Certified Ethical Hacker

From Wikipedia, the free encyclopedia

The Certified Ethical Hacker (CEH) is a professional certification provided by the International Council of E-Commerce Consultants.

An Ethical Hacker is one name given to a Penetration Tester. An ethical hacker is usually employed by an organization who trusts him to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Illegal hacking (i.e.; gaining unauthorized access to computer systems) is a crime in most countries, but penetration testing done by request of the owner of the targeted system(s) or network(s) is not.

A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker.

The certification is currently in Version 5 as of November 2006.^{[update needed]}

Contents 1 Certification coursework 2 Examination 3 Controversy 4 See also 5 External links 6 References

[edit] Certification coursework

The coursework consists of 22 modules, which range from 30 minutes to five hours or more, depending on the depth of the information provided.

Some universities in Asia (e.g.. New Horizons in Hong Kong, Informatics in Singapore and Ateneo Center for Continuing Education in Manila, Philippines) and Europe (Hogeschool Antwerpen in Antwerp, Belgium) include EC Council's CEH program in one of their course modules.

[edit] Examination

Certification is achieved through training at an ATC (Accredited Training Center) in order to sit for the exam they must fill out an application and also have documented 2 years of information security work experience. Both CEH v4 and v5 utilize EC-Council's exam 312-50. The exam consists of 125 (v4) or 150 (v5) multiple-choice questions, and students are given up to three or four hours, respectively, to complete the examination. The exam costs US$250, and is administered via computer at an EC-Council Accredited Training Center, Pearson VUE, or Prometric testing center (in the United States).

[edit] Controversy

Certain computer security professionals, such as Marcus J. Ranum, have objected to the term ethical hacker: "There's no such thing as an 'ethical hacker' - that's like saying 'ethical rapist' - it's a contradiction in terms."^[1] Part of the controversy may arise from the older, less stigmatized, definition of hacker, which has become synonymous with computer criminal.

[edit] See also

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CREST (CREST Certified Consultant)
• OSSTMM Professional Security Tester (OPST)
• OSSTMM Professional Security Analyst (OPSA)

[edit] External links

• EC-Council CEH and FAQ
• EC-Council President talks about ethical hacking
• CREST (Council of Registered Ethical Security Testers)

[edit] References