By: Nihad Hassan
October 21, 2021
Roadmap To CEH
By: Nihad Hassan
October 21, 2021
As digital transformation continues to accelerate rapidly, more companies are shifting their data and work operations digitally. The rapid adoption of digital solutions has increased the number and sophistication of cyberattacks. Criminals have ridden the wave and shifted their criminal activities from the real world into cyberspace.
According to Cybersecurity Ventures, the global cybercrime damage will reach $6 trillion US dollars by the end of 2021. This number will increase, reaching $10.5 trillion by 2025. To counter the ever-increasing number of cyberattacks, organizations worldwide demand cyber security defenders. The best way to counter cybercriminal attacks is to think like them, and this is what the Certified Ethical Hacker (CEH) Certification is trying to achieve.
This article will shed light on the CEH certification and discuss the best ways to get it. Let's briefly discuss why learning ethical hacking has become vital in today's information age.
Why is it crucial to learn ethical hacking in today's information age?
Cybercriminals, also known as black hat hackers, use many hacking tools and techniques to infiltrate IT systems. They have different motivations for doing this, but it is mainly for commercial gain.
Ethical hackers use the same tools and techniques that black hat hackers use to attack IT systems. Organizations hire ethical hackers to discover vulnerabilities in IT systems, hoping to close them before they get exploited by malicious actors and result in a data breach.
Ethical hackers help organizations discover security gaps and design flaws in the following key computer security areas:
Network security: Works on ensuring the safety of computer networks and associated infrastructure from unauthorized access and other malicious attacks.
Applications security: Involves following a secure method when developing software applications. This ensures the developed application code cannot be hijacked or penetrated by hackers and that there are no security vulnerabilities left after releasing the software program for public use.
Wireless security: Involves all security measures used to prevent unauthorized access to computers and data by exploiting the wireless connection.
Now that we have a fair understanding of the term "Ethical Hacker," let's get some background information about the CEH certification.
Background information about CEH certification
A Certified Ethical Hacker (CEH) is a certification offered by the EC-Council that validates a person's experience with ethical hacking techniques and tools. The aim is to prepare professional information security experts with the valuable hacking experience to protect computer networks and data from malicious actors.
CEH uses the same attack techniques, methodologies, and tools (including commercial-grade tools) utilized by black hat hackers to attack IT systems. At the same time, it teaches individuals how to discover and mitigate such attacks.
The current version of CEH is version 11, and the latest exam edition introduces the following aspects, compared with the previous CEH editions:
Emerging attack vectors such as file-less malware, targeted ransomware attacks, and hacking webs application through web shell and web API hacking.
Modern enumeration techniques such as FTP, TFTP, SMB, and IPv6.
Static and dynamic malware analysis (also known as reverse engineering).
Cloud computing security such as Docker security, Kubernetes, and serverless technology.
Operation technology such as PLC and SCADA.
WPA3 hacking and countermeasures.
The exam duration lasts for 4 hours; it has 125 multiple choice exam questions and can be delivered through ECC centers or via the Pearson VUE centers, available worldwide. The CEH does not have a pass scoring grade, as each exam is different in terms of the number of questions you should answer correctly to pass the exam.
To be eligible to register for the CEH exam, you should have at least two years of practical experience in the cybersecurity or information security field or have attended a training course administered by the EC-Council. Although candidates are not required to possess college degrees, having a relevant degree (BSc or master's degree) in cyber security, digital forensics, computer networks, computer science, or software engineering will be an excellent aid for passing the exam.
CEH Exam Subjects
CEH version 11, which is the latest iteration, is composed of the following domains areas:
- Information Security and Ethical Hacking Overview
- Reconnaissance Techniques
- System Hacking Phases and Attack Techniques
- Network and Perimeter Hacking Sniffing
- Web Application Hacking
- Wireless Network Hacking
- Mobile Platform, IoT, and OT Hacking
- Cloud Computing
Essentials Skills for Ethical Hackers
It is essential for those pursuing the CEH certifications to have practical knowledge of the following key computer areas.
Linux skills: Many hacking tools are based on Linux, although many security tools run on Windows. However, Linux is the most common. Kali Linux is the most well-known distribution for security purposes used by ethical hackers and penetration testers and is equipped with hundreds of tools for conducting different types of security testing.
Networking skills: Have a basic understanding of how computer networks work; otherwise, one will not understand how hackers infiltrate systems and networks.
Learn a programming language: Understanding a programming language is essential to customize some hacking tools or create scripts. Python is the most widely used programming language among information security professionals.
Knowledge of some penetration testing: Understanding how hackers attack and what security gaps they usually look for will allow one to quickly discover weak points (or entry points) in a system and network and work to close them.
Understand cloud computing: Organizations worldwide are increasingly shifting their data to the cloud. Since the start of COVID-19, we have witnessed a tremendous shift to the cloud. According to Gartner, global end-user spending on public cloud services is expected to exceed $480 billion next year (2022). Ethical hackers should understand the security vulnerabilities associated with the different cloud platforms ( such as AWS, Google Cloud, and Microsoft Azure) and handle them efficiently.
IoT device security: Internet of Things (IoT) devices and other mobile computing devices have become prevalent. According to Statista, the total installed base of Internet of Things (IoT) connected devices worldwide is projected to amount to 30.9 billion units by 2025. IoT devices are usually insecure (according to NETSCOUT's Threat Intelligence Report, IoT devices can be hacked in just five minutes). Users use them widely to access corporate networks and other sensitive data. Learning about IoT security has become an essential skill for ethical hackers to learn.
Understand the basics of digital forensics: Learning how to find digital evidence, extract deleted data, and know where data can be concealed in digital files is a must-have skill for hackers. For example, cybercriminals may hide incriminating data or executable files within images, videos, or other digital file types. Ethical hackers should understand these and other tricks to counter hackers' attack techniques.
Steps to Becoming a CEH
The information we have already mentioned gives prospective candidates all the information required to plan their future CEH exams. We can summarize the steps needed to get the CEH certification as follows:
Attend a CEH training course from an accredited EC-Council training center.
If you have relevant work experience in cybersecurity, you can enroll directly in the exam. Applicants need to submit an eligibility form that costs a non-refundable $100 fee.
2.1. When selecting to enroll in the exam directly, it is advisable to read some resources about the CEH exam. The EC-Council provides many resources for self-study; there are also many books for preparing for the CEH exam. Check the free EC-Council resources page and the official store for courseware and other self-study materials.
- After gaining confidence about your ability to pass the CEH exam, register for the CEH exam, take the test, and receive a passing score.
CEH has launched a complement to the CEH certification; it is practical-based and is called CEH Practical. It is a 6-hour practical exam that involves 20 practical challenges. Taking CEH practical certification makes one eligible to continue on the path to get the CEH Master certification.
The CEH certification allows students to understand cybercriminal processes, tools, and methodologies for infiltrating IT systems. Knowing how cyberattack techniques work in practical scenarios is valuable. It gives security professionals the ability to recognize possible entry points to an organization's systems and networks and close them before they get exploited by threat actors.