The CEH (Certified Ethical Hacker) certification has an exciting name. After all, what I.T. nerd didn’t dream of becoming a hacker after seeing the latest action film hero save the world with a few sly keystrokes against a black command prompt with cryptic text and commands? The name is a lot more enticing than more boring certifications, like the Cisco Certified Network Associate. It just has more appeal, because after passing the exam, you are a bonafied hacker with a piece of paper to prove it!
Well, not exactly. It’s just another stepping stone toward becoming a penetration tester or white hat hacker. There are many other security technologies and certifications that will need to be explored in depth to help you rise to the level of penetration testing expert. Still, the CEH is a good choice to prove to employers you have more security knowledge than the average I.T. bear, which will make you more a more marketable professional.
And it is, of course, a vendor-neutral exam. As stated on the CEH website, “A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s).”
The exam is composed of 125 questions, which may seem formidable. However, as we’ll discuss in the next section, it isn’t one of the most challenging exams available. The test is administered in multiple choice format, and candidates have four hours to complete the examination. Still, you’ll want to make sure you pass on the first try, since the latest version of the exam costs a whopping $500.00 USD.
There seems to be a lot subjectivity whenever talking about the difficulty of an exam. So, let’s try to get a few things straight. First of all, before taking the CEH exam, I’d recommend you start with the Security+ exam. Some people have commented in forums that they thought both exams were roughly the same difficulty level. But in my humble opinion, I’d have to disagree.
I personally thought that the CEH exam was slightly more difficult than the Security+ exam, but I’d recommend starting with certification that makes you more professionally marketable. Networking disciplines are the foundation of most types of Internet security, with exception to higher level attacks like cross site scripting and phishing.
But even phishing attacks touch on networking concepts, such as DNS resolution. So, I’d say start with a networking certification first, and then branch out from there into security disciplines. It may sound counter intuitive, but I think the best thing to do is to get more general certifications first (like the Network+ and CCNA certifications). Even though the CCNA is generally thought of as being harder than the CEH, the CEH is no cakewalk.
They’re putting more emphasis on policy, theory, and best practices (I can already hear you yawning) than they did in the past, and a lot of the exam questions are centered around special scenarios.
Professional Value and Marketability
Payscale reports that Information Security Analysts with the CEH certification have salaries that range from approximately $53,000 to $109,000. Since the CEH certification is more of a specialty qualification, you can expect to earn more money and gain more professional value than you would with other general knowledge certifications, like the Comptia Security+ certification.
Don’t get me wrong, the Security+ exam does still hold value. But in all reality, HR staffers and I.T. departments would prefer a candidate who has the CEH certification over another candidate that only has the Security+ certification – all other things equal. However, I must give you a fair word of caution. Some people are extremely book smart, but lack real world experience.
When these types of people move from the books (or lab) to the real world, they often find that without experience, they struggle to adapt to real world practices. For that reason, don’t think that this certification guarantees a free ride to a six figure income. And don’t make the mistake of thinking that you’ll launch your career into the stratosphere and start out making $53,000 per year. The data from Payscale can be a little misleading, so we need to talk about it in greater detail.
The CEH exam isn’t really an entry level exam (though there are tougher security exams out there, such as the CCIE Security exam). Because this isn’t an entry level certification, you can expect that the majority of people in the Payscale data already have other certifications under their belts, and years of experience as well. But if it doesn’t guarantee you a high salary out of the gate, why bother with it at all?
Well, there are several reasons. The first of which is that studying for the exam will increase your knowledge, thereby making you a more well-rounded professional. Some people try to pigeonhole themselves into one area of knowledge, such as routing an switching. And though they may be good at what they do, it’s better to have an eclectic knowledge of computer systems for several reasons. Firstly, it allows you to wear several hats, thereby making you more marketable to potential employers.
Secondly, it will help you understand and communicate with security professionals, even if they are from a different department. And thirdly, it will, of course, bring you one step closer towards becoming a white hat hacker or penetration tester. You’d be shocked to discover how much money expert penetration testers make when they work for a big corporation. Some of them make six figure incomes greater than $150,000 – some make even more than that.
But now consider that these salaries are only achievable with decades of experience and expert level certifications. However, when you look at things from a consulting perspective, the sky is the limit. You’re only bound by how much time you have and how many clients you can service. Either way you slice it, whether you end up consulting or working for a salary, the CEH is an ideal certification that will serve as a stepping stone to bring you closer to becoming an ethical hacker.
Though I can’t hope to prepare you for the exam in a single post, I do want to take a moment to provide a high level overview of the exam’s topics, and how they relate to penetration testing and ethical hacking. The following are CEH certification topics, concepts, and objectives. This is not intended to be a comprehensive list, because each topic is comprised of many sub-topics, but this should paint an accurate picture of the exam’s objectives.
Footprinting and Reconnaissance
Footprinting and reconnaissance techniques are essential for any type of hacker, good or bad. The idea is to gather as much information about a target system as possible to help identify weaknesses and vulnerabilities. Though black hat hackers use reconnaissance to find exploits, penetration testers and white hat hackers use them to plug up security holes. Ideally, you want make it impossible for a black hat hacker to gather information about private networks and computer systems (i.e. preventing systems from responding to pings to mitigate ping sweeps), though no network is ever 100% infallible.
Network scans are used for a variety of reasons, but the point is to identify hosts, services, and other network details. For example, a ping sweep is a type of reconnaissance scan that looks for active hosts on a given network subnet. Other types of scans look for individual sockets and ports to see if a host is accepting certain connections. For instance, a penetration tester might want to scan a network to verify that no hosts are accepting Telnet connections, since it is less secure than SSH and sends passwords in plain text.
Malware, despite the latest and greatest security software, still continues to plague the modern Internet. But malware (malicious software) is really an umbrella term that could refer to a wide variety of threats. Such threats include viruses, Trojans, adware, spyware, keyloggers, and other similar applications. Not only does a penetration tester need to know what all of these threats are, you’ll also need to know best practices for mitigating threats.
Have you ever wondered how a hacker can capture raw data in transit through a network? They use applications called packet sniffers, and they can be used to capture just about any type of data imaginable (wireless frames, protocol handshakes, session data, etc.). Security professional and penetration testers can use them to ensure that blocked services are truly disabled on a network to plug up vulnerabilities. There’s about a thousand and one uses for packet sniffers, but just know that they’re used to see the raw data flowing over a network interface.
Social engineering has been around since the dawn of the username and password, but hackers and thieves still use social engineering to successfully prey on unsuspecting victims. As a security specialist, you’ll not only need to be able to identify social engineering techniques, but also help create policies that thwart them ahead of time. One example of social engineering is a bogus impersonator of an I.T. department, claiming that it’s imperative to forfeit their username and password.
Denial-of-service attacks come in many shapes and sizes, but they all seek to do the same thing. As the name implies, the attacker attempts to overwhelm a server, service, or resource to make it inaccessible for other users – hence denying a service. Naturally, as an ethical hacker, you’ll need to implement best practices and security techniques that help reduce the risk of successful DoS attacks and mitigate damage.
Session hijacking is a serious threat because most end users won’t know if an attacker has stolen their session. To the end user, it will appear as though the service or website is temporarily unavailable, when in reality, the attacker stole access to their online account. This is easily solved with endpoint encryption, but there are other best practices to follow as well.
Hacking Web Servers, Hacking Web Applications, and SQLi Attacks
Hacking web servers, applications, and databases is a pretty scary notion given that the attacks are so easy to carry out. For some of them, you don’t need any special software apart from a web browser. Tightening down web resources is critical these days, and I’m sure you’ve heard of instances of a website losing thousands (or hundreds of thousands) of accounts to an unknown hacker. Hackers can even inject malicious SQL (SQL is a database query language) code into a website under special circumstances, and then either insert, update, read, or delete all of the data contained on the website’s back end.
Hacking Wireless Networks
It doesn’t take much to hack a wireless network these days. Even if you use an 802.11 wireless security standard, chances are a hacker can break into. The software used to hack into wireless networks is completely free (Kali Linux), and hackers can easily force their way into wireless networks using WEP and WPA. There are a lot of different wireless vulnerabilities, and a competent penetration tester needs to be able to secure wireless networks from potential hackers.
Hacking Mobile Platforms
Given that mobile searches have overtaken traditional desktop searches in Google, it’s clear that mobile devices are here to stay. But they pose some terrible security risks, especially when connected to a corporate networks. Most people carry a lot of sensitive personal data on their mobile devices, and the lines between work and personal life blur. If a hacker gets their hot little hands on a user’s smartphone, there’s no telling what kind of information they could unearth. As a security engineer, you need to be up to speed on the latest mobile security best practices.
Evading IDS, Firewalls, and Honeypots
Firewalls and IDS’s (Intrusion Detection Systems) are the pinnacle of modern network security. Though the CEH is vendor neutral, there are plenty of other certifications that focus on individual appliances. For example, the CCNA Security certification will introduce you to Cisco’s line of hardware appliances, like their IDS solutions and ASAs (Adaptive Security Appliance). However, the CEH certification takes a look at these concepts without focusing on any particular vendor.
Cryptography is an absolutely essential staple in modern security strategies. Any competent penetration tester is going to know how various cryptographic systems, such as VPNs (Virtual Private Networks) operate – as well as their shortcomings. For example, it’s actually possible to break certain encryption technologies, such as PPTP. Apart from knowing the latest standards, you’ll also have to understand how various key exchange processes work. You’ll want to have a high level understanding of how various encryption protocols work on a fundamental level.
Though the CEH certification isn’t a golden ticket that guarantees a six figure salary (far from it), it does make you one heck of a lot more marketable to prospective employers. Plus, data security is an increasingly growing field, so you’ll have good job opportunities and job security. I might recommend starting with the Security+ exam, but if you feel up to the challenge, the CEH is a great way to showcase your knowledge about the latest security trends.