Archive for the ‘Featured’ category


KBU students explore the world of hacking

Fri, 09 Apr 2010

THE terms ‘hacker’ or ‘hacking’ usually carry negative connotations. They often imply criminal, or at least, mischievous intent, while intruding into another’s computer security system. However, in the computing community, the term could be complimentary, depending on the context. More often than not, the primary meaning of a hacker is someone who is a brilliant programmer or a technical expert.

That was exactly what students of KBU International College found out when they attended a talk organised exclusively for them by the EC-Council Asia Pacific, in collaboration with KBU’s School of Engineering and Computing.

During the much-awaited event, students were also given the opportunity to watch a live demo on ethical hacking which was demonstrated by the EC Council presenters.

EC-Council is the leading IT Security certification body who offers both business and technical training to impart a solid background necessary to build successful e-businesses. The institution addresses the critical needs across all industries for the whole spectrum of industry-standard IT security and e-business programme

Dr Christine Lee Siew Ken, Deputy Head of KBU School of Engineering & Computing, who coordinated the event, was extremely pleased with the huge turn-out of her students. The lecture theatre was packed to the brim with not only students from KBU’s School of Engineering and Computing but also those from the School of Business, Hospitality & Tourism Management and the School of Design.

Through KBU’s collaboration with the EC-Council, students could get themselves certified as an ethical hacker at an affordable fee.

Lee also remarked that many students were not aware of the lucrative salary of IT security professionals. For instance, in the Robert Walters Global Salary Survey 2009, it was reported that an IT security analyst in Malaysia could earn a salary of up to RM100,000 per annum, while in Hongkong, a security specialist earns up to HKD 800,000 (RM344,000) per annum. If one were to venture further, a security specialist in UK and France could earn up to £95,000 (RM372,000) and €90,000 (RM398,000) per annum respectively.


Zayed University Offers World Class Information Security Education

Apr 05, 2010 – Internet penetration in the United Arab Emirates is on the rise as recent studies has shown that web growth has reached 67 per cent with over 55 per cent of the population using it on a daily basis. This points out to the probability of us being more prone to security threats and cyber crimes. Recognizing the critical need for defining information utility and computer security; Zayed University has integrated information security education into their curricula through a partnership with EC-Council via the Academia Partnership program. Conceived by EC-Council, the program enables institutes of higher learning to deliver up to date information security education with ease, and at a cost effective manner. Acknowledging the credibility and relevance of the content provided by EC-Council, Zayed University has taken a tremendous initiative to equip the students with security skills and to be a professional in the field which will help them in building a bright future in related fields and to build up a generation which is responsive to information security risks.

“We are pleased to be an Academia partner of EC-Council. We are looking forward to contribute to the information security workforce by providing graduates who will be equipped with the latest skills and technologies required to excel in the industry.” – said Dr. Huwaida from Zayed University
To be introduced first will be the world famous Certified Ethical Hacker program.

A Certified Ethical Hacker (CEH) is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker. Most recently, the U.S. Department of Defense (DoD) has announced the official approval of the Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S. cyber defenders. This requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement. Directive 8570 provide clear guidance to information assurance training, certification and workforce management across all components of the DoD.

Mr. Sean Lim, Vice President of EC-Council, said, “We are confident that Zayed University has taken an exemplary and vanguard step by participating in the EC-Council Academia Partner program. Their participation demonstrates that the local academia views seriously and acknowledges the implications of information security issues. By providing their students with information security knowledge, this university is contributing to the welfare and well-being of Dubai. We are certain that these partnerships will go a long way in developing a generation of information security experts who will be pivotal assets of the information security industry”.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other programs offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS). For more information about EC-Council, please visit the website: www.eccouncil.org. COMGUARD (www.comguard.net) is the exclusive distributor for EC-Council in the Middle East region.

About Zayed University
Zayed University is a higher educational institution in United Arab Emirates which was established in 1998 and named in honor of His highness Sheikh Zayed Bin Sultan Al Nahyan, the country’s first president. Zayed University has been dedicated to preparing its graduates for life and work in an ever changing world, becoming proficient in the use of modern technology, and developing a true sense of global citizenship. The University’s academic programs, which strive to conform to the highest world standards. Zayed University has two campuses in the emirates of Abu Dhabi and Dubai, serving around 3,500 female students. University is organized academically into five colleges: Arts and Sciences, Business Sciences, Communication and Media Sciences, Education, and Information Technology


Fox Business News: Is Your Computer Network Safe?

Friday, March 19, 2010

There was a time not long ago when computer hacking brought to mind an image of an anti-social teenager hiding in his parents’ dark basement cracking code for the thrill of it and later posting his exploits online under a dangerous sounding nickname like “Plague.”

But recent hacks on some of the world’s most sophisticated technology companies have showcased another kind of cyber criminal, one that includes foreign governments and organized crime cartels, unconstrained by social norms and backed by nearly unlimited resources.

As attacks become ever more clever, is any computer user really safe?

“If you are dealing with a sophisticated nation state adversary then obviously there are a lot of resources they can bring to bear and it would be difficult for the private sector to face that sort of attack,” said Dmitri Alperovitch, vice president of threat research at McAfee Inc. (MFE: 40.3, 0.15, 0.37%) “Just like we don’t expect private sector companies to be able to face an armed attack by an army.”

 


TIME: To Battle Computer Hackers, the Pentagon Trains Its Own

Thursday, Mar. 18, 2010

After years of building firewalls and other defenses against relentless hacker attacks, the Pentagon is going over to the dark side of computer warfare. Only ethically, of course. The Defense Department, like most large organizations, has recognized that no wall is high enough to keep out skilled and determined hackers for keeps. Instead, it has decided that in order to anticipate and thwart those attacks, it needs to know what the hackers know.”More than 100 foreign intelligence organizations are trying to hack into U.S. systems,” Deputy Defense Secretary William Lynn warned last month. “Some governments already have the capacity to disrupt elements of the U.S. information infrastructure.” So the Pentagon recently modified its regulations to allow military computer experts to be trained in computer hacking, gaining designation as “certified ethical hackers.” They’ll join more than 20,000 such good-guy hackers around the world who have earned that recognition since 2003 from the private International Council of E-Commerce Consultants (also known as the EC-Council).”We are creating cyber-bodyguards,” says Sanjay Basivi, president of the council. “We’re not creating combat people.” But as the world becomes increasingly interconnected via the Internet, the stakes have become too high to rely on static defenses alone to protect the immense flows of vital information that operate the world’s financial, medical, governmental and infrastructure systems. “The bad guys already have the hacking technologies,” Bavisi says. “We can say, ‘Tough luck, the bad guys play by different rules and you can’t do anything about it, so just go lock your doors.’ Or we can tell the good guys, ‘We will arm you with the same knowledge as the bad guys, because to defeat the hacker you need to be able to think like one.'”Basivi and the Pentagon are sensitive to the possibility that the tactics taught could be used for other purposes. “We’re not training Department of Defense guys to become hackers and start hacking into China or any other countries,” he says. Week-long courses will train them in 150 different hacking techniques and technologies, ranging from viruses, worms, sniffers and phishing to cyber warfare. The cost of the course ranges from $450 to $2,500 depending on the training involved.Pentagon personnel “are not learning to hack,” insists Air Force Lieut. Col. Eric Butterbaugh. While the EC-Council calls it “Certified Ethical Hacker” training, the U.S. military also calls it “penetration testing training” or “red-teaming.” These are proven military techniques that have been used for decades to hone war-fighting skills. The Air Force and Navy, for example, maintain “aggressor squadrons” of F-5 and MiG warplanes to give U.S. military pilots practice against the tactics of potential foes. And the Army’s National Training Center at Fort Irwin, Calif., has long boasted a highly-trained “op-for” — opposition force — that regular U.S. Army units engage in realistic war games.The program will be no cure-all for the Pentagon, whose networks are hacked hundreds of times a day. Adriel Desautels, the chief technology officer at Netragard LLC., a Massachusetts-based anti-hacking outfit, says that while “it’s better than nothing,” there are simply too many vulnerabilities to protect the Pentagon’s estimated 10 million computers. Desautels likens it to 1,000 Dutch boys trying to stop water from flowing through a dike springing millions of leaks. “The threat is defined by the real black hats, and it’s impossible to know what the black hats are researching,” he says. “The number of vulnerabilities far exceeds what any white hats are going to discover.”

Both Butterbaugh and Bavisi say there are no concerns that military personnel trained as hackers might go rogue. “Computer network defense service providers,” Butterbaugh says, “are vetted and have security clearances.” Not only that, adds Bavisi: those trained as ethical hackers have to sign a legally binding pledge that they will not engage in malicious hacking. “So far,” he says, “we haven’t had a single case where someone became a real hacker.”


EC-Council Highlights the Current Trends and Practices in Software Assurance at the Department of Homeland Security 2010 Software Assurance Forum

Virginia, March 10, 2010 – Jay Bavisi, LLB, co-founder and president of EC-Council, recently presented his organization’s findings on the current software assurance environment – both problems and opportunities – at the 12th Semi-Annual Software Assurance Forum.

Bavisi shared the panel with Steve Lipner, Microsoft’s senior director of security engineering strategy, and Dr. Richard H.L. Marshall, Department of Homeland Security, director of global cyber security management. The panel discussed and identified gaps and opportunities in the current software assurance landscape and debated on the reliability of various knowledge resources being developed and made available by leading organizations and governments.

“Better software assurance is vital to U.S. cyber security as well as our global digital society,” Bavisi said. “By hardening software in advance, we can reduce the ‘vulnerability gap’ that occurs between a known security flaw and the release of a patch, thus improving e-commerce, government security, and consuactionable cyber security information to the public. US-CERT also providesmer confidence in the digital universe. EC-Council plays an active role in helping the information security community seek ways to reduce software vulnerabilities and minimize exploitation – and we regularly make available our diagnostic expertise to software developers and governments in order to analyze these systems for exploitable weaknesses.”

“Software development needs to be informed by incident response; it needs threat modeling and application penetrating testing,” said Joe Jarzombek, PMP, CSSLP, director of the Software Assurance Forum. “Secure coding is needed to avoid exploitable weaknesses being introduced.”

The March 9-12 Software Assurance Forum was co-sponsored by organizations in the Department of Homeland Security (DHS), Department of Defense (DoD) and the National Institute for Standards & Technology (NIST). The forum was attended by various members of U.S. Department of Homeland Security, Department of Defence, US CERT and representatives from leading industry software manufacturers as well as from academia. The Software Assurance Forum aims to encourage software developers to be pro-active in raising overall software security & quality during inception instead of relying on reactionary approaches such as application of patches after software vulnerabilities are found.

For more information about the Software Assurance Forum, visit: https://buildsecurityin.us-cert.gov/swa/index.html

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 60,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

For more information about EC-Council, visit the website: www.eccouncil.org

About DHS
The United States Department of Homeland Security (DHS) is a Cabinet department of the United States federal government with the primary responsibilities of protecting the territory of the U.S. from threats ranging from cybersecurity analyst to chemical facility inspector. DHS upholds aviation and border security as well as responding to natural disasters.

About US-Cert
US-CERT is charged with providing response support and defence against cyber attacks for the Federal Civil Executive Branch (.gov) and information sharing and collaboration with state and local government, industry and international partners. It interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public. US-CERT also provides a way for citizens, businesses, and other institutions to communicate and coordinate directly with the United States government about cyber security.

About Software Assurance Forum
The key objective of the Software Assurance Forum is to shift the security paradigm from patch management to software assurance. This shift is designed to encourage software developers to raise overall software quality and security from the start, rather than relying on applying patches to systems after vulnerabilities are discovered.

The intent of this Forum is to continue to bring together members of government, industry, and academia with vested interests in software assurance to discuss and promote integrity, security, and reliability in software. Progress updates on relevant programs and initiatives will also be presented. If you are developing practical solutions to problems relating to examining alternatives to mitigate security risks attributable to software that affect both government and industry, you will benefit in attending the Software Assurance Forum.


Sanjay Bavisi Explains the Importance of Ethical Hacking in Cyber Defense

Jay Bavisi, President of EC-Council explains what ethical hacking is all about and the importance it plays in cyber defense.

Click Here…


United States Department of Defense Embraces Hacker Certification to Protect U.S. Interests

ALBUQUERQUE NM, March 1, 2010 – EC-Council announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification as a new baseline skills certification option for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is a recognized certification for the DoD’s computer network defense Service Providers (CND-SP’s), a specialized personnel classification within the United States Department of Defense’s information assurance workforce.

The Certified Ethical Hacker recognition falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all affected components of the DoD.

The CND-SP groups protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks.

With this directive, military service, contractors, and foreign employees across all job descriptions must show 100-percent compliance, CEH being one option to achieve and maintain compliance. This shows the DoD’s focus on increasing training and preparation of the U.S. military workforce in the Computer Network Defense Service Provider category.

The Certified Ethical Hacker qualification tests the certification holder’s knowledge in the mindset, tools and techniques of a hacker, fortifying it’s certification tag line: “To beat a hacker, you must think like one.”

“CEH has been selected due to the immense technical and tactical nature of the certification,” said Jay Bavisi, co-founder and president of EC-Council. “It is one of the most technically advanced certifications on the directive for CND-SP professionals. In fact, it is the only certification approved across four out of the five categories to prepare the CNDSP teams. While other policy-based programs add value, CEH prepares the U.S. CND-SP’s to combat hackers in real time, defending U.S. interests globally.”

Bavisi added: “We have been researching this space for quite some time and with this directive from the DoD, there has never been a better time for us to beat the hackers at their own game. We are racing to research complex hacker techniques and in the next release of our CEH program, we hope to showcase in over 150 modules, detailed and extremely complex attack and countermeasures that will help raise the level of knowledge of the CND-SP teams.”

KEY FACTS:

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 60,000 individuals and certified more than 22,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

For more information about EC-Council, visit the website: www.eccouncil.org.


EC-Council trains Italy’s first batch of Computer Hacking Forensic Investigators in Rome

ROME, February 1, 2010 – Italy’s very first Computer Hacking Forensic Investigator (CHFI) training was successfully conducted by Elea Spa, one of EC-Council’s Accredited Training Centre in Rome. The class was made up by 12 members of the forensic team of a major Italian company, and upon completion, they have successfully joined the global community of EC-Council certified information security members that currently stands at over 25,000 across 60 countries.

The CHFI program lets participants acquire the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Many of the top tools, technologies and methodologies of the forensic trade are featured in the program, including software, hardware and specialized techniques.  The CHFI curriculum has recently been certified to meet the stringent CNSS 4012 standards, awarded by the US National Security Agency (NSA) and Committee on National Security Systems (CNSS).

“We would like to thank EC-Council for the excellent in-depth CHFI program and Elea Spa for providing a conducive training environment. A special mention of Mattia Epifani, Certified EC-Council Instructor, for his professionalism and expertise in teaching the program,” said Giuseppe Mazzaraco, Fraud Management Chief of Corporate Investigation & Fraud Prevenzion of the Italian Firm.

Sean Lim, Vice President of EC-Council commented, “The CHFI program being embraced by one of the largest and respected Italian firm is a testament of the quality of our programs. We will be working together closely with our Accredited Training Centers to provide and deliver more quality training to the security community in Italy.”


Partnership between EC-Council and Career Academy

2009-03-19 06:38:21 – The Partnership between EC-Council and Career Academy results in EC-Council’s certification programs being available for delivery at over 300 training locations in 59 countries via Video Based Blended Learning.

Career Academy and EC-Council announced today that they have entered into an agreement to launch the official EC-Council Mentored Learning Training Series.

This series is to be based on the official courseware and delivery standards for EC-Council’s industry leading Security certification courses, including the popular Certified Ethical Hacker  and Computer Hacking Forensic Investigator  certifications.

‘For this series, Career Academy and EC-Council have enlisted the industries leading Security instructors to deliver training courses that will engage, challenge and enlighten even the most seasoned IT professional,’ noted Career Academy (www.careeracademy.com) CEO Samson Chu. ‘There is no question that EC-Council’s certifications are highly reputable and popular. We have seen a huge demand for the officially endorsed EC-Council video based courses from our clientele globally. We have been very impressed by the myriad of success stories told by Information Security professionals over the years, and are excited to finally bring these courses into the Mentored Learning program via our Content Marketplace. Now IT students around the globe will have access to the finest security courses available, with the convenience and flexibility that is the hallmarks of the Mentored Learning program.’

‘As the demand for certified Security specialists increases within the business, government and military communities, we have been searching for a way to reach more students in a manner that fits within their busy schedules. This Mentored Learning series is the perfect solution. By working with Career Academy and their partner network, we will be able to deliver an open enrollment schedule of our entire courses library in over 300 of the leading training centers around the world. This initiative will go a long way in increasing Security awareness and levels of expertise within the enterprise on a global scale,’ adds Jay Bavisi, President of EC-Council (www.eccouncil.org).

Contact Information:

EC-Council

6330 Riverside Plaza Ln NW

Suite 210

Albuquerque, NM 87120

USA

Contact Person:

Dawne Chin

Senior Marketing Executive

Phone: 1.505.341.3228


EC-Council Discusses the Effects of Equipment-Based Security Mentality at the Largest e-Learning Conference for Corporate, Education and Public Service Sectors

Berlin (Germany), December 2, 2009 – Jay Bavisi, President and Co-founder of EC Council, presented “Defenceless Defence against Corporate Breaches” at the Security and Defence Learning, held in conjunction with Online Educa Berlin.

The presentation highlighted the risks and impact of Equipment-Based Security Mentality (EBSM) has on today’s information security landscape. Many organizations depend solely on security vendors and tend to over-complicated their networks with multiple security solutions without evaluating real needs. They tend to measure the security posture of their company based on the amount of investment they make on appliances, a mentality that Jay defines as EBSM.

As such, corporations operating with EBSM are at a much higher risk of encountering security breaches due to human errors.  Even the simplest mistake committed by an administrator or user of a network presents an opportunity for a breach or compromise to occur.

Said Jay, “Hackers have grown to become more intelligent. They are able to exploit on the slightest mistakes made by users of a network and latch on any semblance of vulnerability to trespass into a ‘defenceless defence’. In any case, once this simple breach occurs, a butterfly effect will follow after when the tiny transgression escalated into something much more severe and this could potentially cripple the entire operation of an organisation”.

Among the dignitaries who sat through the presentation were Peter-Martin Meyer, Director of Swiss Police Institute, John Gretes, Director of Swiss Police College, Rainer Greiger, President of University of Applied Sciences of the Police Brandenburg and Dale L. Sheehan, Director of Police Training and Development Interpol. Other representatives included influential decision makers from Free University Berlin, International Association of Emergency Managers, State Academy and Technical Facility for Fire & Emergency Protection, Berlin University for Professional Studies and ICTS Europe Holding B.V.

“To offset the risks posed by over-reliance on security equipment, it’s important to have a systematic and comprehensive security policy in place, and best practices cultivated among IT users across all levels. The IT infrastructure of any organization has to be tested regularly through penetration testing and updated with improvements learnt from investigations of previous attacks to guarantee its functionality. This ensures that your business will be properly protected in the event of a catastrophe”, Jay added.

About EC-Council

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker course, Computer Hacking Forensics Investigator program, License Penetration Tester program and various other programs offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS). For more information about EC-Council, please visit the website: http://www.eccouncil.org

About Security and Defence Learning 2009

Security and Defence Learning 2009 is the annual conference at which the words of security and technology-assisted learning meet. The conference, which is held in Berlin every year, brings together key officials, training directors, security planner, academics and suppliers. It has now established a firm reputation both as one of Europe’s leading conferences on technology-assisted learning for security and as an excellent opportunity for informal networking with key-decision-makers. For more information about Security and Defence Learning 2009, please visit the website: http://www.security-defence-learning.com/

About Online Educa Berlin

Online Educa Berlin is the largest global e-learning conference for the corporate, education and public service sectors, is the key annual networking event for the international e-learning and technology-supported learning and training industry, attracting and bringing together experts in the vanguard of technology-enhanced learning from around the world. Participants forge essential cross-industry contacts and partnerships, thereby enhancing their knowledge and expertise. Over 2000 delegates from more than 90 countries and every continent attend the conference to discuss the latest developments in the field. For more information about Online Educa Berlin, please visit the website: http://www.online-educa.com/the-conference