The term hacker has traditionally had a bad reputation with
many people as it brings up feelings of being exploited or having ones
privacy breached. As with anything in life, there is always going to be
the bad with the good and in the world of network security there are
always going to be individuals, organizations and countries looking to
gain access to the secret information of their opponents.
The purpose of the Certified Ethical Hacker certification is to
validate the credentials, background and intentions of a network
security professional. These professionals have the knowledge and
ability to breach the security of a target for malicious purposes but
instead of using these abilities maliciously they use them to increase
the security of a network. This article provides an overview of the
Certified Ethical Hacker (C|EH) certification, how it is structured and
the steps that need to be followed to obtain it.
C|EH Certification Review
As stated in the overview, the purpose of the C|EH certification is
to provide candidates a way of validating their abilities as well as
their intentions. By obtaining the C|EH certification, a network
professional can show prospective employers or clients that their
intention is to use their abilities to increase the security of a system
and/or network and not to decrease it. By having a formalized
certification that can be offered to companies, the C|EH also
establishes that hacker is not a term that is only associated with negative actions.
To obtain the C|EH certification, a candidate must pass the current
version of the C|EH exam, as of this writing the current version is v8.
The C|EHv8 exams consists of a proctored computer exam which contains
125 multiple choice questions which the candidate has 4 hours to
complete and must obtain a score above 62% to pass. However, not just
anyone can just go out and study and take the C|EH exam; before a
candidate is allowed to schedule the exam they must be deemed eligible.
There are two ways to become eligible to take the C|EH exam:
- Attend an official C|EH instructor led course, computer based training (CBT), online live training or academic learning OR
- Submit an eligibility form and be manually approved to take the exam, to be approved a candidate must:
- Have at least two years of information security related experience.
- Remit a $100 non-refundable eligibility application fee
- Submit a completed exam eligibility form.
C|EH Exam Layout
The C|EH exam is structured into seven different sections; I have listed them in order of weight (shown in %):
1.Tools/Systems/Programs (32%)
- NIDS, HIDS, ACL, DNS
- Programming and scripting languages
- Cryptography techniques
- Port scanning
- Network topologies
- Subnetting
- Routers, modems, switches
- Operating environments and antivirus systems and programs
- Log analysis tools
- Security models
- Exploitation tools
2. Security (25%)
- Network and physical security
- Biometrics
- Firewalls
- Threat modeling
- Systems security controls
- Application/file server
- Cryptography
- Verification procedures
- Social engineering
- Vulnerabilities
3. Procedures/Methodology (20%)
- Cryptography
- PKI, SA
- Security architecture and testing methodology
- N-tier application design
4. Analysis/Assessment (13%)
- Data analysis
- Systems analysis
- Risk assessments
- Technical assessment methods
5. Background (4%)
- Networking, web, systems, mobile, telecommunication technologies
- Malware operations
- Communication protocols
- Backups and archiving
6. Regulation/Policy (4%)
- Security policies and compliance (i.e. PCI)
7. Ethics (2%)
- Professional code of ethics and hacking appropriateness
Although ethics only represents 2% of the exam, the CEH code of
ethics are extremely important and any violations are taken very
seriously. Penalties for violating the code of ethics include
decertification, suspension of certification and even the publication of
infractions and litigation.
Summary
Whether the term hacker will ever be used by the larger
population with both a positive and negative meaning will be seen over
time. The C|EH certification provides a process of allowing these
network security individuals to validate their abilities and their
intention to use them for the good of a company or client.
About the Author
ReplyDeleteSean Wilkins is an accomplished networking consultant for SR-W Consulting and has been in the field of IT since the mid 1990's working with companies like Cisco, Lucent, Verizon and AT&T as well as several other private companies. Sean currently holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE) and CompTIA (A+ and Network+). He also has a Masters of Science degree in Information Technology with a focus in Network Architecture and Design, a Masters of Science degree in Operational Management, a Masters Certificate in Network Security, a Bachelors of Science degree in Computer Networking and Associates of Applied Science in Computer Information Systems. In addition to working as a consultant, Sean spends a lot of his time as a technical writer and editor for various companies
Author's Website: http://www.sr-wconsulting.com
Hacker
ReplyDeleteWhile this term originally referred to a clever or expert programmer, it is now more commonly used to refer to someone who can gain unauthorized access to other computers. A hacker can "hack" his or her way through the security levels of a computer system or network. This can be as simple as figuring out somebody else's password or as complex as writing a custom program to break another computer's security software. Hackers are the reason software manufacturers release periodic "security updates" to their programs. While it is unlikely that the average person will get "hacked," some large businesses and organizations receive multiple hacking attempts a day.
www.trainsignal.com/blog/ceh-ethical-hacker-certification
ReplyDelete