Looking at this article, the very first question that pops into one’s mind is the right definition of an Ethical Hacker. The term Hacker had a different meaning until late 90’s and then there was a shift towards the ethical ways of hacking or to counter hack the hackers who intend to such events for bad reasons. It is an apt phrase to mention here that “the most effective and efficient way to prevent a hack is to think like a hacker”.
To give you a better introduction into how to become an ethical hacker, you need to know more about the CEH v9 Certification (Certified Ethical Hacker) which is administered by the EC Council (that is the International Council of Electronic Commerce Consultants). This program aims at providing the IT professionals the tools and techniques when applied enables them to think/act like hackers.
Businesses have started investing on their IT front to upgrade their IT security personnel at the top most priority ensuring that they are protected from Hackers by employing Ethical hackers to identify and cover up the security flaws in their Organizations. The biggest and most trusted certification that adds values to an individual’s resume is EC-Council’s Certified Ethical hacker certification. It is most suitable with a CCNA certification prior to achieving the CEH certification, as it helps you understand the network topology better and earlier.
Certification Examination Details
CEH certification preparation generally involves two processes, one is to take up a 40 hour online training (which introduces the rightful candidates to the hacking tools and techniques that enables individuals attain the “hacking mindset”) and then to attempt on the CEH examination itself. The exam in general will try to test more than 18 subjects or domains of knowledge, which are listed as below:
Background into Ethical Hacking
Foot-printing and Reconnaissance
Denial of Service (DoS) / Distributed Denial of Service (DDoS)
Hacking Web Applications
Hacking Wireless Networks
Hacking Mobile Platforms
Evading IDS, Firewalls, and Honeypots
The computer based and the closed book exam for CEH certifications consists of 125 multiple choice questions out of which a passing score of 70% is to be attained to successfully complete the certification (70% of 125 questions turns out to 88 questions to be answered right, in order to complete the certification exam with a success). The exam can be taken in any EC-Council examination center or a Pearson VUE testing center. With the details on the exam known, let us take a look at the actual content areas and also look at the scoring areas.
The domains of knowledge are further structured into only 7 content areas and each of these content areas are weighted differently with different weightages. Let us know individually look into all of these seven categories and try to understand the practical usage of it and also on concentrating on the scoring areas.
Background (4%): This section of the exam has only 5 questions to it and basically aims at testing the individual’s knowledge on various kinds of software, hardware and systems that are vulnerable to hackers.
Analysis / Assessment (13%): The second section of the CEH exam concentrates on the data/system analysis and risk / technical assessments. This section constitutes to about 16 questions focusing on the points discussed above (on the factors that do contribute towards systems vulnerability and the techniques that could be put to use in identifying these factors.)
Security (25%): The second largest section of the CEH certification exam focuses mainly on the security areas and this section constitutes of 31 questions. This section will definitely test the knowledge of individuals attempting the CEH certification examination and it mainly tests the knowledge on the following subjects:
Systems security controls
False positive/negative Validation Processes
Security policy implications
Wireless access technology (as like RFID, Bluetooth)
Tools / Systems / Programs (32%): The top most section of the CEH exam and the most scoring of the sub-sections of the examination where there are about 40 questions. This section of the CEH exam is going to test the expertise on the tools, systems and the programs used by the hackers. This part of the examination will be at benefit if you have prior knowledge on Programming languages such as C++ or Java, Scripting languages like PHP and knowledge on different operating systems, network architectures. The following are the subjects that one can expect during the CEH examination and particularly under this sub-section.
Network/host based intrusion
Network/wireless sniffers (e.g., WireShark, Airsnort)
Cryptography techniques (e.g., IPsec, SSL, PGP)
Access control mechanisms
Programming languages (e.g. C++, Java, C#, C)
Boundary protection appliances
Port scanning (e.g., NMAP)
Domain name system (DNS)
Vulnerability scanner (e.g., Nessus, Retina)
Vulnerability management and protection systems (e.g., Foundstone, Ecora)
Operating environments (e.g., Linux, Windows, Mac)
Antivirus systems and programs
Log analysis tools
Procedures / Methodology (20%): This section of the exam comprises of 15 questions and is basically focused on Procedures and methodologies. To clear questions that fall into this category, it is very much needed to have knowledge on information architectures and also on security testing methods.
Regulation / Policy (4%): This section of the CEH examination concentrates or focuses on the regulations and the policy issues and comprises of 5 questions. The sample questions can be focused on Payment Card Industry compliance related security policies or compliance regulations or any other area as specific.
Ethics (2%): The final section of the exam constitutes questions on ethics, which is around 3 questions for the whole examination. This is more on the theory as like the professional code of conduct, EC-Council’s code of ethics and the appropriateness of hacking activities as such in various other contexts.
Until now you have understood the examination, the concentration of topics to go through for clearing your CEH examination. If you are willing to go the extra mile by not just clearing the CEH examination but also to make a mark for yourself in this line of business, then you have to take a look at the following points to ensure that you imbibe these in your preparation time.
Getting familiar with the exam: It is always a better choice to get yourself acquainted on what to expect from the examination point of view and what better a place than the EC-Council’s CEH website itself. It provides you detailed information about the exam, the format, the duration and FAQ’s related to the examination itself. Always ensure you know which version of CEH you’re studying for, EC-Council has recently updated the curriculum to version 9 but the Version 8 is still around.
Follow a study-guide: Best series of documentation to follow for the CEH exams is from the EC-Council itself. It is the most trusted documentation that one can follow and if you are in need of another resource to follow than the official documentation, then you can rely on this book from Amazon anyway.
Testing yourself with practice questions: One of the best options to test your confidence levels before you take up the actual certification, is to take up mock-up tests on Skillset or on EC-Council website or MeasureUp. Please make it a point that you come to this leg of your preparation only when you complete the studies or else the moral will be down low without necessary preparation.
A quick Google Search will provide you millions of results showing necessary content that one could use for the necessary preparation of the CEH (Certified Ethical Hacker) examination. With all those listings, it might get difficult for one to start and end it properly. Hence we have done some research to provide you the best of the articles and eBooks that one should go through before they attempt the CEH examination. Following are the resources that we are talking about:
In this article we have seen what takes it to be an ethical hacker, what needs to be gone through to be an ethical hacker. There are detailed steps on how to become an ethical hacker, how to prepare for it and also how to successfully complete the Certification examination.
All these discussed, it takes a lot of determination and hard-work into the preparation for you to become a very capable ethical hacker. Hope this article provides all the information that you seek for becoming a successful ethical hacker.
Get Updates on Tech posts, Interview & Certification questions and training schedules