The majority of information security education emphasizes the definition and application of best practices. First, a network or system administrator needs to understand the proper application and configuration of network and security devices: routers, switches, firewalls, intrusion detection/prevention systems, and honeypots. A good start with strong IT policies facilitates the implementation.
But, to paraphrase renowned cryptographer Bruce Schneier, technology professionals think about how things work; security professionals think about how they break.
That means a different approach to network and system security is in order. Enter Certified Ethical Hacker (CEH), a course EC-Council launched just after the 9/11 attacks. The EC-Council founders told me they wanted to train professionals on the tools, techniques, and methodologies to protect from network attacks by finding the holes using the same attack techniques.
I’ve taught nearly 40 CEH classes, and I really enjoy it. I’m a fan of the course content that includes considering an attacker’s goals, performing the ethical hack (the part of class I call “breaking and entering”), and covering the latest tools and techniques of offensive security.
EC-Council recently released CEH v8. They overhauled and updated the content and format. Here’s what’s new:
- Updated content with contemporary threats, tools, attacks, and countermeasures
- Revamped labs with the latest tools
The course includes more than 20 new lab exercises as well as seven DVDs of security software, including security scanners, viruses and worms, web hacking software, and footprinting and forensic tools.
- Windows 8 and Windows Server 2012 as both the attack platforms and the targets
The course authors have always been vehement about ensuring that they address the latest threats using the latest technology.
- A completely new module on mobile devices and mobile hacking
BYOD could stand for Bring Your Own Destruction instead of Bring Your Own Device (the ability for employees to use their own smartphone or tablet for business use). Managing mobile systems provides large business benefits as well as huge risks. The new “Mobile Devices” chapter covers these issues and their countermeasures.
- DVDs that enable students to access all the tools after class
On Mythbusters, Jamie and Adam urge their viewers, “Don’t try this at home!” With the DVDs included with CEH v8, you can try what you learn at home. Beware though: the tools on these DVDs are intended for test environments only. They are dangerous on unprotected networks.
- Alignment of the CEH v8 class and the ANSI-approved CEH v8 certification exam
The ANSI-certified CEH v8 exam meets the requirements for DoD Directive 8570 compliance.
- Access to electronic versions of the courseware, including detailed student notes
Each student receives three books of courseware; two cover the lecture material, and one is the lab guide. The CEH v8 courseware is also available to each student electronically. The electronic courseware includes notes not available in the printed courseware.