A Person With Mask Using A Computer

Sidee Loo Noqdaa Ethical Hacker

Erayga ‘hacker’ waxa uu markii hore qeexayay barnaamij-sameeye (programmer) xirfad leh ee aad u yaqaana code-ka mishiinka iyo hababka hawlgalka (operating systems) ee kombuyuutarka. Maanta, ‘hacker’ waa qof si joogto ah ugu lug yeesha hawlaha jabsiga, u ahna jabsiga qaab nololeed iyo falsafad ay doorteen. Jabsiga waa dhaqanka wax ka beddelka sifooyinka nidaamka, si loo gaaro yool ka baxsan ujeeddada asalka ah ee abuuraha nidaamka (system). Dheeraad: Waa Maxay Hacking?

Kahor intaanan fahmin sida loo noqdo hacker-ka anshaxa (ethical hacker), aan wax badan ka fahanno doorka.

Waa maxay Ethical Hacking?

Erayga ‘hacking’ waxa uu leeyahay macne aad u xun, laakiin taasi waa ilaa inta doorka hacker-ka anshaxa si buuxda loo fahmayo. Ethical Hackers waa ragga wanaagsan ee caalamka jabsiga (Hacking World).
Haddaba muxuu yahay doorka hacker-ka anshaxa?
Halkii ay u isticmaali lahaayeen aqoontooda kombuyuutarka ee horumarsan hawlaha xunxun, hackers-ka anshaxa waxay aqoonsadaan daciifnimada amniga kombiyuutarka si ay uga ilaaliyaan haakariska leh ujeeddooyin qiyaano ah.

Hackers-ka akhlaaqda leh waxay isticmaalaan aqoontooda si ay u sugaan oo u horumariyaan tignoolajiyada ururada ama shirkadaha. Waxay bixiyaan adeeg lagama maarmaan u ah hay’adaha, iyagoo eegaya baylahda (dulduleeladda) u horseedi karta khalkhal amni.

Hackers-ka anshaxa waxaa shaqaaleysiiya hay’ado si ay u eegaan dayacanka nidaamyada iyo shabakadaha ayna horumariyaan sido kalena ay keenaan xalal looga hortagayo jebinta xogta.
U fiirso in ay tahay odhaahdii hore ee ahayd “Waxay qaadataa tuug si uu tuug u qabto.”

Kahor intaanan fahmin sida loo noqdo hacker-ka anshaxa, aan fahano xiisaha uu leeyahay xirfada jabsiga anshaxa.

Waa maxay xiisaha uu leeyahay Ethical Hacking?

Haddii aad tahay qof qiimeeya barashada kombuyuutarrada oo aad ku raaxaysato tartan (challenge), marka xirfadda jabsiga anshaxa waxay noqon kartaa rajo soo jiidasho kuu leh. Waxaad fursad u helaysaa inaad u isticmaasho xirfadahaaga si aad u jebiso nidaamyada kombayutarka, waxaana lagugu siinayaa lacag fiican inaad sidaas samayso. Sida xirfado kale oo badan, ma fududa in la bilaabo, laakiin haddii aad marka hore sameyso dadaal, waxaad awoodi doontaa inaad naftaada u qaabayso shaqo aad faa’iido u leh. Ka sokow, haakarisyada anshaxa had iyo jeer waxay ku jiraan dhinaca midig ee sharciga! (right side of the law)

Hagaag, hadda aan barano sida loo noqdo hacker-ka anshaxa ka dibna aan eegno marxaladaha shaqo ee hacker-ka anshaxa.

10 tilaabo oo aad ku noqonayso Hacker (Hacker-ka Anshaxa)

Talaabada 1aad: La qabso LINUX/UNIX

Nidaam hawlgal ee ah il furan (open-source operating system) – LINUX/UNIX, wuxuu xaqiijiyaa amniga si ka wanaagsan nidaamyada kale ee kombiyuutarka. Hackers ahaan, waa inaad si fiican u taqaanaa LINUX maadaama ay ka mid tahay nidaamyada sida weyn loo isticmaalo ee wax lagu jabsado. Waxaa lasocda qalab (tools) ku filan oo loogu talagalay hackers-ka. Qaybaha Linux waxaa ka mid ah Red Hat Linux, Ubuntu, Kali Linux, BackTrack, iyo in kaloo badan. Kuwaani waxaa ka mid ah, Kali Linux oo ah nidaamka Linux midka ugu caansan ee si gaar ah loogu habeeyey ujeedada jabsiga.

Tallaabada 2aad: Dooro mid ka mid ah luuqadaha barnaamijyada (Programming languages)

Asalka ereyga “hacker” ayaa loo alifay in lagu qeexo qof si weyn u yaqaana coding-ka,
inaad noqoto qof si weyn u yaqaana programming ka waxey kaa caawinee in ad dhisato tool adiga kuu gaar ah kuuna qabanayo hawl gaar ah. Farqiga u dhexeeya script kiddies-ka iyo xirfadlayaasha ayaa ah, script kiddies waxey isticmaalaan qalab hore loo dhisay halka xirfadlayaasha (ethical hackers) qalab (tools) kooda dhistaan. Kawaram hadii aad weydo tool kuu qabta hawl aad u baahneyd? si fudud hadii aad tahay xirfadle yaqaana coding-ka adiga ayaa markaas dhisaayo, laakiin hadii aad tahay qof aan aqoon luqadaha barnaamijka (programming languages) jabsigaaga halkaas ayuu ku joogsan.

Isku day in aad barato wax ka badan hal luuqad oo barnaamijka ah si aad u hesho gacanta sare.
Hacker-ka akhlaaqda leh (ethical hacker) oo aqoon fiican u leh laba ilaa saddex luuqadood oo barnaamij ah ayaa kala saari kara oo falanqayn kara qayb code ah, dhisi karana qalab cusub. Qaar ka mid ah luuqadaha barnaamijyada ugu fiican ee hackers-ku waa:

  • Python: Waxaa si weyn loogu isticmaalaa qorista exploits ka
  • JavaScript: Waxey ku haboon tahay jabsiga web apps-ka
  • SQL: Waxey kaa caawinaysaa jabsiga databases ka – SQL injection

Talaabada 3aad: Baro ahaanshaha mid qarsoon

Talaabada ugu muhiimsan ee jabsiga waa in aad barato sida la isku qariyo oo aad qariso aqoonsigaaga, si ana loo helin wax raad ah oo aan dib lagaaga faaideysan. Badanaa jabsadaha akhlaaqda leh ayaa laga yaabaa inuusan garanayn cidda kale ee ku jirta isla shabakadda, ama haddii midka koofiyadda madow uu ogaado inuu jiro qof kale oo ku jira shabakadda, marka waxay isku dayi karaan inay jabsadaan nidaamka kadibna ogaadaan cidda kale ee kujirta. Sidaa darteed, qarsoonaantu waxay muhiim u tahay jabsiga anshaxa (ethical hacking). sidoo kale, Isticmaalka Anonsurf, Proxychains, iyo MacChanger waa saddexda dariiqo ee ugu ballan qaadka badan ama ugu fiican ee lagu ilaalinayo aqoonsigaaga.

Tallaabada 4aad: Si Wanaagsan u Baro networking concepts-ka

Ogaanshaha fikradaha networking-ka iyo sida loo abuuray waxay muhiim u tahay jabsadaha anshaxa. Inaad si fiican u barato shabakadaha kala duwan iyo borotokoollada waxay faa’iido u leedahay ka faa’iidaysiga dayacanka. Ethical Hacker oo u leh aqoonta qoto dheer ee aaladaha network-ka sida Nmap, Wireshark iyo kuwa kale oo badan, ayaa ka badbaadi kara caqabadaha.
Qaar ka mid ah fikradaha shabakadaha (network concepts) muhiimka ah waa:

  • TCP/IP Network
  • Subnetting
  • Network Masks and CIDR
  • Simple Network Management Protocol
  • Server Message Block
  • Domain Name Service (DNS)
  • Address Resolution Protocol
  • Wireless Networks
  • Bluetooth Networks
  • SCADA Networks (Modbus)
  • Automobile Networks (CAN)
  • Iyo kuwa kale oo badan

Tallaabada 5aad: Baro Shabakadda Qarsoon

Qaybta intarneedka ee qarsoon ama aan ka muuqan engines-ka wax lagu baadho waxa loo yaqaan webka mugdiga ah (dark web). Waxay u baahan tahay ogolaansho gaar ah ama software si loo galo. Browser qarsoodi ah oo la yiraahdo Tor ayaa bixin kara marin u helka shabakada mugdiga ah. Waa meesha ugu badan ee fal-dembiyeedka, laakiin wax walba sharci darro kuma aha shabakadda mugdiga ah. Waxa kale oo ay leedahay dhinac sharci ah, hackers-ka anshaxana waa in ay bartaan shabakada mugdiga ah iyo sida ay u shaqeyso.

Talaabada 6aad: Baro Qorista Qarsoon (cryptography)

Cryptography ama qoraal sir ah waa wax muhiim u ah hackerka anshaxa. Encryption iyo decryption aad ayuu muhiim u yahay hacking-ka. Encryption ku waxay adeegsataa dhowr arrimood oo amniga macluumaadka ah, sida xaqiijinta (authentication), data integrity iyo in badan oo kale. Macluumaadka qiimaha leh ayaa had iyo jeer ah mid encrypted ah, sida ereyada sirta ah. Hacker-ku waa inuu bartaa sida loo garto encryption-ka oona jebiyaa.

Encryption: Waa habka farriinta la akhriyi karo loogu beddelo qaab aan la akhriyi karin si looga ilaaliyo dad aan la oggolayn inay akhriyaan.
Decryption: waa habka loogu beddelo fariinta Encryption-ka ah qaabkeedii asalka ahaa (la akhri karo).
Cryptography: Waa cilmiga sireynta (encryption ) iyo kala saarida (decryption) ee macluumaadka.

Talaabada 7aad: Si qoto dheer u sii wad Hacking

Marka aad si fiican u fahanto mowduucyada aan ilaa hadda ka hadlay, si qoto dheer u gal fikradaha jabsiga oo baro mowduucyo ay ka mid yihiin SQL injections, penetration testing, vulnerability assessment, iyo in kaloo badan. La soco isbeddellada amniga ee ugu dambeeyay ee nidaamka, agabkii ugu dambeeyay iyo siyaabaha loo jabsado loona sugo nidaamka.

Talaabada 8aad: Baadh dulduleeladda

Nuglaanta (Vulnerabilities) waa daciifnimo ama daldaloolo uu leeyahay nidaamka. Baro sida scan loogu sameyo nidaamyada iyo shabakadaha si aad u ogaato daldaloolada keeni kara jebinta amniga. Hackers-ka anshaxa sidoo kale waxay isku dayi karaan inay qoraan baylahda (vulnerability) ay arkeen si ay ugu jabiyaan nidaamka.
Qaar ka mid ah tools-ka vulnerability identification-ka ee Kali Linux OS waa:

  • Nessus Vulnerability Scanner: Identifies vulnerabilities on web applications and multiple systems
  • OpenVAS Vulnerability Scanner: Identifies vulnerabilities on devices within a network
  • Nikto Vulnerability Scanner: Acknowledges vulnerabilities on web servers
  • Nmap Vulnerability Scanner: Identifies vulnerabilities across multiple targets
  • Wapiti Vulnerability Scanner: Identifies web application issues like XSS and SQLi

Talaabada 9aad: Tijaabi oo ku celceli jabsiga

Ku celcelinta iyo tijaabinta (Practicing and experimenting) ayaa ah furayaasha guusha lagu gaaro qaasatan marka lajoogo goobta jabsiga (field of hacking). Hackers-ka anshaxa waxa ay u baahan yihiin in ay ku celceliyaan concepts-ka ay barteen waliba mar xaalado kala duwan. Tijaabiyaan weeraro kala duwan, qalabyo, iyo in kaloo badan.

Talaabada 10aad: Ka qaybgal wada xaajoodyada oo la kulan khabiirada jabsiga

Samee bulsho ama ku biir golayaasha doodaha lala yeesho ee hackers-ka kale ee adduunka oo dhan si aad isu weydaarsataan oo aad u wadaagtaan aqoonta una wada shaqeysaan. Waxaa jira dhowr bulsho oo Discord, Facebook, Telegram, iyo goobo kale oo badan ku kulma.

Waa maxay marxaladaha shaqo ee Ethical Hacking?

Dulqaadku waa xirfad aad u baahan tahay inaad kobciso haddii aad rabto inaad bilowdo xirfad ahaan hackers anshaxeed. Ma filan kartid inaad hesho shaqo heer sare ah oo gaar ah oo aad hesho mushahar weyn bilawgaaga, laakiin waxaa jira karti aad u weyn oo aad ku gaadhi karto labadaba waqti gaaban gudaheed!

Bilaabidda

Qaar badan oo ka mid ah jabsadayaasha anshaxa waxay ku bilaabaan inay helaan shahaadada sayniska kombiyuutarka (computer science degree). Waxa kale oo aad haysataa ikhtiyaarka ah helitaanka shahaadada CompTIA A+ oo u baahan qaadashada laba imtixaan oo kala duwan. Imtixaanadan ayaa lagu tijaabiyaa aqoonta qofka ee qaybaha Computer-ka iyo awooda uu u leeyahay in uu kala furfuro Computer-ka ka dibna dib u dhiso.

Si aad u gasho imtixaanka, waxa lagaa filayaa inaad yeelato ugu yaraan 500 saacadood oo khibrad joogteyn ah (500 hours of practical computing experience), 500 saacadood oo practice ah waxey kugu qaadan kartaa ilaa 6 bilood (si aad u baasto ayee muhiim kugu tahay practice badan). Heerkan shaqadaada, waxaad filan kartaa inaad hesho mushahar celcelis ahaan gaaraya $44,000 sanadkii. Si kastaba ha ahaatee, ka hor inta aanad u gudbin mehnaddaada (hacking), waxaad u baahan tahay inaad khibrad kasbato oo aad hesho shahaadada CompTIA Network+ (N+) ama CCNA. Shahaadada N+ waxay ansixisay aqoonta heerka aasaasiga ah ee shabakadaha (networking), oo ay ku jiraan maaraynta, dayactirka, rakibidda, iyo cilad-saarka. Shahaadada CCNA waxay hubisaa awoodo isku mid ah sida N+, wana khibradda heerka aasaasiga ah laakiin wey ka sareysaa N+.

Taageerida Shabakada (Network Support)

Markaad soogaarto halkaan, waxaad bilaabi kartaa marxaladda xigta ee xirfaddaada, Network Support. Halkan, waxaad samayn doontaa hawlo ay ka mid yihiin la socodka iyo cusboonaysiinta, rakibidda barnaamijyada amniga, iyo tijaabinta daciifnimada. Waxaad khibrad ka heli doontaa dhinaca amniga shabakada, ujeeddadaaduna waa inay ahaato inaad boos ka hesho injineer shabakadeed (Network Engineer).

Injineer Shabakaded (Network Engineer)

Ka dib markaad hesho khibrad ka shaqaynta taageerida shabakada, waxaad rajayn kartaa inaad kasbato $60,000-65,000 inta u dhaxeyso! Waxaad hadda samayn doontaa oo aad qorshayn doontaa shabakadaha halkii aad kaliya taageeri lahayd. Hadda wixii ka dambeeya, safarkaaga aad ku noqonayso hacker-ka anshaxa waa in aad xoogga saarto dhinaca Amniga. Hadda waa markii aad u baahan tahay inaad ka shaqeyso sidii aad ku heli lahayd shahaado xagga amniga, sida Security+, CEH, ama CISSP.
Shahaadada Security+ waxaa ansixisay Wasaaradda Difaaca ee Mareykanka waxaana ku jira tijaabinta mowduucyada muhiimka ah sida xakamaynta gelitaanka, maareynta aqoonsiga, iyo cryptography.

Certified Ethical Hacker (CEH) waa shahaado ay bixiso EC-Council, taa oo la muujinayo aqoonta lagu qiimeeyo amniga nidaamyada kombiyuutarka iyada oo la raadinayo daciifnimada iyo dayacanka hababka bartilmaameedka, iyada oo la adeegsanayo aqoon iyo qalab la mid ah tan black hat hackers-ka.

CISSP waa shahaado amni oo caalami ah oo la aqoonsan yahay taasoo ka marag kacaysa aqoonta maaraynta khatarta, cloud computing iyo application development.

Ka shaqaynta Amniga macluumaadka

Tani waa tillaabada ugu weyn ee jaranjarada si aad u noqoto Ethical hacker, Celceliska mushaharka qofka doorkan ku jira waa $69,000. Falanqeeyaha amniga macluumaadka (information security analyst) ayaa baara nidaamka iyo amniga shabakada, wuxuu wax ka qabtaa jebinta amniga, wuxuuna ka shaqeeyaa sidii loo meel marin lahaa tillaabooyinka amniga. Doorkan, waa inaad xoogga saartaa tijaabada gelitaanka ama aad tijaabisaa jabsiga si aad khibrad-gacan uga hesho qaar ka mid ah qalabka ganacsiga.

Waqtigan xaadirka ah ee xirfaddaada, waa inaad higsaneysaa inaad ka hesho shahaadada Anshaxa Hackers (CEH) ee International Council of Electronic Commerce Consultants (the EC Council). Tababarka ama qibradda aad shaqadda ka hesho ayaa ku qaadan doona wax kasta oo aad u baahan tahay inaad ogaato si aad u noqoto hacker wax ku ool ah, anshax leh. Waxa aad si buuxda u dhex geli doontaa deegaan gacan-ku-taag (hands-on environment) ah oo lagugu qaadayo habka jabsiga shabakada iyo ogaanshaha wixii dhibaato amni ee jira. Markaad hesho shahaadadan, waxaad bilaabi kartaa naftaada suuq-geynteeda sidii khabiir akhlaaqeed.

Si aan u baranno sida loo noqdo ethical hacker, marka hore aan fahanno waxa laga filayo shaqada.

Maxaad filan kartaa Hacker-ka Anshaxa ahaan?

Markaad xirfadaada shaqo ka dhigatid hacker-ka anshaxa, waxaad gelin doontaa dhammaan khibradaada farsamo iyo amniga adigoo isku deyaya inaad jebiso amniga shabakada ganacsiga ama hay’adda ku shaqaaleysiisay. Ganacsigu wuxuu u baahan doonaa falanqayn faahfaahsan oo ku saabsan natiijooyinkaaga iyo soo jeedintaada hagaajinta amniga shabakada. Shaqadani waxay nidaamka ka ilaalinaysaa falalka jabsiga ee kuwa leh ujeeddooyin sharci darro ah. Celceliska mushaharka aad ka filan karto jabsiga anshaxa waa $121,000 sanadkii, oo leh gunno oo inta badan waxay gaartaa $15,000 – $20,000.

Sidee Loo Helaa Waayo-aragnimada (Experience) Hacker-ka Anshaxa?

Hackers-ka akhlaaqda leh waa in ay bartaan aaladaha tijaabinta nuglaanta/dulduleelada sida Metasploit, OpenVAS iyo Nessus maadaama ay bixinayaan frameworks qiimo leh oo lagu baadho laguna maareeyo dayacanka. Intaa kadib, U gudub weerarrada gacanta ee la tusaaleeyay ee lagu hagayo bartilmaameedka ku dhaqanka jabsiga anshaxa.

  • Ku celceli xalinta dulduleelada machines-ka ee Hack The Box iyo Vulnhub si aad uga gudubto aasaaska oo aad gaarto ilaa fikradaha advanced-ka ah ee la xidhiidha dayacanka nidaamka ama shabakada.
  • Marka xigta, isku day xalinta bug bounty platforms si aad ugu tababarto xaaladaha nolosha dhabta ah.
  • Kadibna hore u siisoco si aad u sameydo hacking oo real environment ah. Waxay noqon kartaa mid adag marka hore maadaama mishiinnada hackers-ka anshaxa ay ku shaqeeyaan laga dhigo kuwo nugul, laakiin mareegaha dhabta ah waxay hirgeliyaan hab kasta oo suurtagal ah si kor loogu qaado ammaanka.

Sida loo bilaabo

Si aad u bilowdo barashada hacker-ka anshaxa, waxad u baahantahay marka hore in aad taqaano xirfado dhowr ah sida networking, systems, programming. waxaan isku dayaa in aan talaabooyin kooban halkaan kugu soo bandhigo si aad u bilowdo hacking.

Jaamacad

Hadii aad rabto in aad ka barato hacking jaamacad, waxaad shahaadadaada bachelor-ka ka dhigataa Computer Science, Math Ama IT. Kadibna Master kaaga ka dhigato Networking And Cyber Security.
Intaan kadib waxaad halkaas kasii wadi barashada iyo joogteynta xirfadaan adoo raacaya tilaaboyinka aan xaga sare ku xusnay.

Online

Meel aad hacking ka barato waxaa ugu wanagsan internet ka.
Qarniga 21aad wax walba waxeyba ku soo aruureen internet ka, xirfadaha computer ka qaasatan hacking waxaa ugu wanagsan in aad online ka barato oo aad sameydo Self Study.

Halkaan waxaan kugu soo gudbin doonaa talaaboyin hadii aad qaado aan ku noqon karto ethical hacker, laakiin talaaboyin kaan sida kuwii hore maahan ee waa talaaboyin quseeyaa Courses ka online ka.

Marka hore baro course ka aas aaska u ah dhamaan cilmiga computer ka, Comptia A+.

Kadibna Ku Xiji Networking oo baro ilaa heer sare u qaadi karta xirfadaada:
Comptia N+
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP) – Waa Option oo waad ka tagi kartaa laakiin in aad taqaano waxey kaa caawinee in ay sare u qaado xirfadaada network.

Baro Systems & Servers-ka:

Windows Server 2019
Red Hat Linux
Microsoft 365 Certified: Windows 10
Comptia Linux+

Baro Programming Languages ilaa 3-5 laakiin 1 in aad taqaanona dhibmaleh laakiin ilaa 3 in aad taqaano ayaa aad u siifiican:
Python
JavaScript
SQL
Macluumaad Dheer: 10-ka Programming Languages Ee Ugu Fiican Hacking-ka.

Baro Cloud Computing, Kaliya inaad fahanto ayaa muhiim kuu ah hada:
Comptia Cloud+

Intaa kadib, waad bilaabi kartaa barashada Cyber Security, si aad u noqoto ethical hacker:
Security +
Certified Ethical Hacker (CEH)

Markaa halkaan joogto waxad tahay penetration tester ama ethical hacker kadibna waxad sii wadi steps kii aan hore u soo sheegnay, ee ah in aad kororsato qibrad horena ugu sii socoto.

Note: Talaabooyinkaan waa sida aad u bilaabin laheyd ethical hacking iyo waxa lagaaga baahan yahay marka waa in aad ku dabaqdaa steps-ka hore ee ahaa 10 tilaabo ama steps oo aad ku noqonayso Hacker (Hacker-ka Anshaxa).

Gunaanad

Jabsiga akhlaaqda waa aag waxbarasho oo adag, maadaama ay u baahan tahay in la barto wax kasta oo ka kooban nidaam ama shabakad. Tani waa sababta shahaadooyinku (certifications) ay caan uga dhex noqdeen hackers-ka anshaxa.

Dunida maanta, amniga internetka ayaa noqday mawduuc soo koraya oo xiiso u leh ganacsiyo badan. Iyadoo tuugada xaasidnimada leh ay helayaan habab cusub oo ay ku jebiyaan difaaca shabakadaha ku dhawaad ​​maalin kasta, doorka jabsiga anshaxa ayaa noqday mid sii kordheysa oo muhiim ah. Waxay abuurtay fursado badan oo loogu talagalay xirfadlayaasha amniga internetka waxayna ku dhiirigelisay shakhsiyaadka inay ka dhigtaan jabsiga anshaxa xirfadahooda shaqo. Marka, haddii aad waligaa tixgelisay suurtagalnimada gelitaanka barashada amniga internetka, ama xitaa hadii aad daneeneydo in aad ka dhigato xirfad, hada waa waqtiga ugu habboon, Kaliya fadhiga ka kac joojina niyada in aad ku dhisato riyooyinkaaga, ee samee oo run u badal.
Waxaan Inoo Rajeynaa Hormar Technology

10 Responses

Add a Comment

Your email address will not be published. Required fields are marked *