Greetings All:

My name is knwminus and I am new to the forum. I have a quick question about C|EH. I know this is a pen testers certification and my goal is to get into network security (router/switches firewalls etc). My question is, would the C|EH be a better cert for Sysadmins (*nix, windows, etc) or for Network Engineers (Cisco/Juniper, Checkpoint etc)? I personally think it would be better for Sysadmins but that doesn't mean I don't want to do it. I am just curious to get the expert opinion here.


Thanks all,

knwminus

From my perspetive the C|EH, eventhough the cert is geared more towards penetration testing/ethical hacking, it is a good cert for those who want to know about network security (and even sysadmins), because you learn how to exploit the weaknesses in computing systems such as routers, switches, and firewalls ( and *NIX and Windows).

I took the certification to better understand the threats against computing systems, in order to better defend against them.  To see what an attack looks like from the inside.

If you are interested in network security, CEH is not a bad certification, but there may be other certifications which may be taylored more towards your goals like some SANS courses (perimeter security) or even the general Security plus if you are looking for more entry level.

I think C|EH would be an excellent 'primer', as you'd called it, for GPEN, OSCP and others.  That said, it's still a good course for BOTH sysadmins and network engineering folks, as much of what it teaches, besides tools, is conceptual thinking, hacker mindset, and other areas which either side needs to understand, if they truly want to be security-minded in their jobs.  Now, if you NEVER intend to go into the sysadmin side, then it might not be where you want to start, as you might find other certs geared more directly toward network engineering (or vice versa,) and so you have to decide where you truly want to focus.

But if you want to be well-rounded, it's a good cert to have.  (Besides, a GOOD network engineer should, IMHO, have at least a grasp of what the sysadmins deal with, etc, to be effective and 'cooperative' in their working environment.)  When I deal with companies and help them interview, etc, I look for rounded individuals, as those that are too focused on the network engineering or sysadmin sides, solely, tend to be difficult to work with when problems and issues arise.  There's not an issue studying and working on one specific area, but I prefer the folks to be at LEAST basically studied in other technical areas.  So in security, it never hurts to understand both sides of the equation.

For instance, suppose a security-based sysadmin comes to you, as a network engineer, and asks for traces or log data from your routers and switches, saying they've been experiencing what they think is a worm, or some other security risk.  It helps you to understand and calm them, as you gather the data, if you have at least a basic understanding of what the worm does, and how it affects end-users, and the rest of the environment.  Consequently, if you're the sysadmin, often times your network engineers don't even want to discuss their environment with you, unless you can give them data that means something in their terminology, so it helps to be open minded and again, at least a little bit cross-trained.

That's where C|EH and other certs benefit you, as they give you much more useful information and understanding of how hacking tools and things work, with relation to the overall picture.  They also help to guide you in methodologies for testing your security, and to do so in a routine manner, by which you're less likely to miss things, and present a much clearer picture to those who need to see / hear it.  So I'd say, it's worth your time, one way or another, if you plan to study security.  As to where you put it in your priority list, that's up to you, based on your time, your other study plans, and resources available to you.

Good luck, and let us know where your studies lead!

hayabusa: I like your post, this is my way to think about security certification.

Thanks for the advice guys. I think I have my hands full with what I already have planned but C|EH will be on my to do list (probably early to mid 2011). I want to get the SSCP done before I do the OSCP so SSCP will also be on my to do list.

If that's the case (RE: v3) then I'm glad my funding got delayed by a month or so.  I'll likely be registering around beginning of May, so I'll look forward to the newer stuff, then!

Thanks guys. I think I have the information I need now. C|EH will be on my to do list, after CCNP and during SSCP/CCSP. With the recent changes to the test (other post has said the C|EH is now DOD approved) maybe its popularity will pick up.