Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CEH program and Sybex Study Guide

From: "Wayne Wheeles" <wwheeles () cablespeed com>
Date: Mon, 26 Sep 2011 17:44:25 -0400

SANS is the gold standard

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Gillmer, Renier, VF-NZ
Sent: Monday, September 26, 2011 5:23 PM
To: security-basics () securityfocus com
Subject: RE: CEH program and Sybex Study Guide

I would also have to add a "+1" for SANS.

They have a variety of courses, and most of them are given by people on the
bleeding edge of the InfoSec field.
Also their wide variety of course options are great, and their course
material is some of the best I've seen in the IT industry.

If you have the moola, I would def check out the SANS courses.

-ren

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Larry Marin
Sent: 27 September 2011 10:12 a.m.
To: security-basics () securityfocus com
Subject: RE: CEH program and Sybex Study Guide

SANS is #1  no question



Larry Marin CISSP; CISM; CRISC CEH; G7799; NSA IAM/IEM etc etcra 
Information Security



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Tony Johnson
Sent: Monday, September 26, 2011 4:37 PM
To: security-basics () securityfocus com
Subject: RE: CEH program and Sybex Study Guide

What would be considered superior training. I hold the following
Certifications. I am now focusing on security as my carrer. What are The
best most infective courses from an operations prospective.

MCP,MCSA,MCSE,MCTS,MCTIP,VCP,CCNA,CIW,Project+

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Gage Bystrom
Sent: Monday, September 26, 2011 1:00 PM
To: security-basics () securityfocus com
Subject: Re: CEH program and Sybex Study Guide

Can't say I have any to be honest. However I collect  study materials for
various certifications and the likes to plan out what I may consider
getting. Unfortunately only a few make that list since I am more of an
independent learner. Most certifications are nothing but
shiny(maybe) pieces of paper to me.

In particular all of the resources I've collected on CEH, it is particularly
noteworthy in the entire course can be summed up be reading whatever the
latest core Hacking Exposed book is out at the moment.

While such information is critical for beginners it simply isn't enough in
the practical world. It'll help land you the job, but unless the security is
super low and susceptible to trivial attacks, it isn't enough to land you
the "box".

I don't know how many security professionals hang out in areas where they
come in contact with the underground(not talking carders here), but if you
ask around and get a reply it becomes blazingly obvious that a lot of
certifications are waay off when it comes to a realistic targeted attack.
Simply because an authorized penetration tester doesn't have to worry about
the same things a malicious attacker has to do. Pentesters can take
shortcuts and are almost religiously taught such shortcuts in
certifications, books, and methodology. These shortcuts WILL make you miss
what a malicious attacker WON'T miss.

Hence if you're only training is coming from something like CEH, and your
not heavily learning from far superior sources, then you will be sorely
lacking when it is time to face the music, providing yet another
embarrassment to the industry.

On Mon, Sep 26, 2011 at 12:40 PM, Hanson Coffie Kyeremeh
<Hanson.Kyeremeh () vodafone com> wrote:

Hi Gage,
What certifications do you have?
Best Regards,
Hanson Coffie Kyeremeh
Network & OSS Security Manager
Vodafone Ghana
Cell:+233202001119

Sent from Vodafone BlackBerry® Smartphone

----- Original Message -----
From: listbounce () securityfocus com <listbounce () securityfocus com>
To: security-basics () securityfocus com 
<security-basics () securityfocus com>
Sent: Mon Sep 26 19:28:59 2011
Subject: Re: CEH program and Sybex Study Guide

CEH is good for getting a job, not for knowledge. Any serious hacker 
would laugh at the content CEH covers. I would advise only taking it 
if you plan on heavily supplementing it with real knowledge.

On Mon, Sep 26, 2011 at 12:11 PM, gig <gigabit () satx rr com> wrote:

Alberto,

I've been through a week long CEH class taught by Global Knowledge.  
The content was ok, but I was frustrated in that the instructor 
couldn't talk about how to defend against these attacks.

Regardless, if you have an interest in hacking, yes, you should 
pursue this certification...and yes, it will help you gain 
credibility as an Information Security professional.

Since we don't know your knowledge or experience level, it's 
difficult to know if this is best use of your time.......but the this 
general statement will always hold true:

All things being equal, having certifications is better than not 
having them.

Hope this helps you.


----- Original Message ----- From: "Alberto Medina" 
<amedinaj () gmail com>
To: <security-basics () securityfocus com>
Sent: Saturday, September 24, 2011 1:59 PM
Subject: CEH program and Sybex Study Guide


Hi all,
I know maybe in this list you have talk a lot about CEH program, but 
I want to know what do you really think about this program (CEH)? Is 
this really useful to start in information security? And what do you 
think about the Sybex Study Guide, by "Kimberly Grave"?
I do this question because a couple of years ago I took the CompTIA
Security+ exam and passed it, but I wanna to continue the preparation 
Security+ in the
field of information security and Ethical hacking, and someone 
recommended me the "Certified Ethical Hacker" certification as a good 
way to continue the path, so a bought the Sybex Study Guide for the 
exam, but I don't see a lot of difference between the content of 
Security+ program and this one, I thought I'd find the CEH deeper in the

subject than Security+ program.

In fact, I found this Sybex guide is not very actual, there's not any 
mention to Windows 7 or even Vista, the tools mentioned are kind of 
old, in the "cracking password" section they don't talk about rainbow 
tables, only a littler mention; in the "backdoor" sections she (the 
author) recommend adding an additional hard disk to the computer and 
boot from there for protection using the backdoor she mention, or buy 
a Windows netbook, but it's not better using a VM in for testing?
Anyway, I just want to know what you think about this program? If 
not, what do you recommend for continue the path to Ethical Hacking 
and Information Security.

Thank you and best regards,
Alberto Medina

(Excuse my English :) )



----------------------------------------------------------------------------
-------------------
Have you seen our website?.... http://www.vodafone.co.nz

Manage Your Account, check your Vodafone Mail and send web2TXT online:
http://www.vodafone.co.nz/myvodafone

CAUTION: This correspondence is confidential and intended for the named
recipient(s) only.
If you are not the named recipient and receive this correspondence in error,
you must not copy,
distribute or take any action in reliance on it and you should delete it
from your system and
notify the sender immediately.  Thank you.

Unless otherwise stated, any views or opinions expressed are solely those of
the author and do
not represent those of Vodafone New Zealand Limited.

Vodafone New Zealand Limited
20 Viaduct Harbour Avenue, Private Bag 92161, Auckland 1142
Telephone + 64 9 355 2000
Facsimile + 64 9 355 2001

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: