Nowadays, hackers all over the world have adopted the battle cry “let the hacking begin”.  This was popularized by Actor Jesse Eisenberg in his portrayal of Facebook Founder and CEO Mark Zuckerberg in the hit movie The Social Network.  This mantra has hence given Systems Administrators and Webmaster sleepless nights as they try to parry wannabe and serious hackers from invading and infesting their websites and networks.  It also encourages hackers to hack away fearlessly and feverishly.

To deter and/or weather these hacking onslaughts, it is best for one to understand how a hacker thinks and acts.  Information Security is not limited administrators alone; it also encompasses every Tom, Dick and Harry who even in his/her fleeting moment just happens to be “just passing by”.  The security ecosystem is an end-to-end process involving experts and consultants all the way down to the average employee and inquiring customer.

Typically, it takes Security Expert years or decades of trial and error before he can have the titled Consultant, Adviser and/or Certified attached to his/her name.  But thanks to the initiatives International Council of Electronic Commerce Consultants (EC-Council), an individual with a good background as a Systems Engineer or Network Analyst can level-up to Certified Ethical Hacker in a matter of 120 hours through the Certified Ethical Hacking (CEH) course.  It is now on its 7th edition since its inception around a decade ago.  As per the EC-Council web site, “the United States Department of Defense has included the CEH program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP)”.

CEHv7 (https://www.eccouncil.org/certification/certified_ethical_hacker.aspx) was launched in the Philippines through an inaugural class of 12 students last March 14, 2011 by MISNet Education Inc.  The 5-day course also included EC-Council “ambassadors” who came from India, Pakistan and Dubai to participate and evaluate the course.  The instructor was a veteran Philippine IT Security Expert who has been teaching the course since CEHv2 back in 2002.  He is one of three Filipino certified CEH trainers.

Seven as the course has been nicknamed has 19 modules, namely Introduction to Ethical Hacking; Foot printing and Reconnaissance; Scanning Networks; Enumeration; System Hacking; Trojans and Backdoors; Viruses and Worms; Sniffers; Social Engineering; Denial of Service; Session Hijacking; Hacking Web Servers; Hacking Web Applications; SQL Injection; Hacking Wireless Networks; Evading IDS, Firewalls and Honeypots; Buffer Overflow; Cryptography; and Penetration Testing.  Course was also updated to encompass Windows Server 8 R2 with Hyper V.

Upon completing the course, the attendee is encouraged to take the CEHv7 Exam (Ethical Hacking and Countermeasures v7) which has 150 questions and is good for 4 hours.  The passing score is 70 percent.  Although it is a difficult exam, the CEHv7 training course prepares the attendee thoroughly with a battery of classroom lectures, field work and laboratory hands-on.  One of the attendees even took the exam prior to the course’s end, and passed it with a score of 76 percent.

Although the course is typically attended by Systems and Network people, it is also recommended for programmers who develop applications that are exposed externally.  These programs are often exposed to attacks like SQL Injection, Port Scanning and Worms to name a few.  A small opening or loophole is precisely what a hacker needs to bring down any application or system, whether is protected by state of the art devices or software.

The course is also a good springboard for careers in Penetration Testing, Security Analyst and Forensic Investigator.  It is also well-recommended for one involved in security, from business owners to IT executives.  Even students or someone with a good IT knowledge can attend the course.

The hands-on lab exercises include Google Hacking; War-Driving, WEP Cracking, SQL Injection; Web Vulnerability Scanning, OS Fingerprinting and Sniffing.  They were executed using off-the-shelf hardware and software running under the Windows and Linux platforms.  As such, attendees were required to fill-up a Non-Disclosure Agreement (NDA) with some “ethical hacking” manifesto prior to the start of the course.  Talk about top secret.

CEHv7 course participants were often quizzed by the instructor on past lessons and reminded to put time for lab work to prepare them for the exam.  He would also give examples or share insights specific to programmers, administrators, and IT specialists.  Hacking gadgets and paraphernalia were also shown to the class for better appreciation.

MISNet Education on the other hand made sure the training venue was very conducive to learning.  They paraded state-of-the-art equipment and training methodologies.  Attendees were also provided a sumptuous buffer lunch and heavy AM and PM snacks.  An after-training social was held on the last day together with simple awarding ceremony where the attendees, EC-Council Ambassadors and Technical Press were recognized by MISNet Education headed by its President, Arnold Cruz.

EC-Council also offers a Master of Security Science who those interested to complete the Security track.  Some of their courses include Cyber Marketing; Wireless Network Architect; Network Security Design; E-Business Design; Cyber Law; Disaster Recovery; E-Commerce Architect; E-business Security; Customer Relationship Management; Supply Chain Management; Enterprise Resource Planning; Project Management; and Knowledge Management.

Certifications include Computer Hacking Forensic Investigator (C|HFI); Certified E-Business Associate (C|EA); Certified E-Business Professional (C|EP); EC-Council Certified Security Analyst (E|CSA); Licensed Penetration Tester (L|PT); Certified E-Business Consultant (C|EC); and Certified Technical Consultant (E++|TC).  Visit the EC-Council site at http://www.eccouncil.org to learn more.

If you wish to learn more about the CEHv7 course or other trainings from EC-Council and Microsoft, kindly contact MISNet Education at +63(2) 846-8300, and look for their Sales Team (Janice Layug, Tina Mendoza or Vzel Bartolome).  You may also visit www.misnet-education.com/learning to know more about their company.  You may also like them on Facebook (www.facebook.com/misnet.education) and follow them on Twitter (www.twitter.com/MISNetEducation).

As the CEHv7 marketing materials would say “Defend your Network against Hackers.  Master the Hacking Technologies. Become a Certified Ethical Hacker.”