Top 10 IT certifications in demand

Bangalore: IT certifications have always been popular among IT pros to bag the right job or seek the right jump. With the economy back in green, IT jobs too are back. Keeping this in mind, technology research firm Foote Partners recently listed IT certifications that could be considered "hot" in the coming months.

VMware Certified Professional: With virtualization technology becoming hot, it is little surprising that VCP program is in demand. Research shows that enterprises often face lack of required expertise specific to virtualization.

Certified Information Systems Auditor: CISA is a professional certification for Information technology audit professionals sponsored by the Information Systems Audit and Control Association (ISACA). Candidates for the certification must meet requirements set by ISACA.

GIAC Security Audit Essentials: This is for professionals planning to enter the information security industry who are tasked with auditing organization policy, procedure, risk, or policy conformance.

Certified Information Security Manager: CISM is a certification for information security managers awarded by the Information Systems Audit and Control Association (ISACA).

Check Point Certified Security Expert: Designed for experienced security professionals, Check Point CCSE certification is claimed to be one of the most respected vendor-specific security certification. CCSE is an advanced Core security certification built on CCSA NGX, confirming in-depth skills and expertise in managing and supporting Check Point products.

Check Point Certified Security Administrator: Another Check Point-specific certification, CCSA aims to validate a security administrator's ability to maintain day-to-day operation of vendor's security solutions and ensure secure access to information across the network.

Microsoft Certified Systems Engineer (Security): MCSE certification provides an individual's skills in designing, implementing, and administering infrastructure for business solutions based on Windows Server 2003 and Microsoft Windows 2000 Server.

Certified Wireless Security Professional: CWSP is claimed to be an advanced level certification that measures the ability to secure any wireless network. A wide range of security topics focusing on the 802.11 wireless LAN technology are covered in the coursework and exam, which is vendor neutral.

GIAC Certified Intrusion Analyst: GCIA is an information security certification entity that specialises in technical and practical certification as well as new research in the form of its GIAC Gold program. SANS Institute founded the certification in 1999.

Cisco Certified Network Professional: Another vendor specific certification, Cisco Certified Network Professional or CCNP aims to validate the ability to plan, implement, verify and troubleshoot local and wide-area enterprise networks and work collaboratively with specialists on advanced security, voice, wireless and video solutions.

Top Hacking Tools

Top 10 Linux Tools 1. nmap - Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. 2. Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). 3. THC-Amap - Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to. 4. Ethereal - Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. 5. THC-Hydra - Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. 6. Metasploit Framework - The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research. 7. John the Ripper - John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. 8. Nessus - Nessus is the world's most popular vulnerability scanner used in over 75,000 organisations world-wide. Many of the world's largest organisations are realising significant cost savings by using Nessus to audit business-critical enterprise devices and applications. 9. IRPAS - Internetwork Routing Protocol Attack Suite - Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP. While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication. 10. Rainbowcrack - RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table".

Top 10 Windows Tools 1. Cain & Abel - Cain & Abel is a password recovery tool for the Microsoft Windows Operating System. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. 2. SuperScan - SuperScan is a powerful TCP port scanner, pinger, resolver. SuperScan 4 (Current Version) is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan. 3. GFI LANguard Network Security Scanner - GFI LANguard N.S.S. is a network vulnerability management solution that scans your network and performs over 15,000 vulnerability assessments. It identifies all possible security threats and provides you with tools to patch and secure your network. GFI LANguard N.S.S. was voted Favorite Commercial Security Tool by NMAP users for 2 years running and has been sold over 200,000 times! 4. Retina - Retina Network Security Scanner, recognised as the industry standard for vulnerability assessment, identifies known security vulnerabilities and assists in prioritising threats for remediation. Featuring fast, accurate, and non-intrusive scanning, users are able to secure their networks against even the most recent of discovered vulnerabilities. 5. SamSpade - SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more. 6. N-Stealth - N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but you have to pay for the privilege. 7. Solarwinds - Solarwinds contains many network monitoring, discovery and attack tools. The advanced security tools not only test internet security with the SNMP Brute Force Attack and Dictionary Attack utilities but also validate the security on Cisco Routers with the Router Security Check. The Remote TCP Reset remotely display all active sessions on a device and the Password Decryption can decrypt Type 7 Cisco Passwords. The Port Scanner allows testing for open TCP ports across IP Address and port ranges or selection of specific machines and ports. 8. Achilles - The first publicly released general-purpose web application security assessment tool. Achilles acts as a HTTP/HTTPS proxy that allows a user to intercept, log, and modify web traffic on the fly. Due to a cyber squatter, Achilles is no longer online at its original home of www.Digizen-Security.com...OOPS! 9. CookieDigger - CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values. 10. Netcat (The Network SwissArmy Knife) - Netcat was originally a Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.