The International Council of Electronic Commerce Consultants, popularly known as the EC-Council, is a provider of certifications in IT security. The professional association counts the most widely recognized security credentials as its own, leading with the Certified Ethical Hacker (CEH) certification program.
Understanding hacking techniques can be the best defense against network security breaches. EC-Council’s Certified Ethical Hacker credential trains security pros to find and eliminate system vulnerabilities.
From the people who bring you the Certified Ethical Hacker credential, the Computer Hacking Forensics Investigator cert arms information security professionals with the tools and techniques to prosecute cybercriminals.
EC-Council: An overview
EC-Council is recognized worldwide as the leading organization for IT security and e-commerce certification and training. The organization is relatively young; founded after the 9/11/01 attacks. A heightened demand for qualified and credentialed information security experts lead to the creation of the EC-Council, and nearly a decade later, over 80,000 people have been trained and more than 30,000 security professionals certified.
EC-Council serves the IT and e-commerce sector with a series of professional development resources:
- EC-Council certifications: EC-Council’s 16 credentials cover different aspects of information security, from disaster recovery and virtualization to VoIP security.
- EC-Council training: Options include online and classroom training courses, computer-based training programs, books and practice exams. There are currently over 450 training centers in more than 70 countries.
- EC-Council University: This private higher education institution based in New Mexico, offers programs at the master’s degree level in IT security and information technology.
- EC-Council professional resources: The Hacker Halted conferences, workshops and Hacker Journals support ideas exchange and networking among security professionals.
Together, EC-Council’s programs offer a comprehensive source for continuing education and networking for security industry professionals.
EC-Council certifications cover 16 areas of information security. Security professionals can choose among entry-level credentials such as Security5 and Wireless5 or an array of specialist certifications. All programs are vendor neutral.
Certified Ethical Hacker (CEH) is EC-Council’s flagship certification. The program trains security professionals in the tools and techniques of underground hackers. CEH certification is useful for security officers, auditors, site administrators and other workers involved in ensuring the integrity of network infrastructure. According to the 2011 Salary Survey by Global Knowledge, Certified Ethical Hackers earn a median salary of $92,200. CEH ranks as one of Certification Magazine‘s Top Certifications by Salary.
Computer Hacking Forensic Investigator (CHFI) training and certification covers the skills necessary to conduct a systematic identification of evidence in computer-related crime cases. Investigation methods include tracing the tracks of a hacker through a client’s system, tracing the originator of defamatory email and recovering signs of fraud. CHFI certification is useful for law enforcement specialists, defense and military security experts, e-business security professionals, legal cyber forensics specialists and systems administrators.
Other EC-Council certifications include:
- EC-Council Certified Security Analyst
- Licensed Penetration Tester
- EC-Council Network Security Administrator
- EC-Council Certified Secure Programmer
- EC-Council Certified VoIP Professional
- Disaster Recovery and Virtualization
- Certified Network Defense Architect
- EC-Council Certified Incident Handler
- EC-Council Certified Security Specialist
- Certified EC-Council Sales Specialist
- Certified EC-Council Instructor
EC-Council certifications have earned endorsements from the U.S. National Security Agency (NSA), Committee on National Security Systems (CNSS) and the Montgomery GI Bill. The U.S. Department of Defense requires that its computer network defender service providers complete the EC-Council’s Certified Ethical Hacker program. Some of the organizations that teach EC-Council training programs include the Air Force Information Operations Center, Naval Post Graduate School, McAfee University and Carnegie Mellon.
Security is among the most high-demand specialties in information technology today. The U.S. Department of Labor’s Bureau of Labor Statistics identifies information security as an area of particular growth within network and computer systems administration. EC-Council certifications offer professionals a resource for developing advanced skills and advancing their careers in IT security.
EC-Council CEH Certification Training
Certified Ethical Hacker, or CEH, is the flagship certification of the EC-Council. This mid-level professional training and certification program prepares information security professionals to work as penetration testers. These “white hat” hackers attempt to breach computer systems and networks for the purpose of identifying and fixing security vulnerabilities.
Certified Ethical Hacker training and examination
The Certified Ethical Hacker program certifies security professionals in the discipline of identifying vulnerabilities in target systems in order to fix them. Ethical hackers use the same knowledge and techniques as malicious hackers, but apply them on behalf of the system’s owner. Companies hire penetration testers to probe, hack and secure their systems before malicious hackers can breach them.
The Certified Ethical Hacker curriculum covers common hacking practices and prevention strategies. The course’s 19 modules include topics such as:
- DDoS (Denial of Service) attacks
- Evading IDS, firewalls and honeypots
- Buffer overflow
- Trojans and backdoors
- SQL injection
- Session hijacking
- Viruses and worms
- Intrusion detection
- Security policies
- Foot printing and reconnaissance
- Social engineering
Students learn how each component of a security system works, and how hackers breach perimeter defenses, escalate privileges and attack information systems. The EC-Council CEH training program is available online via iClass, through computer-based training (CBT), in special EC-Council classrooms or CEH programs at universities and colleges or through self-study books and practice exams. The classroom version is an intensive five-day class, from 9 a.m. to 5 p.m. All training programs involve hands-on lab work, but in no case is an actual network harmed.
EC-Council offers the CEH exam through Prometric and Pearson VUE, independent computer-based testing partners with a comprehensive network of testing centers–Prometric alone has more than 2,500 centers in 180 countries. The test takes about four hours to complete, and consists of 150 questions. To pass the exam, test-takers must achieve a score of 70 percent or higher. To maintain CEH certification, professionals must advance their expertise through EC-Council continuing education.
CEH certification in context
Certified Ethical Hacker certification offers targeted, specialist training for information security professionals. CEH is a core certification suitable for professionals with at least two years’ work experience and an entry-level certification such as EC-Council’s Network 5 or CompTIA’s Network+.
CEH-certified professionals can go on to the advanced Licensed Penetration Tester certification, or specialist credentials such as Computer Hacking Forensic Investigator (CHFI), EC-Council Disaster Recovery Professional, Certified VoIP Professional and others.
The CEH credential is useful for website administrators, security officers, auditors, network analysts and others involved in safeguarding network infrastructure. Specific job roles in which an ethical hacking background is an asset include:
- Senior security forensics investigator
- Disaster recovery specialist
- Advanced penetration tester
- Certified VoIP professional (with additional certification)
- Secure programmer
- Cybercrime attorney or criminal investigator
EC-Council Certified Ethical Hacker bears distinction as one of the highest-paying IT certifications. Certification magazine ranked CEH among its Top Certifications by Salary in 2009, with an average salary of $99,900. Global Knowledge reports a 2011 median salary of $92,200 for CEH-certified professionals.
Ethical hacking is central to many organizations’ network security strategies. The CEH qualification helps security professionals master hacking techniques and protect their employers from malicious network breaches.
EC-Council CHFI Certification Training
The International Council of Electronic Commerce Consultants, known as the EC-Council, was founded out of a perceived need to better arm information security professionals after the 9/11/01 World Trade Center attacks. With the growing threat of computer crime, police, government and private organizations alike were in need of resources to properly train and certify their professionals against information security threats. Since its founding, with support from experts from around the world, the EC-Council has grown and now offers a number of training resources and certifications in information security and beyond. The Computer Hacking Forensics Investigator or CHFI certification is just one of the programs created by the EC-Council that has gained world recognition.
An overview of the CHFI certification
The CHFI certification process is a simple one. Although a corresponding EC-Council CHFI course is offered, it’s not required in order to take the certification exam. When a candidate does attend the EC-Council’s CHFI course, the certification is awarded upon successful completion of the CHFI 312-49 exam which is conducted on the last day of the course.
The EC-Council’s course prepares information security professionals to use tools, techniques and methodologies used in detecting hacker attacks and identifying cybercriminals. Top tools and techniques of the forensic trade are covered during the course and test takers are expected to demonstrate mastery of these skills.
According to the CHFI certification brochure, the EC-Council recommends attending the Ethical Hacking and Countermeasures or CEH (Certified Ethical Hacker) course before enrolling in the CHFI program. The EC-Council course covers a series of 65 modules that are covered on the exam, a small sampling of which include the following:
- Searching and seizing of computers
- Digital evidence
- Understanding hard disks and file systems
- Image file forensics
- Audio file forensics
Apart from the EC-Council’s, a number of resources exist on the Web from a variety of vendors that can help a candidate prepare for the CHFI exam. Candidates who do not choose to take EC-Council’s course must complete an eligibility form in order to take the exam.
CHFI certification rewards
The CHFI exam can be taken at Prometric, Pearson VUE, and Prometric Prime testing centers and costs $250, a dollar amount that goes a long way when you consider the job outlook for security professionals. According to the EC-Council, graduates of programs like the CHFI are in high demand and professionals can expect starting salaries of between $85,000 and $120,000. Continuing education requirements exist in order to maintain the CHFI certification.
Professionals of varied backgrounds can gain from CHFI certification including law enforcement personnel, defense and military personnel, systems administrators, and IT managers. With a certification such as the CHFI, an information security professional can feel confident that he or she has achieved what it takes to excel in the field.