IT managers must think like hackers to stop them. That's the premise behind a week-long seminar coming to Boston on Monday.

In its fourth year, Ernst & Young's Xtreme Hacking focuses on host and network security defense. The sold out event takes place at the accounting giant's John Hancock Tower offices.

"It's really no longer a question of will someone try to attack your network, but when and with what result," said E&Y's Marty Dolphin. "The more organizations know and understand their network related risks and vulnerabilities and how a hacker might exploit them, the better equipped they'll be."

September 11 brought the security to the forefront. But despite the heightened awareness of security risks, experts say many companies are still unprepared.

A recent Gartner report found many companies remain focused on inexpensive tactics, such as tweaking and testing their business-continuity plans, rather than more effective wholesale changes, such as moving data centers or offices to more secure locations.

Ernst & Young's classes cover the tools and tactics used by a hacker to corrupt network security, ranging from brute force approaches to software applications to crack passwords, to "Trojan horses" and the use of "social engineering" techniques.

Half the class is spent conducting hands-on exercises incorporating these and other techniques. At the end of the classes participants are presented with defensive tactics to repell attacks.

Most of the classes are taught by Ernst & Young experts. However, sometimes, outside instructors from the FBI or other government agencies. The Boston classes are already sold out. However, spokeswoman Laura DeCoste said the event is held in different cities up an average of eight times a year. More information is available at E&Y's Web site.

Knowledge of TCP/IP and familiarity with both NT and Unix operating systems is a prerequisite. As a result, enrollment in the classes requires prior approval from Ernst & Young. The classes cost $5,000 per participant.

This story was first published on, an site.