Printable View
http://www.ebcvg.com/articles.php?id=241
Some more info about Ethical Hacking. I guess it's just another term for a security auditor, something that's been around for some time. The article is purely informative regarding EH rather than a resource for certifications, but I guess it's a good reading for the less informed. [professionals alike, for they can contradict various points made]
I have done the CEH cert.
Pretty good.
I my opinion, at the end of the day, many of these are cool certs to have. I think they dont really say that you are an Ethical Hacker or a Black Hat. Also they dont mean that you can actually DO any hacking.
Its down to you to learn as much as possible and stay on top of all the exploits that surface day to day. The thought that just because you HAVE a Ethical Hacker cert dosent actually mean anything in the real world.
I see this at work all the time. I work with Cisco gear and many times a guy who has worked from a book and got his cisco cert will get stuck. Because he has no real world experience.
One of the good things these courses do is structure everything that you have read on the Internet. They give you examples, go through some code or tool, show you an exploit related to that. Its the fact that its structured that makes them good to go on. They help you understand what exploits are and how they would be used. They help you understand WHY you were downloading those tools and HOW they can be used and for WHAT reason you would use them.
That said, you have to know your stuff. You still have to do out of hours reading. You cant get away from that fact. The course I did was excellent. Not just a course but an experience. Everyone there was doing the same thing and you could debate over issues that you or they had. We stayed on campus which was even better. But the course was just the start. I never once thought that i was going on a Ethical hacker course and by the end of it I woud be a security guru.
Do the courses and then its up to you how far you want to take the basic info you have been given.
If you want to get serious about your security career, then the CISSP would be the one to do in the long run.
When working for a company, your role is defined so all your courses will have to relate to that role. You cant know everything about hacking if you just admin firewalls all day. So take into account what you really would like to do in your career (if thats what you are after).
Just remember to have fun when you do these courses, because any knowledge is good knowledge. :)
My question to you is what is your definition of ethics? Ethics are simply an moral code you live by. No one person's ethics are identical to anothers. For example I will rip CD's but I won't do it from my favorite artists, those I insist on going out and buying, that is just an example of my personal ethics. Your definition of ethics may say that being a black hat is completely ethical. It's all up to the person so how can there ever be an "Ethical Hackers Cert."??
-_LeeBkr311_-
i'll have to agree with that, but at least it is nice for yourself getting another certificate... :)
Exactly.Quote:
Your definition of ethics may say that being a black hat is completely ethical. It's all up to the person so how can there ever be an "Ethical Hackers Cert."??
Personally (and for all those who pass infront of me for an interview) I don't believe in *any* online cert. To me, it's no different than a take home test given at school. Anyone can give you the answers. The only thing it measures is your ability to dig up data.
I have seen an increase in online certs on resumes. The most common being from BrainBench.com. When I explain to applicants that these certs are complete crap, you'd think I just stole a lolipop from them. LOL.
Industry certs aren't as bad but still, are not an accurate reflection on how someone will perform. To solve this, we developed a series of exercises for those we feel may be worth the time of day. We weigh a number of factors, including how they solve problems we present them with. This is a hands-on exercise that is very efficient in removing paper MSCEs and the like.
For those who enjoy getting the online certs, bravo, have at all you like. Just don't fool yourself into thinking that they have any meaning or value IRL.
Hackers are a over populated group of peaple with a major inferiority complex. Your post proves that. Lets take this for an example... no one ever hardly uses the term computer enthusiast. Why? Simply because the word hacker grabs peaples attention and sounds sexy. Also with the term computer enthusiast... there is almost never a unethical or ethical version of the term and also there no need to move up through some type of "socialised ranking" of who is lame and who isn't. You either enjoy useing a computer or you don't. But wait that would be to easy right? Who would you prove yourself to? What endless quests for belonging and being called something would that involve? Ahahaha! :D You could do everything you mentioned and never have a true and pure interest in computers...Quote:
Its all about a state of being or being called something maybe even all about belonging to something & crap like that. It's gotten so that it's more important than the computer related tasks which peaple use & distorted for their own emotional self-gratifications. So all in all with the quoted comment above I'd say you've passed with flying colors.
Now here is where a lot of issues could surface if we are to go deeper into exactly what ethics represents for each and all of us. Because, first and foremost, I do not agree with your definition of it. [But, as my philosophy ethics course went, we also agreed that it was pretty impossible to really define ethics]Quote:
Originally posted here by LeeBkr311
My question to you is what is your definition of ethics? Ethics are simply an moral code you live by. No one person's ethics are identical to anothers. For example I will rip CD's but I won't do it from my favorite artists, those I insist on going out and buying, that is just an example of my personal ethics. Your definition of ethics may say that being a black hat is completely ethical. It's all up to the person so how can there ever be an "Ethical Hackers Cert."??
-_LeeBkr311_-
The way I see it, ethics attempts to be kind of a set of rules that tell us what we ought to do. That is, give us guidelines on what it would be most appropriate [from an ethical standpoint, obviously] to do in certain situations. There are different sets of ethics: doctors have theirs, lawyers [maybe] have theirs, and as of late computer enthusiasts are developing and defining computer ethics.
What you said makes me think more of morals as they pertain to one individual. That's why I cheat, lie and deceive, because hey it's my choice to do so. So whether my morals dictate me that systems intrusion for monetary benefit is all right, you morals might tell you completely the opposite.
So pretty much, professional ethics [such as an E.H.C.] are there to provide solid guidelines on what ought to be done. If these ethics match your own personal moral values, then it's all right. If at points they are quite opposite... well, that's a choice the individual has to make.
well, i think being called a hacker by other people WITH lots of computer knowledge is a compliment!
i would never call myself by that name, purely since in my opinion a "hacker" always has more knowledge then me, and since you never know it all, i doubt i will ever be a hacker (in my opinion).
To me, a hacker isn't a bad thing, its just someone with enough knowledge of computers (or phones, televisions or whatever) to have the power to change the original intended task to something that more fits his specific needs, and thereby exceeding the bounds that were suppose to be set by the original program.
So, YES i would like to be a hacker in my point of view!
Okay, so here is a question then. According to some in this thread, certs are a waste of time as opposed to experience. Aside from waiting and working in the industry for 10 years so that you have time to see a lot of stuff, how does one a) gain knowledge and experience without being a black hat, and b) gain acknowledgment of that knowledge?
Certifications are worth the time the take. I've only stated that in my opinion the idea of an Ethical Hackers Cert. is ascinine. Personally I think the best way is to get what certs you have to to get in somewhere. In my case a CCNA got me a Co-Op at a fortune 500 company and a gaurenteed job next summer so long as I continue my education but at this point they wouldn't have to hire me I could go somewhere else and get a job because experience working on a global network is priceless. So do what you have to to get experience and certs because just having one for the most part will not cut it. But if you have both you'll be gaurenteed a job somewhere.