Certified Ethical Hacker, or CEH, is the flagship certification of the EC-Council. This mid-level professional training and certification program prepares information security professionals to work as penetration testers. These "white hat" hackers attempt to breach computer systems and networks for the purpose of identifying and fixing security vulnerabilities.
Certified Ethical Hacker training and examination
The Certified Ethical Hacker program certifies security professionals in the discipline of identifying vulnerabilities in target systems in order to fix them. Ethical hackers use the same knowledge and techniques as malicious hackers, but apply them on behalf of the system's owner. Companies hire penetration testers to probe, hack and secure their systems before malicious hackers can breach them.
The Certified Ethical Hacker curriculum covers common hacking practices and prevention strategies. The course's 19 modules include topics such as:
- DDoS (Denial of Service) attacks
- Evading IDS, firewalls and honeypots
- Buffer overflow
- Trojans and backdoors
- SQL injection
- Session hijacking
- Viruses and worms
- Intrusion detection
- Security policies
- Foot printing and reconnaissance
- Social engineering
Students learn how each component of a security system works, and how hackers breach perimeter defenses, escalate privileges and attack information systems. The EC-Council CEH training program is available online via iClass, through computer-based training (CBT), in special EC-Council classrooms or CEH programs at universities and colleges or through self-study books and practice exams. The classroom version is an intensive five-day class, from 9 a.m. to 5 p.m. All training programs involve hands-on lab work, but in no case is an actual network harmed.
EC-Council offers the CEH exam through Prometric and Pearson VUE, independent computer-based testing partners with a comprehensive network of testing centers--Prometric alone has more than 2,500 centers in 180 countries. The test takes about four hours to complete, and consists of 150 questions. To pass the exam, test-takers must achieve a score of 70 percent or higher. To maintain CEH certification, professionals must advance their expertise through EC-Council continuing education.
CEH certification in context
Certified Ethical Hacker certification offers targeted, specialist training for information security professionals. CEH is a core certification suitable for professionals with at least two years' work experience and an entry-level certification such as EC-Council's Network 5 or CompTIA's Network+.
CEH-certified professionals can go on to the advanced Licensed Penetration Tester certification, or specialist credentials such as Computer Hacking Forensic Investigator (CHFI), EC-Council Disaster Recovery Professional, Certified VoIP Professional and others.
The CEH credential is useful for website administrators, security officers, auditors, network analysts and others involved in safeguarding network infrastructure. Specific job roles in which an ethical hacking background is an asset include:
- Senior security forensics investigator
- Disaster recovery specialist
- Advanced penetration tester
- Certified VoIP professional (with additional certification)
- Secure programmer
- Cybercrime attorney or criminal investigator
EC-Council Certified Ethical Hacker bears distinction as one of the highest-paying IT certifications. Certification magazine ranked CEH among its Top Certifications by Salary in 2009, with an average salary of $99,900. Global Knowledge reports a 2011 median salary of $92,200 for CEH-certified professionals.
Ethical hacking is central to many organizations' network security strategies. The CEH qualification helps security professionals master hacking techniques and protect their employers from malicious network breaches.