Certified Ethical Hacker v7: Certification Review

Overview

Like a lot of folks who run campus and enterprise networks, most of my network engineering roles have had a network security component. Once upon a time, I was a CCSP, and I even taught a few Cisco security classes back in the day. I keep up with firewalls, VPN, IDS/IPS, and related technologies, as network security is still a big part of my job.

I’ve had the bug to earn some certifications lately, and my friendship with Mrs. Y has helped move security to the top of my list of things that interest me in networking right now. So, I started poking around at security certifications. I started looking at CISSP, which I might still do, but it didn’t quite hit me right after gathering information on it. CCIE Security is interesting also, but I really want the track to flip over to version 4.0 before (okay, IF) I go down that road.

I decided to start with something that required a little less commitment: one exam and done, do-able with self-study, and not killing myself to get through it. EC Council’s Certified Ethical Hacker seemed to fit the bill. The CEH is a vendor independent certification that provides basic, foundational knowledge related to the task of pen testing. The cert interested me because the topics covered complemented a number of things that I’ve been involved with over the years: firewall administration, intrusion detection, cryptography, both Windows and UNIX server administration, tending Internet-facing IIS and Apache servers, proxy servers, SQL servers, and HTML coding, among other things. For me, the idea of going through the CEH was to supplement that knowledge and experience with a deeper understanding of the techniques attackers use to either steal information corporations or disrupt network services. That’s really the point of any certification for me, at least in part: to learn things in an organized way that I might not have otherwise had reason to know.

How Did I Prepare?

The CEH exam is a straightforward one: 150 multiple choice questions and 4 hours. The minimum passing score is 70%, which means you can get 45 questions wrong and still pass – not quite 1 out of 3. There’s no lab work. No simulations. No hands on. You don’t have to hack into a random corporation. Just answer the questions. To prepare, I did four things.

  1. I read the CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker, published in September 2011. The book was a genuine joy to consume. Matt’s style is personable and highly readable. Each chapter is well laid out, has a good flow, and ends with a thorough chapter review that includes 10 or so questions and answers. I’ve read so many tedious technical books that this one was an delightful contrast. All that, and it covered the CEH material well. After completing the book, I went back and re-read all of the chapter review sections and Q&A.
  2. I reviewed the CEH knowledge domains using the Boson ExSim-Max CEH practice exam. Boson is the only vendor I know of that offers you a legitmate practice exam tool to help you prepare. While there’s others you can find via Google, they are from vendors selling you braindumps and/or stolen exams who typically will take your credit card information to sell you not only exam cheats, but also buy something nice for themselves. Boson lets you work through specific knowledge domains, which is what I started with. Each Boson question comes with a detailed explanation of why the right answer is right, why the wrong answers are wrong, and where you can go to get more information. After doing each individual knowledge domain (a good way to focus your study), I went through each of the three full-on exam simulations, one per day, and brushed up on things I was forgetting or not quite understanding.
  3. While reviewing with the Boson package, I took a lot of notes, referred back to the book (completely re-reading a few of the chapters, in fact), and did a good bit of deeper topical reading via Google search, all the while writing down lists of arcane things that I needed to commit to memory.
  4. I spent time with several of the tools covered, especially Nmap. Usage of various tools (most freely available) is a major part of the CEH exam, and so time spent memorizing command line switches, syntax, and output parsing is time well-spent. This was on top of time I already spend with certain tools like Wireshark and tcpdump just as a normal part of my job or due to my own curiosity.

How Was The Exam Experience?

I used Vue as the exam vendor. Since I did not take an official CEH training class, I first needed to apply for an exam eligibility code from the EC Council. That cost $100, and involved a form where I described my professional security work experience. My boss needed to independently verify my claim to the EC Council’s satisfaction, then they sent me the code to feed to Vue when I registered for the test online. The exam itself was $500.

Taking the exam was like any other professional certification I’ve done. You walk into the testing center. They take two forms of ID and sign you in. You can’t bring anything with you like notes or a cell phone. They sit you in front of a PC in a cramped little cube. They load the test, you agree to the terms, the countdown timer starts, and off you go.

By preparing as I did, I was well-equipped to pass the exam.

Did I Learn What I’d Hoped?

The CEH exam tests a basic, rudimentary knowledge of pen testing, “hacking” (whatever you think that term means), and a defensive security mindset. There’s an element of technical detail that doesn’t get much deeper than understanding how TCP flags work and how to effectively use a number of tools, but that’s not insignificant knowledge. There’s also a number of high-level steps the EC Council teaches that can be used as an outline to accomplish a pen test. So yes, I got some good information out of working through the CEH knowledge domains, but at the same time it’s fair to say that this certification is targeted at someone early in their security career. If you’ve been around the security block for a decade or more, you’ve brushed up against a lot of what the CEH is going to send your way. How much CEH material you already know will depend on how much of a pure security practitioner you are, and how serious you take your work.

I think the best way I can describe the CEH is that it whet my appetite to go after more, which I suppose is part of the EC Council’s plan. After all, they have several more certifications that purport to go progressively deeper down the security rabbit hole. I’m not sure that I will or not yet, but it’s a thought. If you’re early in your career, the CEH exam will be a challenge for you, no question. If you’re later in your career, you’ll find that while you understand a lot of what’s taught as aligning with your real world experience, you’ll also find that there’s probably a lot of details you’ll have to memorize to fill in the necessary blanks.

Ethan Banks
Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
Ethan Banks
Ethan Banks
  • http://twitter.com/nemesisgy Jason Harry

    Definitely one of the certs I’m looking forward to getting. Great  post Ethan! 

  • http://twitter.com/matthewnorwood Matthew Norwood

    Ethan,

    Allow me to be the “negative” person here. I took the CEH class about 6 years ago, so I have no doubt the course has changed in that time. What I disliked about the class was that it spent more time focusing on how to use certain tools than the overall fundamentals. I never took the exam(which was around $300 at that time) and was rather displeased at the overall certification. It seemed way too basic considering the exam cost at the time. I would have liked to go into the deeper level classes, but never had the chance to. Again, my experience is a bit dated with the program. Do you think it was worth a $500 exam?

    • http://packetpushers.net/author/ecbanks Ethan Banks

      I do not think it was worth $500, but that’s partly because I’m in the middle of my career when certs don’t mean as much to me as they did 15 or so years ago. If I was early in my career and security was the thing I really liked, I would still think $500 is steep, but the cost would seem more palatable if it were helping position me for some job I was angling for. That said…I’m out of touch with what exams cost these days. I don’t take them very often at all. I think the Cisco 350-001 is…$350? I’m not sure. And what do Microsoft tests go for now-a-days?

      I understand that CEH is required for a number of government roles. So perhaps the price is inflated as a result?

      • http://about.me/weadon Ed Weadon

        In terms of cost – yeah, it’s a bit high. But so are a lot of them – CISSP is $550 off the bat if you register early. Within 30 days of the exam it goes up to $600. Oh and then, assuming you pass, there’s an $85 dues fee IN ADDITION to your annual CPE requirement.

  • http://twitter.com/MrsYisWhy Mrs. Y.

    CEH meets the DoD 8570 requirement and it’s frequently listed as one of the top security certifications worth having along with CISSP, CISM, and GIAC: http://www.novainfosecportal.com/2012/03/12/faring-of-the-top-5-certifications-for-2012/

    If you want something more hard core, then go for the Offensive Security courses (they manage the Backtrack Distro). They have the  OSCP and WiFu certs.

  • http://about.me/weadon Ed Weadon

    As a current CISSP holder I will say the knowledge for that cert is a mile wide and an inch deep. It is nice in that it covers more conceptual topics rather than vendor specific or application specific. As Mrs. Y said, it is in the approved list for DoD certifications. If you want more technical I would look at the GIAC certs. 

    Now the offensive sec stuff… That has my interest too. :)

  • NBaker

    Do you know when the CEHv7 is slated to retire?

  • PacketCrusher

    Ethan,
    Thank you for the detailed outline of the c|eh. I’ve been in the IT field since 2001 and have loving IT. I’m a very security focused person and this sounds like a great intro to the pen testing | hacking side of IT.