical hacking are provided by the following institute:

 Indian School of Ethical Hacking (ISOEH), Kolkata


 EC Council, multiple locations
 Ankit Fadia Certified Ethical Hacker, multiple locations/online
 Institute of Ethical Hacking and Forensics, Odisha
 Arizona Infotech, Pune
 Institute of Information Security, multiple locations
 Quest Institute of Knowledge (QUIK), Mumbai

19
ONLINE COURSE ON CYBERSECURITY & ETHICAL HACKING

upGrad offers an Advanced Certificate Programme in Cyber Security in Specialization in


Cybersecurity. It is an online course that’ll help you master application security, data
secrecy, cryptography, and network security in just 13 months!

Key highlights of the course:


 Placement assurance 
 Online sessions + live lessons
 No cost EMI option
 IIT Bangalore alumni status
 7+ case studies and projects
 6 Programming Languages & Tools
 4 months of executive certification in data science & machine learning, for free
 upGrad 360° Career Support – job fairs, mock interviews, etc.
 Software Career Transition Bootcamp for non-tech & new coders

Topics That are Covered:


Application Security, Data Secrecy, Cryptography, Network Security, and much more.

Who Is This Course For?


IT and Technology Professionals, Project Leads and Managers in IT/Tech Companies,
Tech Support Engineers and Admins.

Job Opportunities:
Cyber Security Expert, Cyber Security Engineer, Software Developer, Cybersecurity
Analyst, Application Security Engineer, Network Security Engineer.

Minimum Eligibility:
Bachelor’s Degree with 50% or equivalent passing marks. It requires no coding
experience.

20
CERTIFICATIONS AND INTERNSHIPS

We have mentioned below various ethical hacker certifications that aspiring individuals
can opt to upgrade their skills for an ethical hacker's role. 

Hacking PostgreSQL: Data Access Certified Internet of Things


Methods Security Professional
Comprehensive Ethical Hacking Certified Network Security
Course – Beginner to Advanced (M) Professional
Certificate in White Hat Hacking Certified Network Security Open
Source Software Developer
Certified Cyber Security Analyst Cyber Security Operations (Cisco)

Internship Availability
Yes, one can find many internship opportunities through online recruitment websites
such as indeed.com, lets intern, and other online platforms. The individuals get hands-on
experience through internships. Most internships are offered by institutes that charge
for the training. Students practically learn the skills required for cybersecurity such as
secure coding, malware analysis, cryptography, password cracking and guessing, DNS
spoofing and other skills.

21
ROLE OF ETHICAL HACKER

A white-hat hacker is known as an ethical hacker. Whereas a black hat hacker is an


unethical or illegal hacker who hacks for his or her malicious intents such as to gain
financial profits from the organization. White hat hackers are professional hackers who
hack network security systems to help the organization and counter such black hat
hackers. There are also grey hat hackers. Grey hat hackers’ intentions are not that
malicious but cause a lot of disturbance. Grey hat ethical hackers in India hack networks
and security systems to have fun. A white-hat hacker is employed by organizations to
verify the vulnerabilities of a system and come up with its counter solutions. A black hat
hacker may steal the information, delete the files causing some serious financial loss to
the organization.

Finding vulnerabilities

An ethical hacker’s job is to scan the systems using various scanning tools such as Nmap
or Nessus to find open ports. They study the vulnerabilities of each port and come up
with remedial solutions. Vulnerability is a weakness that may lead to the security,
credibility or accessibility of an information technology being damaged. Identification of
vulnerability aims at identifying vulnerabilities and analyzing them in a specified
environment inventory.

Examining

Responsibilities of ethical hackers is to examine patch installations. He/she ensures


patch installations are not susceptible to exploitations.  Examining is a technique
employers use to evaluate the hacking process and also the employee's performance.
Generally, the supervisor is capable of determining the employee. A conference is often
scheduled for discussing the installation's review process.

22
Applying social engineering concepts

An ethical hacker uses social engineering concepts such as dumpster diving that
includes scouring through trash bins to crack passwords, sticky notes, charts or any
other thing that contains important information required to generate an attack.

Evading

Responsibilities of ethical hackers is to make attempts to evade security systems such as


IDS or Intrusion detection systems, firewalls, and honeypots. He/she sniff networks,
crack and bypass wireless encryption, hijack web servers and applications.

Malware analysis

Responsibilities of ethical hackers involve analyzing security threats and developing


countermeasures. Malware is software that gives an attacker maximum or restricted
control over the object whenever it reaches the destination server. They could either
harm or manipulate host cell configuration to support an intruder capture or damage
detailed information.  

Network security

An ethical hacker’s job is to strengthen network systems to resist threats and


vulnerabilities. Network security is the practice of capturing physical and cyber
protective actions to safeguard the existing internet infrastructure for illegal disclosure,
violation, breakdown, alteration, destruction or unauthorized access while providing a
stable environment for machines, users and systems to operate.

23
CAREER PATH PROGRESSION FOR ETHICAL HACKER

Information security analyst: An information security analyst aims at securing the


company’s sensitive information and data from any kind of cyber theft or cyber attack. They
make sure that none of the information is stolen or damaged by coming up with solutions that
avoid any sort of compromise in data.

Mobile application security executive: With an increase in mobile internet usage, several
tests are performed for mobile apps. The job of a mobile application security executive is to
work with his or her team and conduct several tests for the applications in order to avoid any
sort of data breach from the user’s cell phone.

Security Consultant: A security consultant checks software, and computer systems as well as
the network used for any kind of vulnerabilities which can cause a data breach. They also plan
and design security solutions for the company or organization they work for in order to avoid
any sort of compromise of the company’s data.

Chief Information Security Officer: A chief information security officer also known as CISO is
at the senior level executive post of the company or the organization. They have a team under
them that aims at protecting the several data assets of the company from any kind of cyber
theft by creating a security strategy.

24
INTERVIEW QUESTION FOR AN ETHICAL HACKER

Recent major cybersecurity breaches have urged organizations to recruit infosec


professionals skilled in ethical hacking. Ethical hacking is not a typical job, as it does not
require a college diploma. All you need is a good understanding of computers, software
and decent hacking skills. Ethical hacking is another term for penetration testing,
commonly referred to as pentesting.
If you’re looking to become an ethical hacker, you’ll need to be prepared to answer some
tough questions in your interview. In this guide, we’ll provide you with some common
questions and answers that will help you stand out from the competition.

Some question for interview are:

 What are the hacking stages? Explain each stage


 What is scanning and what are some examples of the types of scanning used?
 What is footprinting? What are the techniques used for footprinting?
 What are some of the standard tools used by ethical hackers?
 What is Burp Suite? What tools does it contain?
 What is network sniffing?
 What is SQL injection and its types?
 What is cross-site scripting and its different variations?
 How can you avoid or prevent ARP poisoning?
 What is a denial of service (DOS) attack and what are the common forms?

CONCLUSION
25
Ethical hacking can help in lot of ways like it strengthens computer and network security by
performing penetration testing, it enables one to take preventive measures to avoid any
security breach situations. Lastly, I would conclude by saying that the list of benefits provided
by ethical hackers is quite a big therefore Ethical hack Hackers are very much in demand.

UNIVERSITY OF MUMBAI
26
DEPARTMENT OF LIFELONG LEARNING AND EXTENSION
CERTIFICATE

SIGNATURE OF TEACHER

SIGNATURE OF FIELD CO-ORDINATOR

SIGNATURE OF PRINCIPAL OF COLLEGE WITH SEAL

27

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy