Ethical hacking certification offered by McAfee

A division of McAfee is teaching IT professionals how to think like hackers and attack their own networks in a new course that lets network managers earn a popular certification for ethical hacking.

McAfee’s Foundstone Professional Services is responding to a market need by offering the Certified Ethical Hacking course, says Bill Hau, the head of Foundstone, noting that clients have been asking McAfee to provide this certification.

The course is intensive, lasting five days from 8:30 a.m. to 7:00 p.m., with an exam on the sixth day. IT pros learn the basics on how to hack into a system in a hands-on lab environment.

“If you want to know how to protect networks, you have to be able to think like a hacker, think outside the box. What do hackers think about when they try to break into a system,” Hau says.

The course started this year and teaches students how perimeter defenses work, how intruders scan networks and escalate privileges, and what steps can be taken to secure a network. Social engineering, DDoS attacks, buffer overflows, virus creation and intrusion detection are among the covered topics.

Foundstone’s course is based on standards and guidelines from the International Council of Electronic Commerce Consultants’ (EC-Council), which created the Certified Ethical Hacker exam certification.

Ethical hackers are similar to penetration testers, and commonly have jobs within large organizations where they are trusted to uncover weaknesses by penetrating internal networks and computer systems using the same methods as a hacker, according to the EC-Council.

“Hacking is a felony in the United States and most other countries,” the Council states. “When it is done by request and under a contract between an Ethical Hacker and an organization, it is legal.”

Thousands of IT pros have earned the ethical hacking certification over the years, including employees of large organizations like Cisco, Novell, HP, Microsoft, SAP, IBM, the FBI and the U.S. Department of Defense. The certification is intended for security officers, auditors, security professionals, and site administrators. Courses have been offered by numerous companies, including the InfoSec Institute and New Horizons. 

About half the people who take the course already have a good handle on the material, but need the certification, Hau says. The other half are learning entirely new skills, he says.