Tag Archives: ceh

Free CEH Exam Study Guide Now Available

For people looking to take the easier route in accomplishing the Certified Ethical Hacker (CEH) certification, there is a free study guide available online. You can download the free CEH exam prep study guide here: CEH Exam Study Guide


What Training Comes Next After The Certified Ethical Hacker – How to Advanced Your Career as a Penetration Tester

Ethical hackers attempt to compromise computer systems or networks at the request of the system or network owner. By using the same methodology and resources available to criminal hackers, ethical hackers help to identify security vulnerabilities that could be exploited. These weaknesses can then be addressed by programmers or others that are assigned to work on that particular vulnerable hardware or software.

An attempt to circumvent system security and compromise a computer system is commonly known as a penetration test. It is a realistic simulation of a malicious computer attack and can be launched from external sources or from a compromised internal source. Ideally, networks and computer systems should be equally secure from both sources. In reality, they often are not.

The International Council of E-Commerce Consultants, which is known in the IT industry as the EC-Council, offers training and professional certification in ethical hacking. Certified Ethical Hackers must attend an accredited training center or combine at least two years of information security work with an approved self-study program. The CEHv8 test consists of 150 multiple-choice questions that must be completed within a 4-hour period with a minimum score of 70 percent. The test costs approximately $500, and a $100 eligibility fee is also required.

After CEH certification, IT security professions seek more advanced Certified Security Analyst/Licensed Penetration Tester credentials. The ECSA/LPT certification (http://www.trainace.com/courses/lpt/) covers advanced information security techniques and is also provided by the EC-Council. ECSA/LPTs focus on the analysis of penetration test outcomes and create risk mitigation measures to protect IT infrastructure. The course emphasizes best practices from experts in many areas of IT security.

The third tier of certification in the ethical hacking credentialing hierarchy is the Cyber War / Advanced Penetration Testing training. This certification, which is offered through Advanced Security by Academy of Computer Education, instructs IT security professionals in advanced, persistent threat tactics for penetration testing of high-security systems and networks. Advanced Security by Academy of Computer Education is a preferred training provider for the U.S. military, DHS, the FBI and other government agencies for this reason.

The course lasts for five days and focuses on the penetration of highly secured data environments. Patched and hardened versions of Vista, Windows 7, Windows Server 2008, and up-to-date Linux servers are used as course targets. The course covers both host-based and network intrusion detection systems and intrusion prevention systems.

In this industry leading advanced hacking training class, students first learn to deal with load balancing, network IDS/IPS, and deep packet inspection while attempting penetration from outside a network. The course then progresses to penetration of web-based applications with typical security measures in place.

The third step in the class is the study of LAN-based attacks, the penetration of locked down workstations, and a study of methods of dealing with host-based IDS/IPS as opposed to networked systems. The final phase of the advanced pen testing class deals with controlling active directories.

Criminal hackers are constantly sharing new ideas and penetration techniques. Many of their approaches can be quite sophisticated. IT security professionals often hear about these approaches only after it is too late to prevent intrusion. CEH, ESCA/LPT, and Cyber War are designed to ensure exposure to cutting-edge penetration and exploitation methodologies, and the courses cover hands-on hacking techniques that simply aren’t taught in routine educational settings. By teaching security professionals to think like hackers, these classes enable IT personnel to anticipate advances that hackers have not yet made.


Free Certified Ethical Hacker Class Giveaway

Advanced Security by Academy of Computer Education is giving away one free enrollment into any one of our Award Winning Certified Ethical Hacker (CEH) training classes.

Advanced Security is the reigning, two-time EC-Council ATC of the Year of the year award winner. Their training is recognized worldwide as the leading hands-on CEH training available because of the amount of time we spend on labs and method they have to prepare students for the exam. Their instructors are internationally known and followed Subject Matter Experts who speak at conferences and are followed by many in the industry.

They are giving away a free enrollment (certification exam included) to any one of their open enrollment Certified Ethical Hacker (CEH) training classes. This free enrollment can be used during any one of their open enrollment courses for up to one year from the end of this drawing. Details are as follows:

You must either blog about, Tweet about, Facebook post about or Google+ post about this Certified Ethical Hacker course giveaway contest. In any of the mentioned forms of posting you must include a link to this page: http://www.trainace.com/courses/ceh/

If you already have the CEH or equivalent experience you may follow the same steps, but do so for the Cyber War, Advanced Penetration Testing class: http://www.trainace.com/courses/apt/

For each online activity above that you do, you will receive the following entries into the drawing:

Blog Post – 10 entries

Tweet –  3 entries

Facebook – 2 entries

Google+ – 2 entries

When complete, you must send an email with the Subject “Free CEH Class Contest”. In the email include a link where they can find each posting. Send the email to rcorey@trainace.com  They will tally all entries and randomly select a winner. The winner will be selected on 5/16/12.


The Current Status of the CEH and How Online Training Makes Sense

In the age of the Stuxnet worm, high-level information security is of ever increasing importance. Being able to add “certified ethical hacker” to a resume has become an increasingly large selling point in the IT industry. Major IT corporations are paying large salaries to those professionals who have gone through the certified ethical hacker certification process. The reason is simple. Certified ethical hackers are able to identify weaknesses in a variety of hardware and software applications before they are unveiled for use by the public. This increased security means that IT companies can sell incredibly secure products to a market that is increasingly focused on buying products that are hacker-proof.

The idea that “hacking” could serve a legitimate purpose is a notion that confuses many who are not familiar with the intensive infrastructure of information security. However, the need for these professionals is only growing in a world that is increasingly relying on virtual forms of information storage to power ordinary life. Banks, universities, even typical workplaces increasingly rely on some form of computerized information storage. The introduction of “cloud computing” has added to the need for trained professionals who are able to keep information secure over vast, widely accessible networks. The proliferation of hand held devices such as cell phones and tablet computers has only increased the number of access points that malicious hackers can exploit in order to garner unauthorized access to private information. However, simply eliminating these additional access points is not a valid solution. Business and commerce increasingly relies on flexibility and increased access in order to thrive in a globally competitive environment. The burden for security falls upon the professionals who intimately understand how to think like a hacker without causing any real harm.

Certified ethical hackers train by learning how to “penetrate” and test different systems while they are still in their developmental stages. These ethical hackers purposefully test computer systems and networks for vulnerabilities and then report their findings to the developer team. Through this process, systems are gradually refined and strengthened to a degree that can make them anticipate and easily withstand an attack by malicious hackers.

The certified ethical hacker certification is primarily administered by the International Council of E-Commerce Consultants, commonly known as the EC-Council. Classes that enable people attain the certificate are often held in local classrooms or other accessible teaching facilities by a network of 450 affiliated training partners worldwide. In some cases, an individual can complete the required coursework through “self-study” involving work in the information security field. The individual must then submit an application to the EC-Council, although each application must be considered by the EC-Council on its own merits and does not automatically guarantee certification. However, many believe that the best way to train for the certification is to take online training. These courses provide busy professionals with the flexibility and level of detail they need to quickly attain the degree. Once a person has attained the certification, he can expect to earn a considerable amount of money and be hotly courted by headhunters and major IT security firms.

CEH online training (http://www.trainace.com/courses/ceh/) usually incorporates a live streaming component that allows those taking the courses to engage with an instructor. All of the computer forensics training can easily be accomplished online. These courses usually allow the individual to access the classes for up to a year, even though the training itself can be completed in a few short, intensive days. The online classes also have the benefit of being compatible with a variety of hand held devices. A person can opt to take the class from a smart phone or a tablet computer. The comprehensive nature of the classes ensures that the trainee will be ready to penetrate test the most advanced systems once he has completed the required coursework. By taking online classes, professionals can become a certified ethical hacker in a few short days.


Booz Allen Hamilton Hacked – Advanced Persistent Threat Leads the Way

For those readers of the Certified Ethical Hacker blog here that don’t yet know what Advanced Persistent Threat is, you are officially introduced via the recent Booz Allen Hamilton hacking. Advanced Persistent Threat is the emerging buzz-word in the hacking industry and Booz Allen Hamilton was one of the early adopters of combating and protecting clients against this concept. Ironically, it appears as though Advanced Persistent Threat was the cause for BAH’s hacking breach the other day.

Advanced Persistent Threat essentially means that an agency, typically with an espionage mission structure and in most cases a Government or mafia-like entity, targets a business or other Government unit and attempts to penetrate that unit using all hacking approaches necessary. So in other words, that stuff we learned in the CEH training class about the different security sources of compromise, application layer, network layer, social engineering etc. are all attacked with advanced methods for a consistent period of time.

Booz Allen Hamilton employee training consists of Advanced Persistent Threat techniques so that employees know where to find vulnerabilities.  The main problem is, there are hackers that are better and that are consistently progressing. If employees are trained in baseline penetration testing and then expected to harden a complex network, the malicious entity, in this case likely a (very large) country’s Government, has people with higher level training, perhaps in things like advanced exploit development or advanced wireless network hacking, and so they eventually get to their data.

High level hacking training is hard to find, only a few (ie Advanced Security) do it very well. Why? Because not many companies have the experienced minds behind their classes. The old saying, if you want to beat the hackers then you have to think like an attacker is true in this case, but the hackers may have been better trained.


Average Salary Value of the CEH Certification

There is a great post on the IT Training Blog about the Average Salary of the CEH Certification. The post covers data from a few different parts of the world where the CEH cert is most popular. The numbers seemed a little low to me at first, but after some more consideration, the CEH cert is a baseline hacking certification and typically is held by people with a lower level of pen testing experience. I’d be interested to see the increase in average salasry of the ECSA cert, but there may not be available data for that yet. Check out the post here:

Average Salary of the CEH Certification


CEH v7

Certified Ethical Hacker Version 7 (aka v7) has been much anticipated for some time now. The certification has needed updating and version 6.1 only took the updates so far. CEH v7 is going to be a more difficult curriculum, it will include much improved instructor resources (like slides and diagrams etc.), it includes more test-included modules and it includes many new and advanced hacking techniques. Most importantly, the exam is changing. It is going to include a more difficult and updated set of questions. So far, the passing score is set to be the same, but the material / question base is what is changing.

More details can be found at the IT Training Blog.


DoD 8570 Directive and the Certified Ethical Hacker

A further testament to two main trends arose recently when the DoD 8570 directive had Certified Ethical Hacker added to its list of certifications that prove worthiness to work in a certain capacity that serves the DoD community. Those statements were:

1) The Certified Ethical Hacker is, without argument, the hottest certification out right now.
and
2) Hacking / Pentesting is the future of IT security / information assurance workers.

Delving more into item #1, the CEH is the most highly sought after cert in the business. The searches per month on google (use the keyword tool) will prove that to you if you need subjective information about that. The certification has been done the right way entirely, from top to bottom, by the EC-Council management. Marketing, content etc.

As for the second topic, hacking and pentesting has become the main training priority of information assurance workers. Not only are people going in large numbers to learn the concepts or the Certified Ethical Hacker, but now, more than ever before, employees are being trained on advanced defense tactics (ie from the ECSA / LPT) and advanced hacking concepts like the Advanced Penetration Tester (APT) certification. Sorry CISSP, but your days of being at the top are so limited its not even funny. Theoretical / conceptual information assurance practitioners are taking a back seat to people who can break into a network from a major corporation that has a huge annual security budget and spends millions on their firewall and security software. Because I would trust my network to that guy (again see APT).

Certified Ethical Hacker Training Information

Get  more  information on this course!


Follow

Get every new post delivered to your Inbox.