The CEH (Certified Ethical Hacker) certification has an exciting name. After all, what IT nerd didn’t dream of becoming a hacker after seeing the latest action film hero save the world with a few sly keystrokes against a black command prompt with cryptic text and orders? The name is more enticing than boring certifications, like the Cisco Certified Network Associate. It just has more appeal because you are a bonafide hacker with a piece of paper to prove it after passing the exam!
Well, not exactly. It’s just another stepping stone toward becoming a penetration tester or white-hat hacker. Many technology areas need exploration to become a higher level of penetration testing experts. Still, the CEH is an excellent choice to prove you have more security knowledge than the average IT bear, which will make you more of a marketable professional.
And it is, of course, a vendor-neutral exam. As stated on the CEH website, “A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but lawfully and legitimately to assess the security posture of a target system(s).”
The exam is composed of 125 questions, which may seem formidable. However, as we’ll discuss in the next section, it isn’t one of the most challenging exams available. The test is administered in multiple-choice format, and candidates have four hours to complete the examination. Still, you’ll want to make sure you pass on the first try since the latest version of the exam (CEHv11) costs more than a thousand dollars. And to get the certification, that would be another thousand.
The article covers:
- Introduction to CEH Certification
- Difficulty of CEH
- Professional Value and Marketability
- What’s in CEHv11?
- CEH Exam (312-50) Requirements
- Passing the CEH Exam
- Hacktivism Vs. Ethical Hacking
- Final Thoughts
Difficulty of CEH
There seems to be a lot of subjectivity whenever talking about the difficulty of an exam. So, let’s try to get a few things straight.
First of all, before taking the CEH exam, we recommend you start with the Security+ exam. Some people have commented in forums that they thought both exams were roughly the same difficulty level. But in our humble opinion, we’d have to disagree.
The CEH exam is slightly more complex than the Security+ exam, but we recommend starting with certification that makes you more professionally marketable. Networking disciplines are the foundation of most types of internet security, except higher-level attacks like cross-site scripting and phishing.
But even phishing attacks touch on networking concepts, such as DNS resolution. Starting with a networking certification first and then branching out into security disciplines is a good option. It may sound counter-intuitive, but getting more general certificates first (like the Network+ and CCNA certifications) is recommended even though the CCNA is generally considered harder than the CEH.
They emphasize policy, theory, and best practices than in the past, and many exam questions are centred around particular scenarios.
Professional Value and Marketability
PayScale reports that Information Security Analysts with the CEH certification have salaries that range from approximately $53,000 to $109,000. Since the CEH certification is a speciality qualification, you can earn more money and gain more professional value than other general knowledge certifications, like the CompTIA Security+ certification.
Don’t get us wrong; the Security+ exam does still hold value. But in all reality, HR staffers and IT departments would prefer a candidate who has the CEH certification over another candidate that only has the Security+ certification – all other things equal. However, We must give you a fair word of caution. Some people are incredibly book smart but lack real-world experience.
When these types of people move from the books (or lab) to the real world, they often find that without experience, they struggle to adapt to real-world practices. For that reason, we don’t think that this certification guarantees a free ride to a six-figure income. And don’t make the mistake of thinking that you’ll launch your career into the stratosphere and start out making $53,000 per year. The data from PayScale can be a little misleading, so we need to talk about it in greater detail.
The CEH exam isn’t an entry-level exam (though stricter security exams, such as the CCIE Security exam). Because this isn’t an entry-level certification, you can expect that most people in the PayScale data already have other certifications under their belts and years of experience. But if it doesn’t guarantee you a high salary out of the gate, why bother with it at all?
Well, there are several reasons. The first is that studying for the exam will increase your knowledge, making you a more well-rounded professional. Some people try to pigeonhole themselves into one area of expertise, such as routing and switching. And though they may be good at what they do, it’s better to have an eclectic knowledge of computer systems for several reasons.
Firstly, it allows you to wear several hats, making you more marketable to potential employers.
Secondly, it will help you understand and communicate with security professionals, even from a different department.
And thirdly, it will, of course, bring you one step closer to becoming a white hat hacker or penetration tester. You’d be shocked to discover how much money expert penetration testers make when working for a big corporation. Some make six-figure incomes greater than $150,000 – some earn even more than that.
But now consider that these salaries are only achievable with decades of experience and expert level certifications. However, when you look at things from a consulting perspective, the sky is the limit. You’re only bound by how much time you have and how many clients you can service. Either way, you slice it, whether you end up consulting or working for a salary, the CEH is an ideal certification that will serve as a stepping stone to bring you closer to becoming an ethical hacker.
Though we can’t hope to prepare you for the exam in a single post, we do want to take a moment to provide a high-level overview of the exam’s topics and how they relate to penetration testing and ethical hacking. The following are CEH certification topics, concepts, and objectives. This is not intended to be a comprehensive list because each case comprises many sub-topics, but this should accurately picture the exam’s objectives.
What’s in CEHv11?
The latest version of CEH includes hacking challenges on a different level. The marketers of the program call it ‘Hacking Challenges On Steroids.’ Though we are not marketing the course specifically for you to buy, as you’re here, we assume you want every bit of necessary information at a glance.
The course helps build up the basic infrastructure and trains to be successful for an in-depth understanding of a hacker mindset. As we mentioned before, book smartness will not fulfil your expectation in the field. Instead, it requires hands-on experience and collaboration with like-minded people. The CEH provides that and risk management training to become an asset as an employee.
Working in the red team requires patience, the ability to pentest, report to the owners, and make the environment a safe place. Hackers hack to steal data or gain some benefit, but red team players take permission before the test and keep the outcome confidential.
CEH was introduced in 2003; since then, it has taught many people the craft of penetration testing, the latest tools, and exploits. The core mission of CEH remains valid today: ‘To beat a hacker, you need to think like a hacker.’ Still today, many employers prefer personnel with CEH certification to just a Security+ because Security+ qualifications are a part of CEH. With the introduction of CEHv11, the team introduced Parrot security OS incorporation, re-mapped to NIST/ NICE framework, enhanced IoT, security, and OT modules, along with hands-on training for cloud-based threats.
Have you ever seen a car being repaired in the body shop? We assume you did. There are many cars in different conditions. Some need an engine oil change, some are bashed up due to an accident, some need a new coat of paint, and some don’t start. What the mechanic does is polishes the body or de-complies all the parts. After fixing the errors, puts it back together again.
No matter how dirty or rusty the car was, the customer received a polished and working one. CEH learners follow a pretty similar trait. A program you’re testing can have uncountable issues that the customer is unaware of. Not just fixing them but also suggesting how stuff can be upgraded down the line or what to do and what not will be your duty. And for the company you’ll work, you’ll be tasked to fix them one by one with a team or without; it doesn’t matter. Let’s learn a few topics of the CEH course.
Footprinting and Reconnaissance
Footprinting and reconnaissance techniques are essential for any type of hacker, good or bad. The idea is to gather as much information about a target system as possible to help identify weaknesses and vulnerabilities. Though black hat hackers use reconnaissance to find exploits, penetration testers and white hat hackers use them to plug up security holes.
Ideally, you want to make it impossible for a black hat hacker to gather information about private networks and computer systems (i.e., preventing systems from responding to pings to mitigate ping sweeps).
However, no network is ever 100% infallible.
Scanning Networks
Network scans are used for various reasons, but the point is to identify hosts, services, and other network details. For example, a ping sweep is a reconnaissance scan that looks for active hosts on a given network subnet.
Different types of scans look for individual sockets and ports to see if a host accepts certain connections. For instance, a penetration tester might want to scan a network to verify that no hosts get Telnet connections since it is less secure than SSH and sends passwords in plain text.
Malware Threats
Despite the latest and most fantastic security software, Malware plagues the modern Internet. But Malware (malicious software) is an umbrella term that could refer to a wide variety of threats. Such threats include viruses, Trojans, adware, spyware, keyloggers, and similar applications. Not only does a penetration tester need to know what all of these threats are, but you’ll also need to know best practices for mitigating threats.
Sniffing
Have you ever wondered how a hacker can capture raw data in transit through a network? They use applications called packet sniffers, and they can be used to charge just about any data imaginable (wireless frames, protocol handshakes, session data, etc.). Security professionals and penetration testers can use them to ensure that blocked services are truly disabled on a network to plug up vulnerabilities. There are about a thousand, and one uses packet sniffers, but know that they’re used to seeing the raw data flowing over a network interface.
Social Engineering
Since the dawn of the username and password, social engineering has been around, but hackers and thieves still use social engineering to prey on unsuspecting victims successfully. As a security specialist, you’ll not only need to be able to identify social engineering techniques but also help create policies that thwart them ahead of time. One example of social engineering is a bogus impersonator of an IT department, claiming that it’s imperative to forfeit their username and password.
Denial-of-Service (DoS)
Denial-of-service attacks come in many shapes and sizes, but they all seek to do the same thing. As the name implies, the attacker attempts to overwhelm a server, service, or resource to make it inaccessible for other users – hence denying a service. Naturally, as an ethical hacker, you’ll need to implement best practices and security techniques that help reduce the risk of successful DoS attacks and mitigate damage.
Session Hijacking
Session hijacking is a severe threat because most end users won’t know if an attacker has stolen their session. To the end-user, it will appear as though the service or website is temporarily unavailable when the attacker stole access to their online account. It is easily solved with endpoint encryption, but other best practices follow.
Hacking Web Servers, Hacking Web Applications, and SQLi Attacks
Hacking web servers, applications, and databases is a pretty scary notion, given that the attacks are so easy to carry out. You don’t need any special software apart from a web browser for some of them. Tightening down web resources is critical these days, and I’m sure you’ve heard of instances of a website losing thousands (or hundreds of thousands) of accounts to an unknown hacker. Hackers can even inject malicious SQL (SQL is a database query language) code into a website under exceptional circumstances and then either insert, update, read, or delete all of the data contained on the website’s back end.
SQL Injection
By far, SQL injection is one of the most common web attack vectors globally. When the input validation of user input fails, a SQL injection attack takes place via passing a SQL statement. It can bypass regular security measures and access private information such as database or server data.
SQL injection is OWASP’s one of the top 10 cybersecurity topics. A CEH learner will learn SQL injection as part of the training. Though it’s not easy to become a master of a craft just by boot camps, it’s a great introduction to fresh students. Structured Query Language (SQL) is a computer language used in rational database systems.
Hacking Wireless Networks
It doesn’t take much to hack a wireless network these days. Even if you use an 802.11 wireless security standard, chances are a hacker can break into it. The software used to hack into wireless networks is entirely free (Kali Linux), and hackers can quickly force their way into wireless networks using WEP and WPA. There are a lot of different wireless vulnerabilities, and a competent penetration tester needs to be able to secure wireless networks from potential hackers.
Hacking Mobile Platforms
Given that mobile searches have overtaken traditional desktop searches in Google, it’s clear that mobile devices are here to stay. But they pose some terrible security risks, especially when connected to a corporate network. Most people carry a lot of sensitive personal data on their mobile devices, and the lines between work and emotional life blur. If a hacker gets their hot little hands on a user’s smartphone, there’s no telling what kind of information they could unearth. As a security engineer, you need to speed on the latest mobile security best practices.
Evading IDS, Firewalls, and Honeypots
Firewalls and IDS’s (Intrusion Detection Systems) are the pinnacle of modern network security. Though the CEH is vendor-neutral, many other certifications focus on individual appliances. For example, the CCNA Security certification will introduce you to Cisco’s line of hardware appliances, like their IDS solutions and ASAs (Adaptive Security Appliance). However, the CEH certification looks at these concepts without focusing on particular vendors.
Cryptography
Cryptography is an essential staple in modern security strategies. Any competent penetration tester will know how various cryptographic systems, such as VPNs (Virtual Private Networks) operate – as well as their shortcomings. For example, it’s possible to break certain encryption technologies, such as PPTP. Apart from knowing the latest standards, you’ll also understand how various key exchange processes work. You’ll want to have a high-level understanding of how different encryption protocols work on a fundamental level.
CEH Exam (312-50) Requirements
Unlike other cybersecurity certifications, CEH is considered an entry-level course. So, it removes lots of hassle when it comes to requirements. At Hackingloops, we discussed many requirements. Some require at least five years of work experience to get into the program, where a four-year graduation program counts as one year. Also, there are intern or entry-level positions that count as some experience.
It’s a bit eased up for CEH exams. Anyone wanting to dive into the world of cybersecurity and gain real-world practical knowledge can get it. Of course, it’s not cheap. A requirement of a $100 non-refundable application fee is a must.
The attendee must be at least 18 years old. Without meeting the requirement, attendees can’t attend training courses or certification. However, written consent from legal guardians or parents makes attendees eligible for the course.
The Certified Ethical Hacker (CEH) Live course costs about $2,999 with the EC-Council. The candidates must ask themselves if the course will be worth it and if they can stick to it until the end. If the answer is ‘yes,’ then it’s a pleasant journey of learning with world-class instructors regarding the location of the test.
However, the EC-Council / training centre has the right to impose additional restrictions to comply with policies.
Passing the CEH Exam
Employers respect the CEH course, and it’s for a particular reason. High integrity of the certification exam, a throughout course time, hands-on experience, qualitative markings rewards the worthy. EC-Council exams are famous for their multiple-choice questions and different question banks. The questions, once prepared, go through a multi-level of experts to maintain the standard as always.
Candidates have four hours to complete the CEH exam with 125-questions multiple-choice. There is plenty of time to answer each question, and many reported they only need two to three hours. Nmap, Netstat, Snort, Wireshark, and similar tools are some of the frequent topics in the test.
Though there is an academic criterion, hands-on learning capability is also rewarded. Each exam form has an overall passing mark, and gaining at least 60% will get you a certification.
Hacktivism Vs. Ethical Hacking
Combining the term ‘hacker’ and ‘activism,’ we get hacktivism. Hacktivists practice hacktivism to promote social or political agendas. Hacktivists target government facilities, large organizations, or multinational companies. Black hat, white hat, grey hat are hacktivists who can do all sorts of nasty computing systems.
On the other hand, ethical hackers have the same particular vendor’s skill set but put it into good use. During CEH boot camp, students are shown the difference between a lousy hacker and a good hacker. Students need to learn how their part will contribute towards a safe online experience.
Final Thoughts
Though the CEH certification isn’t a golden ticket that guarantees a six-figure salary (far from it), it does make you one heck of a lot more marketable to prospective employers. Plus, data security is an increasingly growing field, so you’ll have good job opportunities and job security. We might recommend starting with the Security+ exam, but if you feel up to the challenge, the CEH is an excellent way to showcase your knowledge about the latest security trends.