Friday, March 14, 2014

The benefits of the Certified Ethical Hacker certification


By 

Certified Ethical Hacker, or CEH, certification is one of the hottest picks for IT security professionals pursuing a career in penetration testing. However, it’s often overlooked as a viable certification option by most information security pros. Although the certification is a must-have for penetration testers, its benefits are not limited only to this small niche of professionals.

The CEH exam is a relatively new credential in the IT certification industry, but its importance and influence have grown quickly. Provided by EC-Council, the CEH exam was the first certification to bring the so-called dark side of IT into the limelight. Before the CEH exam, there was no certification that taught the methods and tools that hackers use to penetrate computer systems. The CEH exam focuses on how hackers find and exploit vulnerabilities. The course includes everything from the tools of the trade to ethics.

What many security professionals do not yet realise is that the benefits of studying for and achieving this certification stretch beyond the field of penetration testing and into everyday network and application security. In addition to meeting the regulatory standards for employment for many top security positions, you can gain a wealth of knowledge that is otherwise not easy to obtain.  Besides your unique, new title, you’ll also get the following benefits, if you decide to get your CEH certification:

Understanding risks and vulnerabilities

The CEH course is made up of the following task and knowledge domains:

Task domains
  • System development and management
  • System analysis and design
  • Security testing
  • Reporting
  • Mitigation
  • Ethics

Knowledge domains
  • Background
  • Analysis/Assessment
  • Security
  • Tools
  • Procedures
  • Policy
  • Ethics

These domains are comprehensive and form a solid foundation for understanding how vulnerabilities affect organisations on a day-to-day basis.

Thinking like a hacker

The CEH course gives “white hat” IT professionals a glimpse into the mindset of a typical hacker. The focus of an IT professional is always on keeping bad guys out and maintaining secure systems. Over time, many IT pros develop a reactionary mindset. Battling with the bad guys will always involve reacting to threats and events as they occur, but it’s far more valuable and powerful to understand how the bad guys think and to be able to anticipate their moves. By learning the hacker mindset, you’ll be able to take a more proactive approach and see beyond current security tools and policies to know where and how an attacker might try to gain access to your network.

Learning how exploits evolve

Besides demonstrating the hacker mindset, the CEH course also provides valuable insight into the entire life cycle of an exploit. For many security professionals, the way exploits evolve to take advantage of vulnerabilities is a mystery. While security pros are trained to prevent and respond to known vulnerabilities, little attention is paid to the life cycle of the exploit itself, from its conception to its destructive use in the real world. The level of insight gained by becoming a CEH allows you to look at exploits and vulnerabilities objectively and to spot potential attack vectors and weaknesses before the hackers do.

Learning about the tools of the trade

Another overlooked benefit of the CEH certification is the amount of knowledge you can get regarding the tools of the hacker trade. While most IT pros have experience with at least some of the tools used by a CEH, they often lack the in-depth knowledge that’s required to use these tools for criminal purposes. Learning how malicious attackers use various tools allows you to better secure your networks, applications, and other assets.

To learn more about Ethical Hacking and its benefits, watch the following video with EC-Council President Jay Bavisi:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, November 27, 2013

Do you keep an eye on work devices?


By 


BYOD (Bring Your Own Device) policies have been stressing out IT managers and company executives, ever since they appeared on the scene. However, a recent survey, conducted in the United Kingdom, reveals that there is something even worse than careless employees using their own devices for work. What do you think it is? It’s careless employees using and losing work devices. Information Age collected the most disturbing numbers from a recent survey of 2,500 UK adults, by Vision Critical and Trend Micro.

The most alarming news to IT managers is that over one quarter (27 per cent) of participants have reported having up to three work devices lost or stolen, while only 11 per cent have ever lost a personal cell phone.

But the so-called “culture of carelessness” goes far beyond "just losing" devices. Although 31 per cent of participants use Wi-Fi hotspots regularly, less than half of them (44 per cent) take the time to check security levels of networks before using them. The same percentage said they are more worried about losing personal content, such as photos, documents or banking details, than sensitive business information. Only 3 per cent were concerned about letting cybercriminals access corporate data.

Rik Ferguson, global VP of security research at Trend Micro said: “The survey shows a worrying attitude of carelessness towards work devices and an ignorance of the full impact of losing data without the correct security measures being put in place.”

“Employees should take the same amount of care with their work device as they do with their personal ones, and be made fully aware of the procedures and risks before a device is given to them.”

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, November 8, 2013

Hacker Halted Europe 2013 Interviews - Part 4 - Eric Svetcov


By 


In October, EC-Council’s Hacker Halted visited Europe for the first time. Firebrand was there at the conference in Reykjavik, Iceland and interviewed industry professionals about the hottest topics of cyber security.

Eric Svetcov is the Chief Security Officer at MedeAnalytics, an industry leader specialising in healthcare performance management solutions. At Hacker Halted Europe, he delivered a keynote speech on Cloud Computing and Critical Infrastructure Protection.

Mr Svetcov spoke about how rapidly the dependence on Cloud Computing solutions is expanding and how it is changing our ways of defending critical infrastructure. He also pointed out that understanding new threats and applying appropriate risk management are essential in order to control and deal with risks within the organisation.

To see what else he talked about and how COBIT and ISO 27001 play a role in risk management, watch this video: 



About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, November 6, 2013

Getting hacked - it could happen to you too


By 


Have you ever wondered about what it’s like to get hacked? Investigative journalist Adam Penenberg has, so he hired a group of ethical hackers to find out how 'hackable' he is. The rules didn't allow the hackers to do anything unlawful, for example breaking into Adam’s house, and they couldn't involve his kids either. However, besides these two conditions, the hackers, led by SpiderLabs founder Nicholas J. Percoco, were allowed to do anything to breach Penenberg’s privacy as much as possible.

“It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.
I’m being hacked — and only have myself to blame.” – extract from Adam L. Penenberg’s article.

Percoco and his team spent several weeks trying to hack Penenberg and despite some difficulties in the early stages, their efforts eventually paid off. They got everything they needed. Within a relatively short time period, Percoco and his crew gained all the information, including passwords, login names, credit card details, etc. that could ruin someone’s life forever.

Twitter account, Facebook profile, Amazon account, online banking details, you name it. The hackers gained access to all of them. They even did a bit of shopping on Amazon and ordered 100 plastic spiders to Penenberg’s house, as a reminder of SpiderLabs.

At the end of the experiment Percoco gave a report to Penenberg, which listed their plans, as well as a log book of their progresses. To see the chilling results, read the full article

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, October 30, 2013

Hacker Halted Europe 2013 Interviews - Part 3 - Winn Schwartau


By 


In October, EC-Council’s Hacker Halted visited Europe for the first time. Firebrand was there at the conference in Reykjavik, Iceland and interviewed industry professionals about the hottest topics of cyber security.

Winn Schwartau, President and Founder of The Security Awareness Company, is one of the globe's most influential people in the IT security industry. Having over 30 years of experience in the industry Mr Schwartau is a renowned writer, speaker and expert in cyber-terrorism, privacy and related topics. At Hacker Halted Europe 2013 he spoke about the highly controversial topic of Bring Your Own Device (BYOD).

In his presentation, entitled “The ABC’s of BYOD”, Mr Schwartau talked about the possible consequences of insufficient mobile security and how poor Mobile Device Management (MDM) might cause serious legal consequences for your company.

Apart from describing the potential threats faced by BYOD supporters, Mr Schwartau also discussed possible ways of improving the security of mobile devices. To see what else he talked about, watch this video:


Have you seen our previous interviews? Watch the ones with EC-Council President Jay Bavisi and Facebook's Director of Security Operations, Jennifer Lesser

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Thursday, October 24, 2013

Scam callers pretend to be Microsoft employees


By 

Scammers and con artists have been around for a long time. Although they might change their means every once in a while, their aim stays the same: getting money out of your pocket.

This particular scam starts as follows: your phone rings and the caller – usually with a strong Asian accent – asks for the householder, quoting their name and address before saying “I am calling from Microsoft’s Windows Service Centre. We’ve had a report from you service provider of virus problems on your computer.” 

After a couple minutes of research you can see that the following scam has been around for years. What’s so interesting about it then? It’s the fact that this time they called Firebrand’s Senior Microsoft Instructor, Mike Brown.

The caller, despite his strong accent, introduced himself as Richard Williams from the USA. He claimed to have an extensive list of viruses that Mike’s computer had. In fact, he proposed to prove it through the phone. He instructed Mike (funny, isn’t it?) to open Event Viewer and filter the application log to see all the error messages that were created by those so-called malicious programs on the computer. “Richard” told Mike that he had nothing to worry about, their tech department could fix this for him in no time but if the problem persisted, the "treatment" would be free. On the other hand, if the solution was successful and Mike was content, he could pay a yearly fee of £112 to stay protected. Then Mike was given a URL address to access and download a file required to use the service.


Once the scammer finished everything he wanted to say, Mike revealed himself. As a response he was transferred to a "senior manager", who began to question his expertise and quickly disconnected the call.

For more information on these calls read the Guardian’s articles - #1 and #2 - or listen to a real conversation in the following video:

 

Please be aware, share this information and don’t fall victim of this trick.

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, October 23, 2013

Hacker Halted Europe 2013 Interviews - Part 2 - Jennifer Lesser


By 


In October, EC-Council’s Hacker Halted visited Europe for the first time. Firebrand was there at the conference in Reykjavik, Iceland and interviewed industry professionals about the hottest topics of cyber security.

In this video Jennifer Lesser, Facebook’s Director of Security Operations speaks about her presentation on “Winning the Security Awareness Game”.

Ms Lesser talked about how Facebook turned its internal security awareness campaign into a game engaging everyone in the organization. She explained that Facebook wanted to create a program that fit into its organisational culture. So they created “Hacktober”, a month-long program, when employees are encouraged to hack and protect themselves from getting hacked.

During “Hacktober” Facebook simulates a series of attacks on its own network, these include malicious emails, breaching the company’s physical perimeter, phishing and more. This sort of self-testing is becoming more and more common among companies and provides an excellent challenge to Certified Ethical Hackers. To find out more about how Facebook turned security awareness into a company-wide game, watch the full interview. 



Click here to watch the first Hacker Halted Europe interview with EC-Council President, Jay Bavisi.

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.