What many people don’t know is that there are hackers who use their skills to protect computers rather than compromise them. These people are typically known as ethical hackers. It’s a rich and rewarding career path for people who enjoy testing the limits of computer systems. But while rewarding, the path to becoming an ethical hacker isn’t always clear. So, how long does it take to become an ethical hacker?
How Long Does It Take to Become an Ethical Hacker?
If you don’t already have experience with coding, cybersecurity, and networking, you will want to start with basic information technology fundamentals. Classes are offered at vocational schools in information technology with an emphasis in cybersecurity. At Florida Technical College, this bachelor program can be completed in 36 months.
White and Black Hat Hackers
You might have heard the term white hat and black hat before. Black hats, or black hat hackers, are what most people think of when the term hacker comes to mind. A black hat hacker is a criminal with a talent for computer hacking. They’re hacking for personal gain. They might be trying to get into a company’s computers to steal money, sensitive information, or intellectual property. A black hat hacker might even be out for revenge, but whatever the motivation might be, they’re breaking the law.
White hats have a similar talent and skill set. However, they work on the right side of the law. White hat hackers try to break into the computer networks of companies. Their motivation is very different from a black hat’s. A white hat hacker breaks into systems with the permission of its owners. Basically, it’s a way of finding security flaws. A white hat, or ethical hacker, will document the security issues they leverage while gaining access to a computer system. These reports can then be used by the company to remove vulnerable entry points and generally harden the security.
A Hacker by Any Other Name
At this point it might seem like the hacker monikers are straightforward. Black hat hackers or unethical hackers, use their skills for criminal activities. White hat hackers or ethical hackers, use their skills legally to thwart black hat hackers. But this is only the tip of the iceberg. Over the years hackers have created a wide variety of different names for themselves. There are far too many titles to fully examine. However, it’s still a good idea for a potential white hat hackers to know about some of the more common elements within the larger subculture.
Green hat hackers – among the lowest tier of hackers. They’re people who know just enough to get into trouble. They might know how to get into a system, but they don’t know how to cover their tracks. Likewise, they’ll often be able to secure a system well enough to prevent blatant hacking, but their hardening methods are usually superficial.
Script kiddies – as the name suggests a script kiddie is usually a younger hacker who relies on pre-written scripts. Script kiddies will find, buy, or otherwise acquire complex scripts or programs. They know enough to execute that code but couldn’t write it on their own.
Script kiddies can be the easiest type of hacker to protect a system against. This is because script kiddies rely on well-known scripts and can’t modify them enough to pose a unique threat. You can generally protect against these hackers by understanding the most popular and well-established threats. Of course, this leads to an important point. How, exactly, do ethical hackers operate? What do they do as part of their job?
What Does an Ethical Hacker Do?
One of the most exciting things about being a hacker is the unpredictability. In a lot of ways there isn’t an average day for a hacker. Asking how to protect a system against unethical hackers is a little like asking how to protect a home against burglars. In the end, there’s really no one size fits all solution to safeguard a home. Some homes will work best with high-tech security systems. Other homes need special attention to windows or cellar entrances. Some homes have heavy foot traffic and others can be locked down for most of the year. This is similar to how ethical hackers deal with computer systems.
Different networks have different security needs. Likewise, the architecture of a system will make it vulnerable to specific threats. For example, a Windows server is at high risk for exploits that run standard executables. This is because of a shared architecture between the servers and desktop computers. While a Unix server can be a better safeguarded in that respect due to architectural differences. Despite different situations, you’ll find that a few activities are common among ethical hackers. These shared activities are largely centered around an unethical hacker attempts to hack their way into a system.
Network Penetration
One of the most common activities for ethical hackers is known as network penetration. Network penetration is what most people think of when they hear about a hacking attempt. You’ve probably seen movies where hackers rapidly type out complex instructions to get access to an online system. Obviously, Hollywood takes some artistic liberties with the exact methodology used for hacking attempts, but this does give a general idea of what network penetration testing is like.
Penetration testing, also known as pen testing, is an attempt to penetrate a system’s security to document security flaws for a company. For network penetration testing an ethical hacker tries to get through the defenses of a system’s networking security. When they are successful, the ethical hacker can gain remote access to a company’s computer network. This is an ideal method of hacking for criminals. Network penetration gives hackers the ability to break into a system without ever coming close to the physical location.
Remote access is one of the reasons why ethical hackers put so much work into network penetration testing. The other reason is that networks provide a wide range of vulnerabilities. Networks are both one of the most important and most vulnerable assets for a company.
However, not all network attacks come from a remote source. Internal networks are much more secure than external networks that can be accessed by the general public. That doesn’t mean it’s impossible to break into an internal network, but they are compromised from within the company by people with access to on-site hardware. Ethical hackers need to consider this when hardening security. Properly secured networks are protected against threats from both interior and exterior sources.
Web App Penetration Testing
Web apps offer a unique twist to network penetration, and ethical hackers spend a lot of time looking into their security. Penetrating security means getting access to the secured areas of a system. Conversely, by definition, most web apps that work with personal data have access to those sectors. If a web app can be compromised, then the system as a whole is vulnerable. The problem is further compounded because web apps need to decouple aspects of its functionality.
Aspects of a web app will work on a client web browser, while other parts of the program sit on a company’s server, and these elements need to constantly communicate with one another. A hacker can get access to an otherwise secure system by eavesdropping on the conversation held between two parties using the web app. As web apps became more common the importance of web app penetration testing will increase as well.
Testing In-Person Security
In-person security breaches are similar to internal network attacks. However, they’re generally a broad form of attack and they are harder to guard against. Ethical hackers try to test in-person systems by exploiting physical connections. For example, they may bring in code on an external drive to run on a company’s computers.
However, in-person security also includes issues the general public wouldn’t even consider to be hacking. One of the classic methods of breaking in-person security is by walking around cubicles looking for handwritten passwords. Even talking to employees about their life can be seen as a security risk. For example, a lot of people use information about their family as an easy-to-remember password, but hackers can get that information by just asking them about a picture in their cubicle. An ethical hacker will go on-site to see how alert employees are to these threats.
What Attacks Do Ethical Hackers Guard Against?
You’ve seen some of the methodology used to attack systems, but what sort of tools are used to put those plans into motion? There’s a many attack vectors that ethical hackers need to use and protect against. The following are the most common:
SQL Injection
When hackers look for vulnerabilities in web app, they’re trying to get access to a server’s database. This is done through SQL queries. A web app uses a web API to communicate with the database. So, an action in a web app is translated to HTML/JavaScript. The code will then turn into SQL code to run on the remote server. SQL code is a command that databases execute. In the case of web apps, it returns information related to the user’s choices, but this can theoretically do anything related to the database. For example, it could send out financial data if that’s stored in the same database or show a list of passwords to the secure system. SQL injection uses any possible vulnerability to run unintended SQL code on a remote server.
Phishing
Phishing is based on the concept of fishing for information during a conversation. Phishing attempts use social engineering principles as an attack vector against a computer system. Consider how often people take work emails at face value. What if someone managed to spoof email from within a company to ask for private information? Most employees wouldn’t hesitate to send private company information within internal systems, but phishing attempts can easily spoof those trusted relationships to get at private information.
DDoS Attack
A denial-of-service attack (DDoS) is one of the most common cybersecurity threats. It’s also among the easiest for hackers to use. It overloads servers by repeatedly making requests from compromised computers. Eventually, a server is overloaded by the attack and will malfunction in some way. This may result in a website or network crashing.
DDoS attacks are both a hacking technique and the end result of hacking. Hackers infect systems with malicious software to gain partial control of the system. When they decide the time is right, they can leverage those compromised machines to make a DDoS attack.
Final Thoughts
Ultimately, you can become a professional ethical hacker in a fairly short amount of time. All it takes is passion and a desire to learn. It’s simply a matter of mastering the content from the IT program at Florida Technical College.
Information Technology Degree Program
The Bachelor Degree program in Information Technology with emphasis in Cybersecurity introduces you to a variety of topics, such as assessing the security vulnerability of computer and network systems, various computer and network safeguarding solutions, and managing the implementation and maintenance of security devices, systems, procedures and counter measures. As a graduate of the program, you will be prepared for a career as a developer of security design, information assurance, computer forensic investigator, ethical hacker,and/or any digital security related jobs.
Ready to move from the classroom to a career? Florida Technical College is here to help. Contact us to learn more about completing the information technology degree program at Florida Technical College.
