'Hacker Boot Camp' Teaches IT Security Tactics

Apr 24, 2007 3:21 PM

A new training course offered by Philadelphia-based Training Camp, a company that provides accelerated learning courses for IT professionals, is helping students learn to protect their companies' computer systems -- by breaking into them, reports The Philadelphia Inquirer.

The weeklong "Hacker Boot Camp" helps its students, who work for corporate IT departments, understand how hackers think and determine what makes systems vulnerable.

"Want to create a fake record in a database? Want a $1 million account with your favorite bank? We can do that," instructor Steve Kalman says.

Before beginning the course, participants sign a statement saying they won't use their newfound knowledge negatively. Training Camp also avoids spreading information that might help real hackers.

"What we teach in this course are a lot of techniques that have long been patched and fixed because we're not trying to create a new generation of hackers," Kalman says.

Michael Trpkosh, a senior software engineer for Verizon Communications Inc., Dallas, says the course immersed him in a fascinating world.

"I have a real passion," he says. "Some people like studying World War II. I like studying this."

He also says he believes an ethical-hacker certificate could help his career.

Upon passing the test, Trpkosh will obtain "Certified Ethical Hacker" status, an educational program overseen by the International Council of Electronic Commerce Consultants, a trade group. With incidents of stolen data regularly making headlines, the certification is in demand.

"It's pretty much a wide-open field out there," Trpkosh says. Besides, "you can only attack your kids' computer so many times before it gets old."

At the boot camp, Trpkosh and other students get two computers each - a victim machine and an attack machine. From one, they attack the other.

Kalman spends about half his time teaching. The other half of his life, as a consultant in "penetration testing and computerized forensics," keeps him up to speed in the classroom.

Penetration testing involves helping businesses identify vulnerabilities in their IT systems.

In the class, he covers a wide range of topics, from wireless hacking to evading "honeypots," or decoy systems set up to attract and catch hackers.

Kalman and his troops make hacking look easy. No one's financial information or trade secret seems safe.

But some companies guard this data better than others, Kalman says. He recently moved some money to the online bank ING because of what he considers its stellar security, which includes having users choose both an image and a phrase as passwords.

The course attracts people with a strong grasp of computer languages and techniques, but uneducated customers and employees often create the biggest risks.

"Users can be your worst enemy in a lot of cases," says Erich Melcher, a student who manages IT security for a large construction and engineering company.

People such as Melcher can patch vulnerabilities and keep an eye out for hackers, but an employee who simply tries to help by sharing a password can destroy all that.

For more information on "Hacker Boot Camp," visit http://trainingcamp.com/usa/noflash.aspx

Want to use this article? Click here for options!
© 2009 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue