CEH Certification for Ethical Hackers
- By Michael C. Gregg
Want to Learn More?
There is not an all in one study guide or review for this test at the current time. There are, however, many ways to start obtaining the knowledge needed to pass the exam. One point of review is the National Institute of Standards and Technology (NIST). NIST-800-42 is a good foundational document on ethical hacking. It even includes recommendations for tools intended for self-evaluation. NIST breaks penetration testing down into 4 primary stages:
|Security Testing Methodologies|
All security-testing methodologies have similar elements. These include: Plan, Organize, Gather Information, Test, Analyze, and Report. To learn more about security testing, review the following documents.
Octave - Operationally Critical Threat, Asset, and Vulnerability Evaluation
OSSTMM - Open Source Testing Methodology Manual
NIST sp800-26 - Self assessment guide for information technology
NIST sp800-42 - Security Testing
TRAWG - Threat and Risk Assessment Working Guide
- Planning - As the old saying goes, success is 90% preparation and 10 % perspiration. What's the point? Good planning is the key to success. Know where you are going, what your goals are, what the time frame is, and what the limits and boundaries are!
- Discovery - This stage is broken down into two distinct phases:
- Passive - During this stage, information is gathered in a very covert manner. Examples of passive information gathering include (1) surfing the organization's Web site to mine valuable information and (2) reviewing their job openings to gain a better understanding of the technologies and equipment used by the organization.
- Active - This phase of the test is split between network scanning and host scanning. As individual networks are enumerated, they are further probed to discover all hosts, determine their open ports, and attempt to pinpoint their OS. Nmap is a popular scanning program.
- Attack - At this point, the ethical hacker will attempt to (1) Gain Access, (2) Escalate Privilege, (3) Browse the system, and finally (4) Expand influence.
- Reporting - This may be the final step listed, but it is not least in importance. Reporting and documentation should be carried out through each step of the process. This documentation will be used to compile the final report. This report will serve as the basis for corrective action. Corrective action can range from nothing more than enforcing existing policies to closing unneeded ports and adding patches and service packs.
I am glad to see the EC-Council release this certification. This is an area where much education is needed. I took the exam last week, passed, and believe the test is adequately challenging for a baseline of skills. The bottom line is that if you have some security experience, have taken the Security + or the TICSA exam, and have an interest in penetration testing, this would be a good next step.
- << Prev