Senior Writer Jon Brodkin discusses IT career and education trends and issues.
A division of McAfee is teaching IT professionals how to think like hackers and attack their own networks in a new course that lets network managers earn a popular certification for ethical hacking.
McAfee’s Foundstone Professional Services is responding to a market need by offering the Certified Ethical Hacking course, says Bill Hau, the head of Foundstone, noting that clients have been asking McAfee to provide this certification.
The course is intensive, lasting five days from 8:30 a.m. to 7:00 p.m., with an exam on the sixth day. IT pros learn the basics on how to hack into a system in a hands-on lab environment.
“If you want to know how to protect networks, you have to be able to think like a hacker, think outside the box. What do hackers think about when they try to break into a system,” Hau says.
The course started this year and teaches students how perimeter defenses work, how intruders scan networks and escalate privileges, and what steps can be taken to secure a network. Social engineering, DDoS attacks, buffer overflows, virus creation and intrusion detection are among the covered topics.
Foundstone’s course is based on standards and guidelines from the International Council of Electronic Commerce Consultants’
(EC-Council), which created the Certified Ethical Hacker exam certification.
Ethical hackers are similar to penetration testers, and commonly have jobs within large organizations where they are trusted
to uncover weaknesses by penetrating internal networks and computer systems using the same methods as a hacker, according
to the EC-Council.
“Hacking is a felony in the United States and most other countries,” the Council states. “When it is done by request and under a contract between an Ethical Hacker and an organization, it is legal.”
Thousands of IT pros have earned the ethical hacking certification over the years, including employees of large organizations like Cisco, Novell, HP, Microsoft, SAP, IBM, the FBI and the U.S. Department of Defense. The certification is intended for security officers, auditors, security professionals, and site administrators. Courses have been offered by numerous companies, including the InfoSec Institute and New Horizons.
About half the people who take the course already have a good handle on the material, but need the certification, Hau says. The other half are learning entirely new skills, he says.
Jon Brodkin is senior writer at Network World.
Partner Content
NetScout and analyst Jim Metzler have teamed to deliver a series of IT Briefs on Network and Application Performance Management leveraging research from NetScout's nGenius & Sniffer users.
www.netscout.com
Metzler on Service Delivery Management
Delivering IT business value by evolving our thinking from managing application performance to focusing on services.
Learn More
2009 Handbook of Application Delivery
Successful IT organizations must know how to make the right application delivery decisions in these tough economic times.
Download the Handbook
Metzler on the Modern IP Network
Discusses the growing emphasis on network management and the need to implement a holistic view of the end-to-end experience of the user.
Read the Brief