Why Must BPO Companies hire “Ethical Hackers”

BPO Organizations must secure their IT infrastructure and networks. Just as corporations employ auditors to routinely examine financial records, so should BPO Service Providers audit security policy. Last month a senior professional in the industry raised the issue of data security within BPO & Banks. Just as accountants perform bookkeeping audits, ethical hackers perform security audits. Without security audits and compliance controls, no real security exists. This is a big problem. There are plenty of individuals waiting to test and probe your organization’s security stance. These individuals range from government and corporate spies, to hackers, crackers, script kiddies, or those who write and release malicious code into the wild. Their presence in your network in not a good thing!

Who Are Ethical Hackers?

An ethical hacker is most similar to a penetration tester. The ethical hacker is an individual who is employed or contracted to undertake an attempted penetration test. These individuals use the same methods employed by hackers. In case you were unsure; hacking is a felony in the United States.(hence we in India also should be prepared for this) Ethical hackers have written authorization to probe a network. Only then is this attempted hack legal, as there is a contract between the ethical hacker and the organization. In 1995, long before today’s more stringent guidelines, one individual received 3 felony counts, 5 years probation, 480 hours of community service, and a $68,000 legal bill for failing to insure proper authorization. Don’t let this happen to you!

How is Ethical Hacking Performed?

Primarily, ethical hackers are employed in groups to perform penetration tests. These groups are commonly referred to as “Red Teams.” These individuals are being paid by the organization to poke, prod, and determine the overall level of security. Again, what is important here is that they have been given written permission to perform this test and have detailed boundaries to work within. Don’t be lulled into believing that the penalties for illegal penetration are low, it is a felony!

What is on the Test?

The Certified Ethical Hacker exam consists of 21 domains covered in 50 questions. It has a two-hour time limit. These questions are multiple choice. During the test, you are allowed to mark questions if you’re not sure of an answer and return for later review. The format of the questions is choose one or choose all that apply. The domains were compiled to evaluate the full range of security testing. One must also demonstrate how hacker tools work and demonstrate knowledge of professional security tools, as well as how these tools are utilized. The 21 domains are as follows:

  1. Ethics and Legal Issues
  2. Footprinting
  3. Scanning
  4. Enumeration
  5. System Hacking
  6. Trojans and Backdoors
  7. Sniffers
  8. Denial of Service
  9. Social Engineering
  10. Session Hijacking
  11. Hacking Web Servers
  12. Web Application Vulnerabilities
  13. Web Based Password Cracking Techniques
  14. SQL Injection
  15. Hacking Wireless Networks
  16. Virus and Worms
  17. Hacking Novell
  18. Hacking Linux
  19. IDS, Firewalls, and Honeypots
  20. Buffer Overflows
  21. Cryptography

These domains comprise a full of ethical hacking knowledge. It’s good that the exams first domain is centered on ethics and legal issues. This is an important domain. Always make sure you have written consent to perform any type of penetration test or security audit. ITESGrads is offering Mile2 Certification Training through Axiom Technologies Hyderabad, for further details contact amit@itesgrads.org

Amit Nayak
Mentor
ITESGrads India

May 2004




Latest Columns

Procurement Outsourcing

Procurement Outsourcing – An Introduction Procurement outsourcing is the transfer of specified key procurement activities relating to sourcing and supplier management to a third party, aiming to reduce overall costs and enabling the company’s focus on its core competencies. The most popular outsourced are vendor management of procurement categorization, indirect materials and services. Procurement Outsourcing […]

New Trends in Outsourcing Drive Growth in the BPO Sector

Latest trends evolving in the BPO sector have largely driven the growth of this industry. The new trends in outsourcing such as global delivery of services and regionalization of operations have revitalized the industry. Furthermore, healthcare outsourcing has emerged as a potential goldmine for BPO companies. This is mainly due to the immense number of […]

Speak Your Mind

*