November 28, 2022 – At face value, the term “ethical hacking” may seem like an oxymoron. But the students in the Information Technology Education (ITE) program under the direction of Dr. James Nichols has shed light on what exactly it means to be an ethical hacker.
Initially developed in 2014 but since altered extensively by Dr. Nichols, the course seeks to help students hone fundamental knowledge of the tools and techniques of computer hacking and how to properly defend against such attacks.
The class is offered every Fall and Spring and runs campaigns such as the campus-wide phishing campaign where students partner with the college’s Information Technology Services (ITS) to send out emails to selected accounts that, according to the ITS frequently asked questions page, “would attempt to get sensitive/restricted information by pretending to be a trusted source who is requesting the information for legitimate reasons.”
Dr. Nichols states that: “the goal is to raise awareness of the dangers of hackers and to protect SF from these kinds of attacks being successful. The way to protect against these kinds of attacks is for faculty and staff to be aware of these phishing attacks and to not interact but to report these kinds of emails.”
The best way to do this is by right-clicking on the message and marking it as spam/phish.
One of the learning outcomes for students is to learn the difference between black, white and gray-hat hackers. According to Dr. Nichols, “Black-hat hackers are the hackers that we typically think about. They’re out to find vulnerabilities and exploit systems for their own benefits such as money, fame, revenge, etc.”
“Gray-hat hackers could also be hackers who look for vulnerabilities on a system and report to the entity who owns the system. However, they didn’t achieve prior permission for doing so, which makes their intentions possibly in the realm of black-hat hackers as to why they chose that entity.”
“White-hat hackers are the hackers who are trying to think like black-hat hackers to find the vulnerabilities so they can be fixed before black-hat hackers find them and exploit them.”
Dr. Nichols goes on to say that, “to be an effective white-hat hacker, one needs to be able to think about what black hat hackers and gray-hat hackers are after and be able to think like them to perform these kinds of penetration tests to determine if these systems would be vulnerable.”
Students can not only gain hands-on experience as white-hat hackers but are able to develop extensive knowledge about what outside threats would look like and how to prevent them effectively.
“The partnership with ITS is great to provide this opportunity to the students in my class as it has also increased my awareness and understanding of the process. It better prepares students for their future jobs where they will likely need to conduct their own kind of social engineering campaigns to protect the company employing them. I am appreciative of Tim Modisette, Ulysses Fann, Bill Penney, Dr. Lisa Armour and Dr. Paul Broadie for contributing to SF to best prepare our students for jobs,” remarked Dr. Nichols, asserting his belief and enthusiasm in the class.
Learn more about Santa Fe College’s ITE programs at sfcollege.edu/ite.