Like a lot of folks who run campus and enterprise networks, most of my network engineering roles have had a network security component. Once upon a time, I was a CCSP, and I even taught a few Cisco security classes back in the day. I keep up with firewalls, VPN, IDS/IPS, and related technologies, as network security is still a big part of my job.
I’ve had the bug to earn some certifications lately, and my friendship with Mrs. Y has helped move security to the top of my list of things that interest me in networking right now. So, I started poking around at security certifications. I started looking at CISSP, which I might still do, but it didn’t quite hit me right after gathering information on it. CCIE Security is interesting also, but I really want the track to flip over to version 4.0 before (okay, IF) I go down that road.
I decided to start with something that required a little less commitment: one exam and done, do-able with self-study, and not killing myself to get through it. EC Council’s Certified Ethical Hacker seemed to fit the bill. The CEH is a vendor independent certification that provides basic, foundational knowledge related to the task of pen testing. The cert interested me because the topics covered complemented a number of things that I’ve been involved with over the years: firewall administration, intrusion detection, cryptography, both Windows and UNIX server administration, tending Internet-facing IIS and Apache servers, proxy servers, SQL servers, and HTML coding, among other things. For me, the idea of going through the CEH was to supplement that knowledge and experience with a deeper understanding of the techniques attackers use to either steal information corporations or disrupt network services. That’s really the point of any certification for me, at least in part: to learn things in an organized way that I might not have otherwise had reason to know.
How Did I Prepare?
The CEH exam is a straightforward one: 150 multiple choice questions and 4 hours. The minimum passing score is 70%, which means you can get 45 questions wrong and still pass – not quite 1 out of 3. There’s no lab work. No simulations. No hands on. You don’t have to hack into a random corporation. Just answer the questions. To prepare, I did four things.
- I read the CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker, published in September 2011. The book was a genuine joy to consume. Matt’s style is personable and highly readable. Each chapter is well laid out, has a good flow, and ends with a thorough chapter review that includes 10 or so questions and answers. I’ve read so many tedious technical books that this one was an delightful contrast. All that, and it covered the CEH material well. After completing the book, I went back and re-read all of the chapter review sections and Q&A.
- I reviewed the CEH knowledge domains using the Boson ExSim-Max CEH practice exam. Boson is the only vendor I know of that offers you a legitmate practice exam tool to help you prepare. While there’s others you can find via Google, they are from vendors selling you braindumps and/or stolen exams who typically will take your credit card information to sell you not only exam cheats, but also buy something nice for themselves. Boson lets you work through specific knowledge domains, which is what I started with. Each Boson question comes with a detailed explanation of why the right answer is right, why the wrong answers are wrong, and where you can go to get more information. After doing each individual knowledge domain (a good way to focus your study), I went through each of the three full-on exam simulations, one per day, and brushed up on things I was forgetting or not quite understanding.
- While reviewing with the Boson package, I took a lot of notes, referred back to the book (completely re-reading a few of the chapters, in fact), and did a good bit of deeper topical reading via Google search, all the while writing down lists of arcane things that I needed to commit to memory.
- I spent time with several of the tools covered, especially Nmap. Usage of various tools (most freely available) is a major part of the CEH exam, and so time spent memorizing command line switches, syntax, and output parsing is time well-spent. This was on top of time I already spend with certain tools like Wireshark and tcpdump just as a normal part of my job or due to my own curiosity.
How Was The Exam Experience?
I used Vue as the exam vendor. Since I did not take an official CEH training class, I first needed to apply for an exam eligibility code from the EC Council. That cost $100, and involved a form where I described my professional security work experience. My boss needed to independently verify my claim to the EC Council’s satisfaction, then they sent me the code to feed to Vue when I registered for the test online. The exam itself was $500.
Taking the exam was like any other professional certification I’ve done. You walk into the testing center. They take two forms of ID and sign you in. You can’t bring anything with you like notes or a cell phone. They sit you in front of a PC in a cramped little cube. They load the test, you agree to the terms, the countdown timer starts, and off you go.
By preparing as I did, I was well-equipped to pass the exam.
Did I Learn What I’d Hoped?
The CEH exam tests a basic, rudimentary knowledge of pen testing, “hacking” (whatever you think that term means), and a defensive security mindset. There’s an element of technical detail that doesn’t get much deeper than understanding how TCP flags work and how to effectively use a number of tools, but that’s not insignificant knowledge. There’s also a number of high-level steps the EC Council teaches that can be used as an outline to accomplish a pen test. So yes, I got some good information out of working through the CEH knowledge domains, but at the same time it’s fair to say that this certification is targeted at someone early in their security career. If you’ve been around the security block for a decade or more, you’ve brushed up against a lot of what the CEH is going to send your way. How much CEH material you already know will depend on how much of a pure security practitioner you are, and how serious you take your work.
I think the best way I can describe the CEH is that it whet my appetite to go after more, which I suppose is part of the EC Council’s plan. After all, they have several more certifications that purport to go progressively deeper down the security rabbit hole. I’m not sure that I will or not yet, but it’s a thought. If you’re early in your career, the CEH exam will be a challenge for you, no question. If you’re later in your career, you’ll find that while you understand a lot of what’s taught as aligning with your real world experience, you’ll also find that there’s probably a lot of details you’ll have to memorize to fill in the necessary blanks.