InfoSecurity

January 11, 2007
Need data security? Think like a hacker!

NEW DELHI -- There has been exponential rise in hacking incidents and IT security threats over the last few years. Cyber-crimes including cyber-terrorism and cyber extortion are increasing at a massive rate every minute. The attack strategies have become so sophisticated that it's is now possible to hack into, make changes and delete all traces without the knowledge of the owner.

Manipal Education Group and Appin Knowledge Solutions, affiliated to Appin Group of Companies, have recently announced a tie-up to launch Manipal Appin Security Expert (MASE) certification course. The course opens a gamut of opportunities for students who are keen to enter the IT security industry.

Appin Knowledge Solutions is a bridge between industry and academia and aims to fill the gap that exists between traditional college education and industry requirements. The company expects that nearly 1,88,000 would offer placement has conducted over 1000 workshops and seminars internationally and offers custom consulting services, training program, seminars, publications and products, mentorship cell for college students and corporate recruitment services.

Convergence Plus met Rajat Khare, co-founder and director, technology, Appin Knowledge Solutions, to explore the idea behind such courses, and the job prospects. Excerpts.

Convergence Plus: Is it possible to secure our desktops completely from hackers?

Rajat Khare: It is possible to secure your computer to a high extent. But there is nothing like 100 percent security. Hence if an Internet or e-mail hack occurs, you must know how to respond and what to do and what not to do

CP: How can MASE-certified professionals ethically hack desktop, LAN?

RK: MASE-certified professionals are information security professionals. They are taught ethical hacking to secure desktops and LAN. When they are hacking ‘ethically’ they use strategies, tools and programs to penetrate into PCs and LANs. These professionals also use techniques to first evaluate the system, calculate the loopholes and then device effective techniques to engineer the problem.

CP: What is the psychology to implement security? How can we develop one?

RK: You implement security thinking like a hacker. If you don't know the mind of the person you are securing yourself from, your security measures will be lame. It can be developed by security professionals and ethical hackers or by consulting an expert company in this.

CP: What are the vulnerabilities in a system? How useful is it to create a security policy for the organisation?

RK: Vulnerabilities exist at all levels. Your operating system has vulnerabilities, your network has vulnerabilities, the Internet has vulnerabilities, and security architecture has vulnerabilities. The reason is that every system is created by a human mind and hence cannot be perfect. However, the known vulnerabilities should be regularly removed and hence security is a process. It is a must for an organisation to create a security policy because without that the organisations may be destroyed, may incur monetary losses and loose control in flow of information.

CP: What are the latest developments in forensics and other techniques for catching cyber criminals?

RK: There are many developments in computer forensics, which includes a lot of hardware and software tools. Cyber crime has been on increase and so have been methods to catch criminals. New and sophisticated tools have come to locate, track a cyber criminal though a lot has to be done in this area. There are tools to recover sensitive data, decoding, emails tracking etc. Social engineering and log analysis are other widely used techniques in this area.

CP: What are the latest threats in the world of hacking?

RK: Cyber terrorism, hacking banking information, credit card transactions, website hacking, trojans and spywares are latest threats. However the latest threats for common person includes virus transfers while accessing websites, stealing corporate information by intrusion into their servers using social engineering techniques. There is a famous virus that getting transferred into yahoo messenger which sends message along with the virus to your address book.

CP: What are the latest techniques and practices in the security industry?

RK: Latest techniques and practices include regular auditing, penetration testing, specialised security consulting, security policies, and development of special security software for one's organisation. Employing ethical hackers and security professionals has also become a regular part of the industry.