Certified Ethical Hacker
From Wikipedia, the free encyclopedia
The Certified Ethical Hacker (C|EH) is a professional certification provided by the International Council of E-Commerce Consultants (EC-Council.)
An Ethical Hacker is one name given to a Penetration Tester. An ethical hacker is usually employed by an organization who trusts him to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Illegal hacking (i.e.; gaining unauthorized access to computer systems) is a crime in most countries, but penetration testing done by request of the owner of the targeted system(s) or network(s) is not, except in Germany.
A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker.
The certification is in Version 6 as of August 2008.
The EC-Council offers another certification, known as Certified Network Defense Architect (C|NDA). This certification is designed for United States Government Agencies, and is available only to members of selected agencies. Other than the name, the content of the course is exactly the same. The exam code for CNDA is 312-99.[1]
To get a more detailed understanding of this process see the Ethical Hack page.
Contents |
[edit] Certification coursework
The coursework consists of 67 modules, which range from 30 minutes to five hours or more, depending on the depth of the information provided.
Some training centers and universities in Asia and Europe include EC Council's CEH program in one of their course modules.
[edit] Examination
Certification is achieved by taking the C|EH examination after having either attended training at an ATC (Accredited Training Center) or done self-study. If a candidate opts for self-study, an application must be filled out and proof submitted of 2 years of relevant information security work experience[2]. Both CEH v5 and v6 utilize EC-Council's exam 312-50. The exam consists of 125 (v4) or 150 (v5) multiple-choice questions, and students are given up to three or four hours, respectively, to complete the examination. The exam costs US$250, and is administered via computer at an EC-Council Accredited Training Center, Pearson VUE, or Prometric testing center (in the United States).
[edit] Recertification
EC-Council Continuing Education (ECE) points will serve to ensure that all EC-Council certified professionals maintain and further their knowledge. Professionals will need to meet the requirements of the ECE to avoid revocation of certification. Members holding the C|EH/CNDA designation (as well as other EC-Council certifications) will be required to re-certify under this program every three years for a minimum of 120 credits (20 credits per year). More information can be found here:[1]
[edit] Controversy
Certain computer security professionals, such as Marcus J. Ranum, have objected to the term ethical hacker: "There's no such thing as an 'ethical hacker' - that's like saying 'ethical rapist' - it's a contradiction in terms."[3] Part of the controversy may arise from the older, less stigmatized, definition of hacker, which has become synonymous with computer criminal.
Some companies on the other hand do not seem to mind the association. According to EC-Council, there has been an increase of careers where CEH and other ethical hacking certifications are preferred or required.[4][5][6]
[edit] See also
- CHFI (Certified Hacking Forensic Investigator)
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CREST (CREST Certified Consultant)
- OSSTMM Professional Security Tester (OPST)
- OSSTMM Professional Security Analyst (OPSA)
- Certified Penetration Tester Specialist (CPTS)
[edit] External links
[edit] References
- ^ http://www.eccouncil.org/cnda.htm
- ^ http://www.eccouncil.org/takeexam.htm EC Council Examinations
- ^ D'Ottavi, Alberto (2003-02-03). "Interview: Father of the Firewall". http://comment.silicon.com/0,39024711,10002714,00.htm. Retrieved on 2008-06-06.
- ^ http://hotjobs.yahoo.com/career-articles-6_unusual_high_paying_careers-600
- ^ http://www.eccouncil.org/pressroom/Recognition%20of%20EC-Council%20Certifications.pdf
- ^ http://www.darkreading.com/security/management/showArticle.jhtml?articleID=213000149
