Tag Archives: Importance

The Importance of Getting a Checkpoint Engineer to Secure Company Network

Posted on by
Reply

You can strengthen and enhance your company’s internal and perimeter network security by getting the services of a certified Checkpoint engineer. Security vulnerabilities of private and public networks are real concerns that should be addressed decisively.

Without a Checkpoint engineer that could arrest vulnerabilities, your company could face serious network losses. The database and sensitive information stored on your company’s server can also be exposed to hacking. By hiring a Checkpoint engineer, loopholes in your VPN, private networks, and security gateways, could be prevented effectively.

The Benefits of Getting a Certified Checkpoint Engineer

A Checkpoint engineer will be able to implement solutions and manage your company’s network security against hundreds of dynamic application level attacks. A Checkpoint engineer has the expertise in the following checkpoint technologies:

VPN-1 VE
Firewall / VPN
Unified Threat Management
Remote Access
Intrusion Detection & Prevention
Endpoint Security

A Checkpoint Engineer Can Safeguard Your Gateway

A Checkpoint engineer would be able to plug your network against intrusions by implementing perimeter gateway security solutions such as IPS-1 and SmartDefense. Check Point intrusion prevention solutions provide precise, real-time attack mitigation, granular forensic analysis and flexible deployment options. Check Point intrusion prevention solutions are delivered as dedicated IPS appliances or software, and as intrusion prevention that is integrated into Check Point security gateways.
Intrusive traffic will try to merge with legitimate traffic by hiding behind spoofing methods that can bypass network passwords and security checkpoint. A Checkpoint engineer can secure the network gateway against such traffic thus preventing intrusion at the point of entry by using SmartDefense. This maintains the most current preemptive security for the Check Point security infrastructure. To help defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide ongoing and real-time updates and configuration advice for defenses and security policies found in SmartDefense.

Firewalling Against Denial of Service Attacks

Another important function of a Checkpoint engineer is to establish a firewall solution that will prevent denial of service attacks.

Denial of service is a serious problem that could crash your network resulting to extended outages and network downtimes. Your clients and legitimate users will not be able to access the network if it is experiencing denial of service attacks.

A Checkpoint engineer can deploy a proactive double firewalling solution that screens unidentified data signatures even before it reaches your network gateway. In this way, your network will not experience downtimes caused by such attacks.

Hire a Checkpoint Engineer to Prevent Phishing Operations

Probably the most compelling reason why you need to get a Checkpoint engineer is to prevent information theft. Hackers are always on the look out for vulnerable networks to phish for usernames and passwords. Phishing these information and data would enable hackers to mine your server of important personal records such as credit card numbers, customer list, and trade secrets. ZoneAlarm ForceField is the first virtualized, on-demand browser security solution to enable consumers to bank and shop online, or surf dangerous areas of the Internet without fear or limitation. Built from the ground-up specifically to fight the emerging classes of browser-based Web threats, ForceField also erases all personal information after a Web browsing session to further protect consumer privacy online. Features include browser virtualization, powerful anti-phishing technology, ZoneAlarm’s Spy Site Blocker (also found in the award-winning ZoneAlarm Internet Security Suite) and additional dangerous download defenses.

Without a Checkpoint engineer that will implement multiple protocol security nets within you network, the company’s servers and client applications would become easy targets for Phishing operations. Your company’s reputation will suffer and you can lose customers if your network will not get proper security attention from a certified Checkpoint engineer.

Where to Find a Reliable Checkpoint Engineer?

You can simply post a wanted ad if you want a Checkpoint engineer for your company. However, this is tedious and you have no guarantee that applicants really have enough experience to implement complicated security solutions.

To make your life easier, you can check some of the best online security consultants and B2B security websites. These companies can offer superior network security services. They usually have an onboard certified Checkpoint engineer and experts that can help your network ward off malicious attacks.

Bsecure is a Sydney based Network Security Services company that provides affordable assessment, consultation, design and implementation services in all areas of network and information security.

Importance of Network Monitoring

Posted on by
Reply

While importance of intrusion detection from network traffic from an outside source is very important, there is also a need for network monitoring for companies within their private corporate networks. Network monitoring software can send alerts when the network goes down or becomes unavailable from hardware failure. The software can send alerts to key personnel administrators to their pager, email, or cell phone.

Good network monitoring software continues to send status messages and traffic to efficiently keep track of any outages on the network. Network monitoring watches hardware such as router or network servers for responses. Depending on the software, it can send response requests every minute up to every hour. It can also detect outages in certain software such as web server or email applications. The software can send an HTTP request to monitor a web server, or it can send an SMTP message to an email server. If there is no reply from the respective software or server, the network monitoring software interprets it as an outage and promptly alerts a network administrator.

The importance of up time for a network has increased with the reliance on technology and work computers. Even a small business can lose thousands of revenue dollars by the hour as their network stays down. This increase of lost revenue gives value to a good network monitoring software. Even after hours, network monitoring software can make sure your network administrator staff is quickly alerted so that solutions can be expedited to lower lost revenue during unexpected down time.

Network monitoring can also give vital statistics to businesses to evaluate down time. The statistics can help network administrators analyze issues on the network to better prepare for future outages. Other statistics can give a percentage of up time versus down time to evaluate profit and loss for businesses that rely heavily on network availability.

Whether you have a small business or a large corporate LAN, your network up time can improve immensely from a strategically implemented network monitoring software. Woodstone’s Server Alive network monitoring software can help keep your network monitored. Their software has extensive monitoring, a flexible alerting engine, and precise smart output for further analysis. Its output give high quality, fully complete graphs that can be used in web pages and future reports. With flexible monitoring with Woodstone’s Server Alive, your network will surely have better up time to save you money.

For more information, visit http://www.woodstone.nu.

The Importance of Network in Regular Database Management System

Posted on by
Reply

The network is the most pertinent exposure relevant to the client-server in configuring level of the computer where the users are being able to feel appropriateness in the sense that in someplace on the network, the services they necessitate are obtainable and are accessible based on a criteria and right of access, without regard to the technologies involved. When ready to move beyond personal productivity stand-alone applications and into client-server applications, organizations must address the issues of connectivity. Initially, optimum users realize their needs to access a printer that is not physically linked to their client workstation. It is experiential that sharing data files among non-networked individuals in the same place of work can be handled by hand-carrying diskettes, but printing is more self-conscious. The first LANs installed are usually basic networking services to support this printer-sharing requirement. Now a printer anywhere in the local area can be authorized for shared use. The physical medium to accomplish this connection is the LAN cabling. Each workstation is connected to a cable that routes the transmission either directly to the next workstation on the LAN or to a hub point that routes the transmission to the appropriate destination. There are two primary LAN topologies that use Ethernet and Token Ring.

Ethernet and Token Ring are put into practice on well-defined Institute of Electrical and Electronic Engineers (IEEE) industry principles. These principles recognize the product requirement detail and afford a pledge to a fixed capacity. This standardization has encouraged hundreds of vendors to develop competitive products and in turn has caused the functionality, performance, and cost of these LAN connectivity products to improve spectacularly over the last five years. Older LAN installations that use substandard topologies will eventually require replacement. There is a basic functional difference in the way Ethernet and Token Ring topologies placed data on the cable. With the Ethernet protocol, the processor attempts to unload data onto the cable whenever it requires service. Workstations vie for the bandwidth with these attempts, and the Ethernet protocol includes the appropriate logic to resolve collisions when they occur. On the other hand, with the Token Ring protocol, the processor only attempts to put data onto the cable when there is capacity on the cable to accept the transmission. Workstations pass along a token that one after the other gives each workstation the right to put data on the network.

Up-to-the-minute expansions in the capabilities of intelligent hubs have changed the way we design LANs. Hubs owe their accomplishment to the effectiveness and healthiness of the 10BaseT protocol, which facilitate the achievement of Ethernet in a star fashion over Unshielded Twisted Pair wiring. Now commonly used, hubs provide integrated support for the different standard topologies such as Ethernet, Token Ring, and Fiber over different types of cabling. By repeating or amplifying signals where necessary, they enable the use of high quality UTP cabling in virtually every situation. Hubs have evolved to provide tremendous flexibility for the design of the physical LAN topologies in large office buildings or plants. Various design strategies are now available. They are also an effective vehicle to put management intelligence throughout the LANs in a corporation, allowing control and monitoring capabilities from a network management center. Newer token-passing protocols, such as Fiber Distributed Data Interface (FDDI) and Copper Distributed Data Interface, will increase in use as higher performances LANs are required. CDDI can be implemented on the same LAN cable as Ethernet and Token Ring if the original selection and installation are done carefully according to industry recommendations. FDDI usually appears first as the LAN-to-LAN Bridge between floors in large buildings. Wireless LANs offer an substitute to wiring. Instead of cabling, these LANs use the airwaves as the communications medium. Motorola provides a system—Altair—that supports standard Ethernet transmission protocols and cards. The Motorola accomplishment cables workstations together into micro cells using standard Ethernet cabling. These micro cells communicate over the airwaves to similarly configured servers. road and rail network on this frequency do not pass through outside walls, so there is little problem with interference from other users. Wireless LANs are attractive when the cost of installing cabling is high. Costs tend to be high for cabling in old buildings, in temporary installations, or where workstations move frequently. NCR affords another implementation of wireless LAN technology using publicly accessible frequencies in the 902-MHz to 928-MHz band. NCR provides proprietary cards to provide the communications protocol. This supports lower-speed communications that are subject to some interference, because so many other devices, such as remote control electronic controllers and antitheft devices use this same frequency.

It is now a well-accepted fact that LANs are the preferred vehicle to provide overall connectivity to all local and distant servers. WAN connectivity should be provided through the interconnection of the LANs. Router and bridges are devices that perform that task. Routers are the preferred technology for complex network topologies, generating efficient routing of data packets between two systems by locating and using the optimal path. They also limit the amount of traffic on the WAN by efficiently filtering and by providing support for multiple protocols across the single network. WAN bandwidth for data communications is a critical issue. In terminal-to-host networks, traffic generated by applications could be modeled, and the network would then be sized accordingly, allowing for effective use of the bandwidth. With LAN interconnections, and applications that enable users to transfer large files (such as through e-mail attachments) and images, this modeling is much harder to perform. WAN services that have recently emerged, such as Frame Relay, SMDS (Switched Multimegabit Data Service), and imminent ATM (Asynchronous Transfer Mode) services, enable the suitable flexibility inherently required for these applications. Frame Relay uses efficient statistical multiplexing to provide shared network resources to users. Each access line is shared by traffic ordained for multiple locations. The access line speed is typically sized much higher than the average throughput each user is paying for. This enables peak transmissions (such as when a user transmits a large file) that are much faster because they use all available bandwidth. SMDS is a high-speed service that uses cell relay technology, which enables data, voice, and video to share the same network fabric. accessible from preferred RBOCs as a wide-area service, it supports high speeds well over 1.5 Mbps. ATM is an up-and-coming standard and set of communication technologies that span both the LAN and the WAN to create a seamless network. It provides the appropriate capabilities to support all types of voice, data, and video traffic. Its speed is defined to be 155 Mbps, with variations and technologies that may enable it to run on lower speed circuits when economically appropriate. It will operate both as a LAN and a WAN technology, providing full and transparent integration of both environments. ATM will be the most significant connectivity technology after 1995. ATM provides the set of services and capabilities that will truly enable the “computing anywhere” concept, in which the physical location of systems and data is made irrelevant to the user. It also provides the network managers with the required flexibility to respond promptly to business change and new applications. Interoperability between distributed systems is not guaranteed by just providing network-based connectivity. Systems need to agree on the end-to-end handshakes that take place while exchanging data, on session management to set up and break conversations, and on resource access strategies. Network Management is an integral part of every network. The Simple Network Management Protocol (SNMP) is a well-accepted standard used to manage LANs and WANs through the management capabilities of hubs, routers, and bridges. It can be extended to provide basic monitoring performance measurements of servers and workstations. Full systems management needs much more functionality than SNMP can offer. The OSI management protocol, the Common Management Information Protocol (CMIP), which has the flexibility and capability to fully support such management requirements, will likely compete with an improved version of SNMP, SNMP V2. The existence of heterogeneous LAN environments in large organizations makes interoperability a practical reality. Organizations need and expect to view their various workgroup LANs as an integrated corporate-wide network. Citicorp, for example, is working to integrate its 100 independent networks into a single global net.1 The OSI model provides the framework definition for developers attempting to create interoperable products.2 Because many products are not yet OSI-compliant, there often is no direct correspondence between the OSI model and reality. The OSI model defines seven protocol layers and specifies that each layer be insulated from the other by a well-defined interface.

In view of the above it is evident that the physical layer is the lowest level of the OSI model and defines the physical and electrical characteristics of the connections that make up the network. It includes such things as interface specifications as well as detailed specifications for the use of twisted-pair, fiber-optic, and coaxial cables. Standards of interest at this layer for client/server applications are IEEE 802.3 (Ethernet), and IEEE 802.5 (Token Ring) that define the requirements for the network interface card (NIC) and the software requirements for the media access control (MAC) layer. Other standards here include the serial interfaces EIA232 and X.21. The data link layer defines the basic packets of data expected to enter or leave the physical network. Bit patterns, encoding methods, and tokens are known to this layer. The data link layer detects errors and corrects them by requesting retransmission of corrupted packets or messages. This layer is actually divided into two sub layers: the media access control (MAC) and the logical link control (LLC). The MAC sub layer has network access responsibility for token passing, collision sensing, and network control. The LLC sub layer operates above the MAC and sends and receives data packets and messages. Ethernet, Token Ring, and FDDI define the record format of the packets (frames) being communicated between the MAC layer and Network layer. The internal formats are different and without conversion workstations cannot interoperate with workstations that operate with another definition. And in this connection the network layer is responsible for switching and routing messages to their proper destinations. It coordinates the means for addressing and delivering messages. It provides for each system a unique network address, determines a route to transmit data to its destination, segments large blocks of data into smaller packets of data, and performs flow control. When a message contains more than one packet, the transport layer sequences the message packets and regulates inbound traffic flow. The transport layer is responsible for ensuring end-to-end error-free transmission of data. The transport layer maintains its own addresses that get mapped onto network addresses. Because the transport layer services process on systems, multiple transport addresses can share a single network address. Indeed, the session layer provides the services that enable applications running at two processors to coordinate their communication into a single session. A session is an exchange of messages—a dialog between two processors. This layer helps create the session, inform one workstation if the other drops out of the session, and terminate the session on request. The presentation layer is responsible for translating data from the internal machine form of one processor in the session to that of the other. The application layer is the layer to which the application on the processor directly talks. The programmer codes to an API defined at this layer. Messages enter the OSI protocol stack at this level, travel through the layers to the physical layer, across the network to the physical layer of the other processor, and up through the layers into the other processor application layer and program.

Connectivity and interoperability between the client workstation and the server are achieved through a combination of physical cables and devices, and software that implements communication protocols. One of the most important and most unnoticed parts of LAN implementation today is the physical cabling plant. A corporation’s investment in cabling is significant. For most though, it is viewed strictly as a tactical operation, a necessary expense. Implementation costs are too high, and maintenance is a no budgeted, nonexistent process. The results of this shortsightedness will be seen in real dollars through the life of the technology. Studies have shown that over 65 percent of all LAN downtime occurs at the physical layer. It is important to provide a platform to support robust LAN implementation, as well as a system flexible enough to incorporate rapid changes in technology. The trend is to standardize LAN cabling design by implementing distributed star topologies around wiring closets, with fiber between wiring closets. Desktop bandwidth requirements can be handled by copper for several years to come; however, fiber between wiring closets will handle the additional bandwidth requirements of a backbone or switch-to-switch configuration. Obviously, fiber to the desktop will provide extensive long-term capabilities; however, because of the electronics required to support various access methods in use today, the initial cost is significant. As recommended, the design will provide support for Ethernet, 4M and 16M Token Ring, FDDI, and future ATM LANs. Wiring standards include RG-58 A/U coaxial cable (thin-wire 10Base2 Ethernet), IBM Type 1 and Fiber Distributed Data Interface (FDDI for 10BaseT or Token Ring). Motorola has developed a wireless Ethernet LAN product—Altair—that uses 18-GHz frequencies. NCR’s Wave LAN provides low-speed wireless LAN support. Wireless LAN technology is useful and cost-effective when the cost of cable installation is high. In old buildings or locations where equipment is frequently moved, the cost of running cables may be excessive. In these instances wireless technology can provide an attractive alternative. Motorola provides an accomplishment that uses standard Ethernet NICs connecting a group of closely located workstations together with a transmitter.

The source of data transmission like transmitter communicates with a receiver across the room to provide the workstation server connection. Recent reductions in the cost of this technology make it attractive for those applications where the cost of cabling is more than $400 per workstation. Wireless communication is somewhat slower than wired communication. Industry tests indicate a performance level approximately one-half that of wired 10-Mbps UTP Ethernet. NCR’s substitute wireless technology, Wave LAN, is a slow-speed implementation using proprietary communications protocols and hardware. It also is subject to interference by other transmitters, such as remote control electronics, antitheft equipment, and point-of-sale devices. Ethernet is the most widely installed network topology today. Ethernet networks have a maximum throughput of 10 Mbps. The first network interface cards developed for Ethernet were much cheaper than corresponding NICs developed by IBM for Token Ring. Until recently, organizations that used non-IBM minicomputer and workstations equipment had few options other than Ethernet. Even today in a heterogeneous environment, there are computers for which only Ethernet NICs are available. The large market for Ethernet NICs and the complete definition of the specification have allowed over 100 companies to produce these cards.3 Competition has reduced the price to little more than $200 per unit. 10BaseT Ethernet is a standard that enables the implementation of the Ethernet protocol over telephone wires in a physical star configuration (compatible with phone wire installations). Its robustness, ease of use, and low cost driven by hard competition has made 10BaseT the most popular standards-based network topology. Its pervasiveness is unrivaled: In 1994, new laptop computers will start to ship with 10BaseT built in. IBM is now fully committed to support Ethernet across its product line. IBM uses the Token Ring LAN protocol as the standard for connectivity in its products. In an environment that is primarily IBM hardware and SNA connectivity, Token Ring is the preferred LAN topology option. IBM’s Token Ring implementation is a modified ring configuration that provides a high degree of reliability since failure of a node does not affect any other node. Only failure of the hub can affect more than one node. The hub isn’t electric and doesn’t have moving parts to break; it is usually stored in a locked closet or other physically secure area. Token Ring networks implement a wire transmission speed of 4 or 16 Mbps. Older NICs will support only the 4-Mbps speed, but the newer ones support both speeds. IBM and Hewlett-Packard have announced a technical alliance to establish a single 100Mbps standard for both Token Ring and Ethernet networks. This technology, called 100VG-AnyLAN, will result in low-cost, high-speed network adapter cards that can be used in PCs and servers running on either Token Ring or Ethernet LANs. The first Any LAN products are expected in early 1994 and will cost about between $400 and $700 per port. IBM will be submitting a proposal to make the 100VG-AnyLAN technology a part of IEEE’s 802.12 (or 100Base-VG) standard, which currently includes only Ethernet.

The Ethernet procedure device may function well when the cable is lightly full but, because of rear-ender that occur when an attempt is made to put data onto a busy cable, the technique provides poor performance when the LAN utilization exceeds 50 percent. To recover from the collisions, the sender retries, which puts additional load on the network. Ethernet users avoid this problem by creating subnets that divide the LAN users into smaller groups, thus keeping a low exploitation level. In spite of the prevalent implementation of Ethernet, Token Ring installations are mounting at a fast rate for client/server applications. IBM’s commitment to Ethernet possibly will slow this success, because Token-Ring will always cost more than Ethernet. The analysis predicts a steady increase in planned Token Ring installations from the middle of 1988 until the installed base is analogous in 1996. However, this analysis does not account for the emergence of a powerful new technology which has entered the marketplace in 1993, Asynchronous Mode, or ATM. It is likely that by 1996 ATM will govern all new installations and will gradually replace accessible installations by degrees.

Kh. Atiar rahman has written a number of articles. He was born at Meherpur, Kushtia.

Importance Of SSL Certificate For A Web Site

Posted on by
Reply

People are getting smart about online security. More and more of them are looking for the padlock icon and “https” prefix in the address bar of their browser before submitting personal information online. If your Web site doesn’t have an SSL Certificate, visitors may leave before making a purchase, creating an account or even signing up for a newsletter.

An SSL certificate is a digital certificate that authenticates the identity of a Web site and encrypts information sent to the server using Secure Sockets Layer (SSL) technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.

An SSL certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user’s browser accesses the server’s digital certificate and establishes a secure connection.

An SSL certificate contains the following information:-

The certificate holder’s name
The certificate’s serial number and expiration date
A copy of the certificate holder’s public key
The digital signature of the certificate-issuing authority

How does SSL Certificates work? :-

An SSL certificate ensures safe, easy, and convenient Internet shopping. Once an Internet user enters a secure area – by entering credit card information, email address, or other personal data, for example – the shopping site’s SSL certificate enables the browser and Web server to build a secure, encrypted connection. The SSL “handshake” process, which establishes the secure session, takes place discreetly behind the scene without interrupting the consumer’s shopping experience. A “padlock” icon in the browser’s status bar and the “https://” prefix in the URL are the only visible indications of a secure session in progress.

By contrast, if a user attempts to submit personal information to an unsecured Web site (i.e., a site that is not protected with a valid SSL certificate), the browser’s built-in security mechanism triggers a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users will likely look elsewhere to make a purchase.

Types of SSL Certificates :-

Wildcard SSL Certificates : Secure Unlimited Servers with ONE SSL Cert! (certification also covers unlimited first-level sub-domains) You get Strong 256 Bit Encryption, Secure Site Seal, & Web PKI to easily manage multiple SSL Certs.

Premium Extended Validation Certificates : It provides the highest level of online assurance for your customers using a process that’s standardized across all certification authorities:

More extensive than any existing SSL vetting process (undertaken by any certification authority).

Includes verification of your organization’s identity, the validity of your request and the overall legitimacy of your business.

Browsers also display both the organization name and issuing certification authority.

Using the same rock-solid, 256-bit encryption technology as Standard SSL and Deluxe SSL Certificates, Premium SSL Certificates prove that your Web site is a secure place for customers to conduct business.

Multiple Domain Certificates, also called Unified Communications Certificates (UCC): It provides the most flexible class of SSL Certificates today by securing multiple domain names with one certificate.

Secure up to 100 domain names on one certificate.

Save money because the cost of one Multiple Domain Certificate, with additional domain names, is less than the cost of individual certificates for each unique domain name.

Compatible with Microsoft Exchange Server 2007 and Microsoft Communications Server.

Simplifies the process of managing multiple certificates with varying expiration dates.

Our Single, Multiple Domain and Subdomain certificates all use the same rock-solid, 256-bit encryption technology, proving that your Web site is a secure place for customers to conduct business.

NOTE: The UCC Certificate is ideal for Communication Server, Exchange Server and other Enterprise Applications, as well as for single companies or entities with many related URLs. This Certificate is not recommended for use with sites completely separate from each other (e.g. a network provider who builds Web sites for competitors).

Most of the SSL certificate issuing companies will charge you around $399 per year. Some of the affordable SSL certificate provider like Hosting3i.com chareges $14.95 per year with 256-bit secure encryption.

SSL certificate will not only ensure safe transfer of critical information but also increase the creditability of your online store.

Jenny Dsouza is a Product Manager at Hosting3i.com which provides Cheap Domain Name Registration and SSL Certificates service.

It’s All About People, Process, and Technology. Technology is Dead Last in the Order of Importance When it Comes to Security

Posted on by
Reply

The recent and explosive growth of the Internet and technology has brought many good things such as e-commerce, collaborative computing, online markets and new avenues of sharing and distributing information. But each side has its counterpart, and with the technological advances came hackers. With this dark side and the many security breaches that are associated with it, companies, governments and individuals are afraid of hackers breaking into their servers or networks, stealing valuable data, collecting passwords and intercepting financial and credit card information.

And many times this can become reality. Recently, there has been a flurry of security breaches among large organizations such as Western Union, that reported a security breach on their Web site that let loose the credit-and debit-card information for 15,700 customers. Another recent hacker case is a 16-year-old youth, who admitted hacking into military and NASA computer networks. His activities caused a three-week shutdown of NASA’s systems and a security breach of a military computer network which protects against conventional, biological, chemical and nuclear-weapon attacks. That’s just a small sampling of actual hacks. Most industry watchers agree that only a handful of security breaches are ever reported.

For a long time, most computer network crackers hacked a system for the same reason: “Because it’s there.” But that’s no longer the only reason or even the dominant one. More hackers now do it because “It’s where the money is.” In the past decade, hackers have changed from script kiddies who hacked websites and spread worms to professionals sponsored by foreign governments and organized crime. Modern hackers want more than infamy. They exploit new technologies to crack systems or hack into computer systems and hold data for ransom. Hackers today commit real crimes, sometimes for significant financial gain.

To safeguard themselves from the modern hackers, most companies and government agencies that want to uncover network and system security vulnerabilities have two choices: they can hire a team of penetration experts to scan and probe their systems and uncover their vulnerabilities, or they can wait for a malicious hacker to come by and exploit them. Unfortunately, many times it is the latter. A security analysis or penetration test, performed by a security consultant, would produce a report or security posture assessment, detailing all vulnerabilities found and the actions needed to remedy them and minimize the risk of being the victim of a successful hack attack.

The security consultant or penetration expert can be a “white hacker”, someone who uses ethical hacking to discover vulnerabilities within a network or a reformed “black hacker”, who once was an active part of the dark side and used to exploit the identified security holes. The subject of whether it is ethical to use former hackers to evaluate a network’s security is a topic that is often hotly debated – and for many reasons.

Ethical hackers or security consultants typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. Their base knowledge and expertise is augmented with detailed knowledge of the hardware and software, project management skills and methodology which are necessary for the actual vulnerability testing, as well as when reporting after the test was performed. In addition to that, ethical hacking seminars, courses and certifications are being offered to IT professional to broaden their horizon and skills in these fields. But many times these hacking courses and seminars only provide a very limited insight, outdated hacking or only basic hacking techniques. Their main purpose is to educate professionals but not to create a new generation of hackers. The goal is to fill security holes, not exploit them.

A disadvantage that white hackers or security consultants have over hackers is the real world experience and the insight knowledge. There are many things that cannot be taught in a seminar or learned from a book. The most obvious advantage former hackers have, is the real world hacking experience. As each network system differs based on various network defenses and configurations, the hack approach will be unique and only someone with plenty of real world hacking experience can efficiently go from using one technique to another as required by the present situation.

Another positive aspect of hiring reformed hackers as security consultants is that staying up on the latest security exploits, vulnerabilities and countermeasures is part of their job. A good hacker has a level of security knowledge that goes far beyond that of most other IT professionals. Keeping up with the latest exploits and countermeasures is a full time job and although the IT professional has an acceptable level of security knowledge, they must focus most of their attention on the day to day responsibilities of keeping the network up and running. To make up these “deficiencies” many white hackers and security consultants rely on automated and commercial vulnerability and penetration software, that can provide needed security reports, but their functions are limited. The huge differences can be seen when comparing the results from an automated scan and a hacker assessment or professional penetration test.

But before a company makes the decision to hire a reformed hacker, one needs to evaluate the negative sides. Certainly there are several types of hackers that can be found. One kind oft them are the “gray hats” – the unpaid tinkerers who find flaws to improve security for everyone. They are the best hackers, because their passion for tinkering drives their excellence and they do not break the laws. The black hat hackers – the criminals – break the law and feel justified doing it. They are the kind of hackers who seek to increase their fame in the hacker community, while others want to prove at any cost that their targets’ security is vulnerable. Black hats wreak havoc not only by their own actions but also by drawing attention to weaknesses that they and cybercriminals can exploit. The last and worst kinds of hackers are the cybercriminals, who perpetrate the worst crimes. They are paid to use existing tools and techniques to steal confidential personal, government or industry information, and particularly financial data. Cybercriminals usually work for foreign governments, organized crime or independently.

The probably biggest negative in the decision making process is trust. Which hacker will you hire and how much can you trust them? The main premise of security is deciding who you trust and then locking out everyone else. When hiring a hacker as a security consultant, because of network’s security concerns, paradoxically the trust goes to the criminal. Not only is it the trust factor that plays a major role in the decision making process but also the impact the decision might have on customers and shareholder. How will the customers react, if they knew a former criminal was hired to test the security of a system or database that contains all personal and financial information? Someone with a questionable morale and judgment, is not someone who should have control of a corporate network with sensitive data. In most cases hackers, and that is what makes them hackers, do not appreciate or respect standard business processes and structures. A disgruntled hacker with inside knowledge of a company’s networks could create a nightmare scenario.

Hackers are like adventurers, motivated by intellectual curiosity. “The more secure you make your systems, the more you attract them. The hacker mind-set is like exploring space, except they’re exploring the network. If that essential curiosity on finding out how things work, which is what causes people to be hackers, goes away, then you don’t necessarily want that person as a hacker or security consultant. However, just because a hacker has the desire and capabilities to explore a network, does not necessarily make them prepared to build a secure network and fix identified vulnerabilities. Breaking into things, does not always mean knowing how to fix them. These are two different skill sets. Once security threats have been identified, these need to be communicated including the potential business processes affected by the vulnerability, along with a list of impact assessments and countermeasures. Besides technical knowledge, the hacker will need to have experience in business processes and management, to relay his findings to the company.

Another hey factor to consider before making a decision who to hire as a security consultant, is to know that no computer system is ever completely secure, especially when considering the human factor. Spending astronomical amounts of money pursuing total security, by hiring security consultants and eventually becoming dependent on them, is not going to help. Some corporations in some industries must guard against intrusions from tech-hungry foreign governments – in particular China, France, Israel, Japan, Germany and Russia – that converted their cold-war spy machinery into “economic espionage” units, but that does not apply to all businesses. A realistic set of goals of what to expect from a security consultant need to be set first.

But no matter what the decision is and if the company hires a professional security consultant or a reformed hacker, the real threat will be still there. Any hacker, who wants to exploit a system will always try to use the path of least resistance. This path of least resistance is often through the front door. The front to door can be “identified” as the area over which businesses may have the least control: people. People are the weakest but first link when it comes to security. With good social engineering skills and not very well trained employees, disgruntled workers and ex-employees, a hacker can get enough information to access a system, insert malicious codes that contain keystroke and network sniffers and other means to collect information. The hacker just “exchanged” his keyboard with social engineering. And this is a part of security where a highly educated security consultant or a reformed hacker will not be able to help you.

Ms. Deckwerth has over a decade of experience in IT security and regulatory compliance both in the U.S. and EU. Her work has included the audits and IT security of private companies, public companies and NATO and government organization as well as implementation of ISO and NIST. Her professional experience encompasses regulatory compliance with HIPAA, Sarbanes Oxley, PCI, GLBA, and NATO/DoD requirements.

Mrs. Deckwerth holds an M.S. in IT Management and is currently pursuing a PhD in IT Security from Touro University and speaks six languages.