One of the most important aspects of Security is ensuring you have the necessary skills and knowledge to hand within the business.
One way to expand you frontiers is to look to professional education programmes. Even the prospectus or topic list can be a huge source of information and hint and tricks.
C|EH is one such programme with a very specific focus, Certified Ethical Hacking.
Ethical Hacking is technically really the application of hacking knowledge or skills in a controlled, authorised environment. Authorised is the operative word. A C|EH has explicit permission to act in a defined and explicit manner to test the security elements of an environment, application or procedure. Sound familiar? Perhaps Penetration Tester?
The pen tester certainly uses the same skills and tools but is (or should be) a bigger, tougher beast altogether. The C|EH is really a skilled, specialised employee who can test and advise on the specific security issues of specific items. The pen tester should be a contracted external party, testing normally from the outside and (probably) with little knowledge of the internal services/network. Most tests a C|EH will include privileged information and inside access to the network/services.
It is worth again reiterate that both work with the express permission of the owners and controllers of the target system. Hacking without express permission is in most countries Illegal and has extremely severe penalties.
C|EH use exactly the same tools as malicious hackers, often called Black Hats, as opposed to White Hats.
The C|EH comes into his own with bespoke applications that risk information or system exposure. Providing testing and advice that can be acted upon before the application goes live is a godsend. But you need to know how and trust the information.
It is good sign from the C|EH programme that it requires active continued education, to keep it you must earn points each year. Excellent, now you know your C|EH is keeping up with events.
C|EH is provided by the EC Council, who provide, test and audit several impressive security certifications.
Well, you can do worse than looking up the C|EH application on the iPhone. It is to a degree a marketing tool but does include a significant amount of information on what is entailed in taking on the certification.
No comments yet.