Product: 0789735318

The previous poster did bring up a good point: this book will not teach you how to hack. It WILL help you pass the CEH exam. It lays a very good foundation, and the only reason I give it 4 stars was because it was lacking the detail and depth to be fully comprehensive.

Keep in mind, that this book is meant for people who do have an administration background and who happen to be pretty familiar with Linux and Windows. The book is written for that group of people because without that experience, you probably won’t have the experience necessary to be a CEH.

I happen to read all 3 books for the CEH that are listed on Amazon. The Sybex book, the EC-council book, and this book. By far, this book was the best out of the 3. The Sybex book was a waste of money as it wasn’t as good as this book and it had even less depth. The EC-council book had a bit more detail in some topics, although it lacked cohesion and was poor at presenting the thought behind it. I think this book and the EC-council book compliment each other, and give you a pretty good idea of what you actually need to know. I would start with this book and finish up with the EC-council book and/or courseware. My reasoning is that you should set the foundation first and this book does that.

Also, as with hacking, google is an excellent resource. These two books won’t be enough to fill all the holes, but the internet is a damned good filler.

In conclusion this book provides for pretty good preparation for the actual test, and is a comfortable read.

ABOUT THE TEST:

150 questions, you have 4 hours. I took only 2 and scored an 86%. 70% is passing. I studied for only two weeks, but have extensive background in the subject area.

The test is very specific, and you are expected to know the material in detail - NOT just concepts. The test is geared towards people with security experience, and the test questions are true to that purpose. It will be very difficult to pass if you:
1) Don’t know linux
2) Don’t understand Microsoft’s OS and operations
3) never actually used any of the hacking tools

Linux is not a MAJOR part of the test, but there are enough questions on linux command line operations to make a difference.

Keep in mind, just reading alone will not let you pass this test. It is very important that you try out the most popular and important tools (firsthand!). You will be asked about specific commands, and be expected to know them. Know nmap, snort, hping2, tracert and tcpdump down cold. Know the ICMP codes and types. The only way you learn this stuff is to actually practice it.

This really isn’t an entry level test at all. Even if you know all your stuff, the test isn’t easy to pass. I’d strongly encourage that people take some practice with actual pen testing before they try this test (use vmware to simulate a target if you cant throw a home made lab together). If you don’t actually try this stuff out, your odds of passing will plummet.

About 10% of the questions are what I’d consider bad questions - either they are unclear, or ambiguous or poorly word… Without violating the NDA - one of the questions parallel the following examples: Can you establish tcp sessions while spoofing your ip address? The answer is: it depends - are you sniffing the outgoing traffic? If so, then it is certainly possible.. otherwise there is no way you’ll establish a tcp connection. What if the question doesn’t specify, and the answer hinges on this? This type of ambiguous situation happened on at least 10 questions. This will lose you points right off the bat, because to no fault of your own you won’t be able to determine the valid answers.

Good luck!
Rating: 4
0789735318
Count: 5