Home page logo

basics logo Security Basics mailing list archives

RE: CEH program and Sybex Study Guide
From: "Gillmer, Renier, VF-NZ" <Renier.Gillmer () vodafone com>
Date: Tue, 27 Sep 2011 10:23:16 +1300

I would also have to add a "+1" for SANS.

They have a variety of courses, and most of them are given by people on the bleeding edge of the InfoSec field.
Also their wide variety of course options are great, and their course material is some of the best I've seen in the IT 

If you have the moola, I would def check out the SANS courses.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Larry Marin
Sent: 27 September 2011 10:12 a.m.
To: security-basics () securityfocus com
Subject: RE: CEH program and Sybex Study Guide

SANS is #1  no question

Larry Marin CISSP; CISM; CRISC CEH; G7799; NSA IAM/IEM etc etcra 
Information Security

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Tony Johnson
Sent: Monday, September 26, 2011 4:37 PM
To: security-basics () securityfocus com
Subject: RE: CEH program and Sybex Study Guide

What would be considered superior training. I hold the following Certifications. I am now focusing on security as my 
carrer. What are The best most infective courses from an operations prospective.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gage Bystrom
Sent: Monday, September 26, 2011 1:00 PM
To: security-basics () securityfocus com
Subject: Re: CEH program and Sybex Study Guide

Can't say I have any to be honest. However I collect  study materials for various certifications and the likes to plan 
out what I may consider getting. Unfortunately only a few make that list since I am more of an independent learner. 
Most certifications are nothing but
shiny(maybe) pieces of paper to me.

In particular all of the resources I've collected on CEH, it is particularly noteworthy in the entire course can be 
summed up be reading whatever the latest core Hacking Exposed book is out at the moment.

While such information is critical for beginners it simply isn't enough in the practical world. It'll help land you the 
job, but unless the security is super low and susceptible to trivial attacks, it isn't enough to land you the "box".

I don't know how many security professionals hang out in areas where they come in contact with the underground(not 
talking carders here), but if you ask around and get a reply it becomes blazingly obvious that a lot of certifications 
are waay off when it comes to a realistic targeted attack. Simply because an authorized penetration tester doesn't have 
to worry about the same things a malicious attacker has to do. Pentesters can take shortcuts and are almost religiously 
taught such shortcuts in certifications, books, and methodology. These shortcuts WILL make you miss what a malicious 
attacker WON'T miss.

Hence if you're only training is coming from something like CEH, and your not heavily learning from far superior 
sources, then you will be sorely lacking when it is time to face the music, providing yet another embarrassment to the 

On Mon, Sep 26, 2011 at 12:40 PM, Hanson Coffie Kyeremeh <Hanson.Kyeremeh () vodafone com> wrote:
Hi Gage,
What certifications do you have?
Best Regards,
Hanson Coffie Kyeremeh
Network & OSS Security Manager
Vodafone Ghana

Sent from Vodafone BlackBerry® Smartphone

----- Original Message -----
From: listbounce () securityfocus com <listbounce () securityfocus com>
To: security-basics () securityfocus com 
<security-basics () securityfocus com>
Sent: Mon Sep 26 19:28:59 2011
Subject: Re: CEH program and Sybex Study Guide

CEH is good for getting a job, not for knowledge. Any serious hacker 
would laugh at the content CEH covers. I would advise only taking it 
if you plan on heavily supplementing it with real knowledge.

On Mon, Sep 26, 2011 at 12:11 PM, gig <gigabit () satx rr com> wrote:

I've been through a week long CEH class taught by Global Knowledge.  
The content was ok, but I was frustrated in that the instructor 
couldn't talk about how to defend against these attacks.

Regardless, if you have an interest in hacking, yes, you should 
pursue this certification...and yes, it will help you gain 
credibility as an Information Security professional.

Since we don't know your knowledge or experience level, it's 
difficult to know if this is best use of your time.......but the this 
general statement will always hold true:

All things being equal, having certifications is better than not 
having them.

Hope this helps you.

----- Original Message ----- From: "Alberto Medina" 
<amedinaj () gmail com>
To: <security-basics () securityfocus com>
Sent: Saturday, September 24, 2011 1:59 PM
Subject: CEH program and Sybex Study Guide

Hi all,
I know maybe in this list you have talk a lot about CEH program, but 
I want to know what do you really think about this program (CEH)? Is 
this really useful to start in information security? And what do you 
think about the Sybex Study Guide, by "Kimberly Grave"?
I do this question because a couple of years ago I took the CompTIA
Security+ exam and passed it, but I wanna to continue the preparation 
Security+ in the
field of information security and Ethical hacking, and someone 
recommended me the "Certified Ethical Hacker" certification as a good 
way to continue the path, so a bought the Sybex Study Guide for the 
exam, but I don't see a lot of difference between the content of 
Security+ program and this one, I thought I'd find the CEH deeper in the subject than Security+ program.
In fact, I found this Sybex guide is not very actual, there's not any 
mention to Windows 7 or even Vista, the tools mentioned are kind of 
old, in the "cracking password" section they don't talk about rainbow 
tables, only a littler mention; in the "backdoor" sections she (the 
author) recommend adding an additional hard disk to the computer and 
boot from there for protection using the backdoor she mention, or buy 
a Windows netbook, but it's not better using a VM in for testing?
Anyway, I just want to know what you think about this program? If 
not, what do you recommend for continue the path to Ethical Hacking 
and Information Security.

Thank you and best regards,
Alberto Medina

(Excuse my English :) )

Have you seen our website?.... http://www.vodafone.co.nz

Manage Your Account, check your Vodafone Mail and send web2TXT online: http://www.vodafone.co.nz/myvodafone

CAUTION: This correspondence is confidential and intended for the named recipient(s) only.
If you are not the named recipient and receive this correspondence in error, you must not copy,
distribute or take any action in reliance on it and you should delete it from your system and
notify the sender immediately.  Thank you.

Unless otherwise stated, any views or opinions expressed are solely those of the author and do
not represent those of Vodafone New Zealand Limited.

Vodafone New Zealand Limited
20 Viaduct Harbour Avenue, Private Bag 92161, Auckland 1142
Telephone + 64 9 355 2000
Facsimile + 64 9 355 2001

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]