RE: CEH program and Sybex Study Guide

["Tony Johnson" <TonyJ () aemf org>]

What would be considered superior training. I hold the following
Certifications. I am now focusing on security as my carrer. What are
The best most infective courses from an operations prospective.

MCP,MCSA,MCSE,MCTS,MCTIP,VCP,CCNA,CIW,Project+

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gage Bystrom
Sent: Monday, September 26, 2011 1:00 PM
To: security-basics () securityfocus com
Subject: Re: CEH program and Sybex Study Guide

Can't say I have any to be honest. However I collect  study materials
for various certifications and the likes to plan out what I may
consider getting. Unfortunately only a few make that list since I am
more of an independent learner. Most certifications are nothing but
shiny(maybe) pieces of paper to me.

In particular all of the resources I've collected on CEH, it is
particularly noteworthy in the entire course can be summed up be
reading whatever the latest core Hacking Exposed book is out at the
moment.

While such information is critical for beginners it simply isn't
enough in the practical world. It'll help land you the job, but unless
the security is super low and susceptible to trivial attacks, it isn't
enough to land you the "box".

I don't know how many security professionals hang out in areas where
they come in contact with the underground(not talking carders here),
but if you ask around and get a reply it becomes blazingly obvious
that a lot of certifications are waay off when it comes to a realistic
targeted attack. Simply because an authorized penetration tester
doesn't have to worry about the same things a malicious attacker has
to do. Pentesters can take shortcuts and are almost religiously taught
such shortcuts in certifications, books, and methodology. These
shortcuts WILL make you miss what a malicious attacker WON'T miss.

Hence if you're only training is coming from something like CEH, and
your not heavily learning from far superior sources, then you will be
sorely lacking when it is time to face the music, providing yet
another embarrassment to the industry.

On Mon, Sep 26, 2011 at 12:40 PM, Hanson Coffie Kyeremeh
<Hanson.Kyeremeh () vodafone com> wrote:
> Hi Gage,
> What certifications do you have?
> Best Regards,
> Hanson Coffie Kyeremeh
> Network & OSS Security Manager
> Vodafone Ghana
> Cell:+233202001119
>
> Sent from Vodafone BlackBerry® Smartphone
>
> ----- Original Message -----
> From: listbounce () securityfocus com <listbounce () securityfocus com>
> To: security-basics () securityfocus com <security-basics () securityfocus com>
> Sent: Mon Sep 26 19:28:59 2011
> Subject: Re: CEH program and Sybex Study Guide
>
> CEH is good for getting a job, not for knowledge. Any serious hacker
> would laugh at the content CEH covers. I would advise only taking it
> if you plan on heavily supplementing it with real knowledge.
>
> On Mon, Sep 26, 2011 at 12:11 PM, gig <gigabit () satx rr com> wrote:
> > Alberto,
> >
> > I've been through a week long CEH class taught by Global Knowledge.  The
> > content was ok, but I was frustrated in that the instructor couldn't talk
> > about how to defend against these attacks.
> >
> > Regardless, if you have an interest in hacking, yes, you should pursue this
> > certification...and yes, it will help you gain credibility as an Information
> > Security professional.
> >
> > Since we don't know your knowledge or experience level, it's difficult to
> > know if this is best use of your time.......but the this general statement
> > will always hold true:
> >
> > All things being equal, having certifications is better than not having
> > them.
> >
> > Hope this helps you.
> >
> >
> > ----- Original Message ----- From: "Alberto Medina" <amedinaj () gmail com>
> > To: <security-basics () securityfocus com>
> > Sent: Saturday, September 24, 2011 1:59 PM
> > Subject: CEH program and Sybex Study Guide
> >
> >
> > Hi all,
> > I know maybe in this list you have talk a lot about CEH program, but I want
> > to know what do you really think about this program (CEH)? Is this really
> > useful to start in information security? And what do you think about the
> > Sybex Study Guide, by "Kimberly Grave"?
> > I do this question because a couple of years ago I took the CompTIA
> > Security+ exam and passed it, but I wanna to continue the preparation in the
> > field of information security and Ethical hacking, and someone recommended
> > me the "Certified Ethical Hacker" certification as a good way to continue
> > the path, so a bought the Sybex Study Guide for the exam, but I don't see a
> > lot of difference between the content of Security+ program and this one, I
> > thought I'd find the CEH deeper in the subject than Security+ program.
> > In fact, I found this Sybex guide is not very actual, there's not any
> > mention to Windows 7 or even Vista, the tools mentioned are kind of old, in
> > the "cracking password" section they don't talk about rainbow tables, only a
> > littler mention; in the "backdoor" sections she (the author) recommend
> > adding an additional hard disk to the computer and boot from there for
> > protection using the backdoor she mention, or buy a Windows netbook, but
> > it's not better using a VM in for testing?
> > Anyway, I just want to know what you think about this program? If not, what
> > do you recommend for continue the path to Ethical Hacking and Information
> > Security.
> >
> > Thank you and best regards,
> > Alberto Medina
> >
> > (Excuse my English :) )
> >
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate.  We look at how SSL works, how it benefits your company and how
> > your customers can tell if a site is secure. You will find out how to test,
> > purchase, install and use a thawte Digital Certificate on your Apache web
> > server. Throughout, best practices for set-up are highlighted to help you
> > ensure efficient ongoing management of your encryption keys and digital
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
> >
> >
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate.  We look at how SSL works, how it benefits your company and how
> > your customers can tell if a site is secure. You will find out how to test,
> > purchase, install and use a thawte Digital Certificate on your Apache web
> > server. Throughout, best practices for set-up are highlighted to help you
> > ensure efficient ongoing management of your encryption keys and digital
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------