I know, many of us would love to have that title. Most of us, if not all, at some point in time, wanted to learn to hack and learning it over the internet is one thing, to be recognized as one is another.
So back in May, the CEH course was being offered by V-ITMI at Quatres-Bornes. Since I was free and on holidays after passing my HSC and waiting for university to start, I paid for the course. The total fees were Rs42, 500 including the exam fees. The courseware itself costs around rs27, 000 and it contains 4 DVDs of tools assembled over the internet, a Linux backtrack CD (Linux live CD) and some pdf notes of the other chapters that are not covered by the instructor and is not examinable. It also has 5 big books that you will need to learn before going for the exam, a mouse pad, and a pen. There were no entry requirements as long as you follow the course from an EC-Council Accredited Training Center. However, if you want to skip the course and go for the exam only, you will need written proof from your company stating you have at least 2 years’ experience in the security field. You will then sit for the EC0-350 paper while I did the 312-50 paper but both are the same paper and you will obtain the same title, i.e., CEH.
On the first day, I had the pleasure to meet my Trainer, Mr. Franklin John from India. He is a very intelligent man and the first CCIE security I have ever met. He came from India specially to deliver the course at v-it. The course’s duration is 5 consecutive days from 9 AM to 5 PM and it is very quick. You cannot follow everything that the trainer is saying and he has a schedule to finish the course, so, he moves along slide to slide very quickly and mastering every type of hacking attacks ( Session hijacking, DDOS, DOS, Linux hacking, buffer overflows, SQL injection and so on) in this small amount of time is practically impossible. You do have breaks at 3 intervals: a tea break, tea, coffee, and biscuits were served, a lunch break and a tea break again in the afternoon.
Each of the students had a personal computer where you will be expected to do live demos/testing of the tools given to you on the CD. These tools are tested on a Windows Server 2000 Advance with no patches installed. Why? Because without the patches, the windows server 2000 is very vulnerable and you can use any tools on it: most of them are going to work. I know that you are thinking,” what the heck? It is useless, who even uses windows server 2000? “Yes, I was disappointed too because the tools will not work on Windows XP and above (With all the patches/security fixes installed). However, though, you will have an idea of how hacking is done and you will grasp the concept of the types of attack that is performed with live demos provided by the instructor.
5 days were quickly over and in the end; you will need to submit online feedback on how the course was, the competency of the trainers and so on.
Now, time for the exams. I went for the exams after a month or so because I was also preparing for my CCNA & VCP exam. The exam’s cost is included in the courseware that you bought. However, if you fail the exam, the next time, you will have to bear the cost. The exam consists of 150 multiple choice questions and is 4 hours long. The MCQ questions vary. Some may have only one answer while others may have up to 3 or even 4. The questions in the exam were not entirely what I read from the book. I would say 80% of them were in the book but the remaining, some personal knowledge and logic are required. I ended the exam in 3 hours and 30 minutes and I passed! I was really happy because 1) This is my first ever certification and 2) the name is so cool.
But really, was it worth it? Rs42, 500 for something out-dated: Well, I am not so sure. I would have rather opted for ISC2 security certifications. However, CEH was a good experience in the sense that, it is the only course out there that will teach you ‘hacking’ with live demos. It was fun, I admit.
After a month, my welcome kit finally arrived. It consisted of one certificate, one welcome letter and one big sticker with CERTIFIED ETHICAL HACKER written on it. Also, you will have access to the official CEH logo which looks unprofessional according to me and a unique code is given to you where you will have access to a certified member’s portal where CEH all around the world share ideas, discuss anything, etc.
If you are thinking about doing a certification in the security field, I would recommend Security+ as a start and a security certification from ISC2 later on. More details here (https://www.isc2.org/credentials/)
All the best!