Certified ethical hacker

Last updated
Certified Ethical Hacker (CEH)
Issuing Organization EC-Council
Validity duration3 years
Subject
FocusEthical hacking
Requirements
Two years of experience
TypeMultiple Choice
Duration4 hours
Relations

Certified Ethical Hacker (CEH) is a qualification given by EC-Council and obtained by demonstrating knowledge of assessing the security of computer systems by looking for vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system. This knowledge is assessed by answering multiple choice questions regarding various ethical hacking techniques and tools. The code for the CEH exam is 312–50. [1] This certification has now been made a baseline with a progression to the CEH (Practical), launched in March 2018, a test of penetration testing skills in a lab environment where the candidate must demonstrate the ability to apply techniques and use penetration testing tools to compromise various simulated systems within a virtual environment.

Contents

Ethical hackers are employed by organizations to penetrate networks and computer systems with the purpose of finding and fixing security vulnerabilities. The EC-Council offers another certification, known as Certified Network Defense Architect (CNDA). This certification is designed for United States Government agencies and is available only to members of selected agencies including some private government contractors, primarily in compliance to DOD Directive 8570.01-M. [2] It is also ANSI accredited and is recognized as a GCHQ Certified Training (GCT).

Examination

Certification is achieved by taking the CEH examination after having either attended training at an Accredited Training Center (ATC), [3] or completed through EC-Council's learning portal, iClass. If a candidate opts to self-study, an application must be filled out and proof submitted of two years of relevant information security work experience. Those without the required two years of information security related work experience can request consideration of educational background. [4] The current version of the CEH is V12, released in September 2022. [5] The exam, which uses the same EC-Council exam code (312-50) as the earlier versions, has 125 multiple-choice questions and a 4-hour time limit. [6] [7]

The EC-Council and various ATCs administer the CEH examination. [8]

Members holding the CEH/CNDA designation (as well as other EC-Council certifications) must seek re-certification under this program every three years, for a minimum of 120 credits. [9]

Critical components

The CEH focuses on the latest malware attacks, the latest hacking tools, and the new emerging attack vectors in cyberspace. It includes hacking challenges at the end of every module and is built 100% in compliance to the NICE 2.0[ citation needed ] Framework to ensure a systematic job role mapping.

Related Research Articles

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

This is a list of operating systems specifically focused on security. Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

A black hat is a computer hacker who violates laws or ethical standards for nefarious purposes, such as cybercrime, cyberwarfare, or malice. These acts can range from piracy to identity theft. A Black hat is often referred to as a "cracker".

A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

Red Hat, an IBM subsidiary specializing in computer software, offers different level of certification programs, most of which specialize in system administration. Certifications can be validated through Red Hat webpage, and expire after 3 years.

Apple certification programs are IT professional certifications for Apple Inc. products. They are designed to create a high level of technical proficiency among Macintosh service technicians, help desk support, technical support, system administrators, and professional users. Apple certification exams are offered at Prometric testing centers and Apple Authorized Training Centers, as well as online through Pearson Vue.

The Certified Wireless Network Administrator (CWNA) is a foundation level certification from the CWNP that measures the ability to administer any wireless LAN. A wide range of topics focusing on the 802.11 wireless LAN technology are covered in the coursework and exam, which is vendor neutral.

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT Security. The event is currently in its 14th year. Also present at Hacker Halted is EC-Council's H@cker Halted | Academy, trainings and workshops led by EC-Council instructors and trainers.

Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.

Michael Gregg is an American computer security specialist, businessman, author and co-author of several books, including Build Your Own Network Security Lab and Inside Network Security Assessment. He has also served as an expert witness before a congressional committee on cyber security and identity theft.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

<span class="mw-page-title-main">Kali Linux</span> Debian-based Linux distribution for penetration testing

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.

<span class="mw-page-title-main">Matt Zemlin</span>

Matthias "Matt" Zemlin is a German manager, cyber security and online expert, former film distributor, producer, director and actor.

Offensive Security is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni, and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.

William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.

ExploitDB, sometimes stylized as Exploit Database or Exploit-Database, is a public and open source vulnerability database maintained by Offensive Security. It is one of the largest and most popular exploit databases in existence. While the database is publicly available via their website, the database can also be used by utilizing the searchsploit command-line tool which is native to Kali Linux.

References

  1. "The All-New CEHV12" (PDF). EC-Council . Retrieved January 5, 2024.
  2. "Certified Network Defense Architect - EC-Council". EC-Council. Retrieved 24 November 2022.
  3. "Global sites - EC-Council". EC-Council. Retrieved 24 November 2022.
  4. "CEH: Certified Ethical Hacking course from EC-Council". EC-Council. Retrieved 24 November 2022.
  5. "The Next Big Thing in Cybersecurity Skill Development". YouTube . 16 September 2020. Retrieved 2022-07-08.
  6. "CEH: Certified Ethical Hacker". EC-Council. Retrieved 24 November 2022.
  7. Ethical Hacking and Countermeasures (312-50) Exam. "CEH v9 Exam (312-50)" (PDF). Retrieved 2016-09-27.{{cite web}}: CS1 maint: numeric names: authors list (link)
  8. "CEH Exam Guide: Learn About the Certified Ethical Hacker (CEH) Certification". EC-Council. Retrieved 2023-10-13.
  9. "Certified Ethical Hacking (CEH) — What You Need to Know - Cybrary". Cybrary. 2017-11-21. Retrieved 2017-11-22.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.