INTRODUCTION
Welcome, dear reader! I sincerely hope you’ve found your way here to this introduction happy, healthy, and brimming with confidence—or, at the very least, curiosity. I can see you there, standing in your bookstore flipping through the book, or sitting in your living room, clicking through virtual pages at some online retailer. And you’re wondering whether you’ll buy it or not—whether this is the book you need for your study guide. You probably have perused the outline, checked the chapter titles—heck, you may have even read that great author bio they forced me to write. And now you’ve found your way to this—the introduction. Sure, this intro is supposed to be designed to explain the ins and outs of the book—to lay out its beauty and crafty witticism in such a way that you just can’t resist buying it. But I’m also going to take a moment and explain the realities of the situation, and let you know what you’re really getting yourself into.
This isn’t a walk in the park. Certified Ethical Hacker (CEH) didn’t gain the reputation and value it has by being easy to attain. It’s a tough, challenging examination that tests more than just simple memorization. It’s worth has elevated it as one of the top certifications a technician can attain, and is now a part of DoD 8570’s call for certification on DoD networks. In short, this certification actually means something to employers, because they know the effort it takes to attain it. If you’re not willing to put in the effort, maybe you should pick up another line of study. Like cake decorating. Or Sudoku.
All that said, I can think of a couple of groups who will be interested in this book. The first group is easy to spot. There you are, with your eyes bright and shining, the glow of innocent expectation on your faces. Either you’re new to the career field or you’re curious and want to expand your knowledge. In either case, step over here to the entrance sign with me. Come on, you’ve seen one before—it’s just like the one out in front of the roller coaster reading, “You must be this tall to enter the ride.” However, this one’s just a little different. Instead of your height, I’m interested in your knowledge, and I have a question or two for you. Do you know the OSI Reference Model? What port does SMTP use? How about Telnet? What transport protocol (TCP or UDP) do they use and why?
Why am I asking these questions? Because, dear reader, I’m trying to save you some agony. Just as you wouldn’t be allowed on a roller coaster that could potentially fling you off into certain agony and/or death, I’m not going to stand by and let you waltz into something you’re not ready for. If any of these questions I asked seem otherworldly to you, you need to spend some time studying the mechanics and inner workings of networking before attempting this certification. As brilliantly written as this little tome is, it—nor any other book—is a magic bullet.
Don’t get me wrong—go ahead and buy it—you’ll want it later. All I’m saying is you need to learn the basics before stepping up to this plate. I didn’t bother to drill down into the basics in this book because it would have been 20,000 pages long and scared you off right there at the rack without you even picking it up. Instead, I want you to go learn the “101” stuff first so you can be successful with this book. It won’t take long, and it’s not rocket science. (Heck, this yahoo from Alabama figured it out—how tough can it be for you?) However, it’s gotta be done. There is plenty in here for the beginner, though, trust me. I wrote it in the same manner I learned it: simple, easy, and hopefully fun. This stuff isn’t necessarily hard, you just need the basics out of the way first. I think you’ll find, then, this book perfect for your goals.
As for the second group—those of you who have already put your time in and know the basics—I think you’ll find this book pleasantly surprising. You’re obviously aware by now that technology isn’t magic, nor is it necessarily difficult or hard to comprehend—it’s just learning how something works so you can use it to your advantage. I tried to attack ethical hacking in this manner, making things as light as possible and laughing a little along the way. Combine this book with some hands-on practice, and I don’t think you’ll have any trouble at all with the exam.
There is, of course, one primary goal and focus of this book—to help you achieve the title of Certified Ethical Hacker by passing the Version 7 exam. I believe this book provides you with everything you’ll need to pass the test. However, I’d like to think this little book has more to it than that. Hopefully, I also succeeded in another goal that’s just as important: helping you to actually become an employed ethical hacker. No, there is no way someone can simply pick up a book and magically become a seasoned IT Security professional just by reading it, but I sincerely hope I’ve provided enough realworld insight that you can safely rely on keeping this book around on your journey out there in the real world.
How to Use This Book
This book covers everything you’ll need to know for EC-Council’s Version 7 of the Certified Ethical Hacker examination. Each chapter covers specific objectives and details for the exam, as defined by EC-Council. I’ve done my best to arrange them in a manner that makes sense, and I hope you see it the same way.
Each chapter has several components designed to effectively communicate the information you’ll need for the exam:
• The certification objectives covered in each chapter are listed first, right off the bat. These identify the major topics within the chapter, and help you to map out your study.
• Sidebars are included in each chapter and are designed to point out information, tips, and stories that will be helpful in your day-to-day responsibilities. Not to mention they’re just downright fun sometimes. Please note, though, that although these entries provide real-world accounts of interesting pieces of information, they are sometimes used to reinforce testable material. Don’t just discount them as simply “neat”—some of the circumstances and tools described in these sidebars may prove the difference in correctly answering a question or two on the exam.
• Exam Tips are exactly what they sound like. These are included to point out a focus area you need to concentrate on for the exam. No, they are not explicit test answers. Yes, they will help you focus your study.
• Specially called out Notes are part of each chapter, too. These are interesting tidbits of information that are relevant to the discussion and point out extra information. Just as with the sidebars, don’t discount them.
• Some chapters have step-by-step exercises designed to provide a hands-on experience and to reinforce the chapter information. As your system and circumstances are no doubt different from mine, these may, from time to time, need a little adjustment on your end. For additional information on the exercises—and any of the tools listed in the book, for that matter—visit your favorite search engine. I guarantee you’ll find more than enough videos and tutorials already created to whet your appetite.
The Examination
Before I get to anything else, let me be crystal clear: This book will help you pass your test. I’ve taken great pains to ensure everything EC-Council has asked you to know before taking the exam is covered in the book, and I think it’s covered pretty darn well. The only cautionary note I’d place here is to not use this book as your sole source of study. This advice goes for any book for any certification: You simply cannot expect to pick up a single book and pass a certification exam. You need practice. You need hands-on experience. And you need to practice some more.
Yes, I’m fully confident this book is a great place to start, and a good way to guide your study. Just don’t go into this exam without performing some (a lot of) hands-on practice with the tools. There is simply no substitute for experience, and I promise you, come test time, you’ll be glad you put your time in.
Speaking of the test, these tidbits should help you:
• Be sure to pay close attention to the Exam Tips in the chapters. They are there for a reason. And retake the exams—both the end-of-chapter exams and the exams available for download—until you’re sick of them. They will help, trust me.
• The exam is 150 questions, all multiple choice, and you are allowed to mark, and skip, questions for later review. Go through the entire exam, answering the ones you know beyond a shadow of a doubt. On the ones you’re not sure about, choose an answer anyway and mark the question for further review (you don’t want to fail the exam because you ran out of time and had a bunch of questions that didn’t even have an answer chosen). At the end, go back and look at the ones you’ve marked. Only change your answer if you are absolutely, 100-percent sure about it.
• You will, with absolute certainty, see a couple of types of questions that will blow your mind. One or two will come totally out of left field. I’ve taken the CEH exam three times—from version 5 to the current version 7 (which this book is written for)—and every single time I’ve seen questions that seemed so far out of the loop I wasn’t sure I was taking the right exam. When you see them, don’t panic. Use deductive reasoning and make your best guess. Almost every single question on this exam can be whittled down to at least 50/50 odds on a guess. The other type of question you’ll see will use some very bad grammar in regard to the English language. Just remember this is an international organization and sometimes things don’t translate so easily.
• On code questions on the exam (where code snippets are shown for you to answer questions on), pay attention to port numbers. Even if you’re unsure about what generated the log or code, you can usually spot the port numbers pretty quickly. This will definitely help you on a question or two. Additionally, don’t neglect the plaintext on the right side of the code snippet. It can very often show you what the answer is.
And finally, dear reader, thank you for picking this book up. I sincerely hope your exam goes well, and wish you the absolute best in your upcoming career. Here’s hoping I see you out there, somewhere and sometime!