I was offered a free scholarship to attend the latest version of EC-Council’s Certified Ethical Hacker (CEH) v7 course last month, which was touted as the most advanced ethical hacking program in the world. The week-long (five days, 9 to 5) course I attended was the launch class for CEHv7, which includes new and refreshed training material that brings it up-to-date with the constantly evolving hacking scene.
I didn’t actually get to know until the week before it started, and mid-week at that. Regardless, computer security has always been a topic I have been fascinated with, and I jumped at the opportunity.
What is Certified Ethical Hacker?
The premise behind CEH is simple: to validate the defenses of a website or computing resource by trying to hack in. In this vein, CEH is a pure network offensive training program, and contains zero defensive component or materials. If I must draw an analogy, it would be how someone skilled at picking locks is better positioned to select the most secure combination of locks and other security measures to protect his possession.
The course was held at New Horizon Singapore, which is located at Central Plaza. The location was convenient, and being next to the Tiong Bahru MRT makes it easily accessible from all parts of the island. (The CIA Factbook pegs the nation of Singapore is about 3.5 times the size of Washington, DC). As expected, the class started with the usual introduction of the trainer and students. Senior Technical Instructor & Mentor Lead Vaibhav Patel has a nice list of accreditations (MCSE, CEH, Security+ etc) and was friendly and jovial enough – as a lecturer myself, I admit to being biased towards ‘fun’ classes.
A CEHv7 package containing of two heavy volumes of textbooks and a small box of DVDs were given to each student. The two books added up to over 1,400 pages (excluding references) with each page containing the PowerPoint slides printed in full color – double-sided, four slides per page. There were five DVDs in total, and are crammed with an assortment of software and tools for immediate and convenient access for the exercises. No electronic copies of the slides were issued. So yeah, regardless of how good you are, you won’t be able to ‘break into’ the books sitting on my shelf.
Each student has access to a fast desktop computer with more than adequate RAM; all the lab sessions are to be done on the preinstalled virtual machines (VMs) using Microsoft Hyper-V. And yes, all participants were required to sign an undertaking not to participate in illicit activities against computer resources or networks that does not belonging to them.
With 19 modules to cover, the learning pace was kept at about four modules per day. Each module starts off with a lecture generally followed by one or more lab exercises with which to practice the various concepts.
It is important to understand that the lab sessions are merely designed to reinforce the classroom sessions and are by no means guaranteed to help you achieve proficiency. Another point to note is that not all the tools mentioned by the course materials are guaranteed to work – some may only run on older operating systems, or are effective against unpatched vectors. Trainer Patel himself observed that: “I would rate 2 to 3 out of 10 chances of success for the tools.”
Modules listed in the Table of Contents:
Introduction to Ethical Hacking
Footprinting and Reconnaissance
Trojan and Backdoors
Viruses and Worms
Denial of Service
Hacking Web Applications
Hacking Wireless Networks with Tools
Evading IDS, Firewalls, and Honeypots
It was clear from the get-go that CEHv7 is a very well-structured affair. I had prior knowledge on a fair number of the topics that were covered, which meant that I found some of the topics relatively easy to grasp. Taken as a whole though, I would rate CEHv7 as a “heavy” course which should be of value even to those versed in the art. It won’t automatically make a hacker out of you, though my opinion is that it does give you the basic skillset to become one, as well as understand how hackers think.
A common problem faced by IT professionals pertains to the question of where to start learning about hacking, as well as identifying the gaps in their learning. It is in this context that savvy IT managers or security administrators should benefit substantially from CEH as they gain a better understanding of the “black hat” aspect of security.
On topics that I’m already familiar with, I have found the printed materials to be a great resource that allowed me to catch up when lagging, or to skim forward on topics that I am already familiar with. And of course, the printed materials allow you to review them at your leisure – I have found the printed volumes invaluable in precisely this manner. The two volumes are just beautiful, and having the tools packed into DVDs is a huge time saver – and eliminates the risk of ending up with Trojan versions of the tools.
There is definitely insufficient perform all the lab exercises in the short span of a week. For the motivated and determined learner though, the lab exercises represent an excellent framework with which to explore and practice the various concepts and principals covered in the course.
The trainer was genuinely knowledgeable; and readily acknowledges it if he’s less than familiar with a specific topic or question. The EC-Council obviously imposes stringent requirements on the selection of its trainers. I don’t know about you, but I’ve been disappointed with less than stellar ‘teachers’ who should have been called ‘presenters’ for their lack of acuity and knowledge in a certain field.
I have yet to take the CEHv7 exam, so no comments on that aspect as yet. I did however write on my ITBusinessEdge SMB Tech blog on How Hackers Target SMBs and How to Deter Them on ITBE.
According to a fellow classmate, the CEH course in Singapore is priced at between S$2 to 3k and includes one free exam attempt. However, I was made to understand that the price may vary due to vendor requests, promotions or possible discounts for taking on a package of courses. As such, do check with Marketing Manager Haris Jumadi (DID: 6373 0869) from New Horizons Singapore for more information and an official price quote. Singaporeans will also be happy to know that that CEH is eligible for IDA’s CITREP funding support . (Update: New Horizons Singapore just dropped me a DM that CEH is no longer CITREP endorsed as of April 2011)