By: Samia Oukemeni
October 22, 2021
What Are The Requirements For CEH?
By: Samia Oukemeni
October 22, 2021
Cybersecurity experts are increasingly sought-after nowadays, either Cybersecurity Analysts, Cybersecurity Consultants, or Cyber Security Manager. The main reason for this high demand is that cyberattacks have become so common that there is a cyberattack in the US every 39 seconds. Each attack can harm not only businesses but also millions of people. Another domain of sought-after cybersecurity experts is ethical hackers.
What is Ethical Hacking?
The definition of a hacker is controversial. Merriam-Webster defines it as "an expert at programming and solving problems with a computer" and at the same "as a person who illegally gains access to and sometimes tampers with information in a computer system."
In the field of cybersecurity, we can find three types of hackers:
Black hat hackers aim to exploit systems and violate security for their gain or pure enmity. They deliberately harm systems and networks using different methods such as data theft, spam, or espionage. One of their purposes is to find zero-day vulnerabilities and either exploit them to extort money from the victims or sell them to the higher bidder to compromise computer systems in the black market. Black hat hackers are known as cybercriminals.
White hat hackers are the total opposite of black hat hackers. They are experts in cyber security whose purpose is to compromise the computer systems upon request from the system's owner. Their purpose is legal and ethical. Unlike the first one, they report back their findings to the organization to improve their defense.
Grey hat hackers fall between black hat and white hat hackers. Their purpose is ethical, and sometimes it is not. They find pleasure in exploiting computer security systems and finding zero-day vulnerabilities, but they don't use their skills for malicious reasons.
In this article, we focus mainly on White hat hackers or ethical hackers. They are cybersecurity professionals that organizations employ to attack their systems legally. They are also known as Pentesters, whose mission is to evaluate the security and the defense mechanisms to protect the systems. The motto of ethical hackers is "To beat a hacker; you need to think like one!". Ethical hackers try to bypass an organization's defense and find the flaws and vulnerabilities that can be potentially exploited by black hat hackers and lead to cyber-attacks. Then, these flaws and vulnerabilities are reported to the organization to patch their systems and apply security controls. Ethical hacking is always performed under the permission and explicit consent of the targeted systems' owners.
What is CEH?
Certified Ethical Hacker (CEH) is one of the famous certifications offered by the International Council of Electronic Commerce Consultants or EC-Council. CEH is an early-career certification open to information security professionals to understand the flaws and vulnerabilities of computer systems and demonstrate their advanced skills and proficiency in using the tools as pen-testers. Different roles listed by EC-Council are a good match when holding the certification:
- Information Security Analyst/Administrator
- Information Assurance (IA) Security Officer
- Information Security Manager/Specialist
- Information Systems Security Engineer/Manager
- Information Security Professionals/Officers
- Information Security/IT Auditors
- Risk/Threat/Vulnerability Analyst
- System Administrators
- Network Administrators and Engineers
How to Get Certified?
There are two levels of CEH certification. The first level is to take an exam to get CEH certified. The candidates have 4 hours and 125 multiple choice questions to complete the exam. Previous test-takes indicated that they could rarely run out of time. The exam tests a broad spectrum of technical skills like Information Security Threats and Attack Vectors, Attack Detection, Attack Prevention, Procedures, Methodologies. The score report of the exam provides a pass and fail status and may include a chart showing the candidate's performance in assessing each skill. The passing score depends on the input of a group of experts who review the difficulty of each question. You can check for more information on CEH scoring.
The second level of CEH certification is to take the CEH Practical exam. The practical exam is a 6-hours exam to perform 20 challenges in a performance-based cyber range. The practical exam assesses and evaluates ethical hacking skills like scanning ports, detecting vulnerabilities, attacking systems, showing SQL injection methodology and evasion techniques, Web application security tools (e.g., Acunetix WVS), etc. The test format is iLabs Cyber Range, and the passing score is 70%.
Once you get the CEH practical certification, a CEH master designation is awarded.
Skills and Training Required
Getting certified as CEH and ethical hacker doesn't require formal education. However, it requires a strong background in computer science, mathematics, and software programming that a bachelor's degree can provide. In addition, the certification requires having different technical skills in information security and experience in IT systems.
An ethical hacker needs a solid background in common programming and scripting languages like C, C++, Java, and Python, skills in operating systems, knowledge in TCP/IP protocols, and a grasp of cybersecurity attacks like injections attacks, denial-of-service (DOS) attacks, malware attacks, hijacking, phishing, etc. Furthermore, an ethical hacker needs to know how to use different cybersecurity tools for debugging and reverse engineering. There are other ways to develop ethical hacker skills and succeed in the CEH certification, including training programs, tutorials, and learning by doing on one's own.
To be eligible to get a CEH certification exam, either you can:
Attend an official CEH training approved by EC-Council, and that can be either online or offline training or computer-based training (CBT).
Without official training, you must fulfill different requirements: Have at least two years of documented experience in information security verified, submit an exam eligibility form, and pay a non-refundable eligibility application fee. There is a wide range of courses, like EC Council Certified Ethical Hacker v10, Computer Hacking and Forensics, Penetration Testing and Ethical Hacking, and degrees aligned with the CEH certification program.
CEH certification exam is a challenging and demanding exam that requires thorough and steady preparation for months is highly necessary. The success rate of the CEH exam is correlated with a constant rhythm consisting of a few hours each day. As a result, CEH is one of the best choices for information security professionals starting their careers in the ethical hacking realm.