IT pros learn to beat hackers at their own game
By Linda Rosencrance
BOSTON, Massachusetts (IDG) -- Corporate security and IT professionals got a chance last week to think like hackers so they could learn how to better prevent unauthorized users from gaining access to their networks.
More than a dozen computer specialists from across the country took part in an intensive five-day "boot camp" offered by New York-based Ernst & Young LLP on the defense of enterprise networks. They paid $5,000 apiece for the training here.
Though not always an enterprise's top priority, network security has quickly moved into the spotlight since the September 11 terrorist attacks and the discovery of the "Nimda" and "Code Red" worms last year.
Dubbed "Extreme Hacking: Defending Your Site," the 4-year-old class originally began as a training course for Ernst & Young employees, focusing on network and system security for Windows NT and Unix systems.
Ron Dongoski, a partner in Ernst & Young's security and technology solutions practice in New England, said many of the company's clients already use outside consultants or security experts to do site assessments of their systems on a quarterly basis to determine if there are any vulnerabilities.
But now those companies want their own employees to take corporate security to another level by performing more frequent site assessments. That, Dongoski said, is why they send workers to take the hacking course.
During the 45-hour class, Ernst & Young security professionals take students step-by-step through all the ways hackers try to subvert mission-critical servers and network configurations.
Using dual-bootable NT/Linux laptops and an accompanying network setup for practicing subversive attacks, attendees were taught a new bag of tools and tricks to help them understand how hackers identify IP addresses, collect information about the systems they want to compromise and exploit weaknesses without being noticed.
Students spent half their course time conducting hands-on exercises using the techniques they learned from lectures to compromise three self-contained Windows NT boxes.
Among the attendees at last week's class was Jason Buckley, security officer for corporate IT security at Boston-based CCBN Inc., which builds, manages and hosts the investor relations sections of Web sites for more than 2,500 public companies.
Buckley, who successfully compromised all three machines, said one of the reasons he signed up for the course was to get fresh ideas and better understand what he's up against.
"We wanted to take our security to the next level," he said. "Although we do penetration testing and third-party auditing [of our network], I wanted to look at our site from the outside and try to penetrate it."
Buckley said the class also taught him what to do to defend against an attack.
"This class was invaluable," he said.
RELATED IDG.net STORIES:
Corporates sign up for computer forensics training
Vendor bets $100,000 that its new Web server is impenetrable
Security holes closed in New York Times intranet after hacker intrusion
Hacker forces security audit at Morningstar Canada
Slow economy spurs quick degrees
Training IT's top leaders
The top techno-MBA programs
Security group: Humans are weakest link
Ernst & Young
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top|