This text, the CEH Official Certified Ethical Hacker Review Guide, is a study aide for the Certified Ethical Hacker (CEH) exam offered by the International Council of Electronic Commerce Consultants (EC-Council), and it provides a superb overview of how hackers penetrate information systems and what can be done to stop them. It is not, however, the only resource you’ll need to master the trade or to pass the certification exam.
Author Kimberly Graves provides a quick, convenient summary on how to hack and render security counterpoints, with each chapter covering a specific topic or platform.
Among the book’s most useful features are lists of hacking tools and countermeasures geared toward each one. Well-crafted diagrams explain the steps in the hacking process.
From these illustrations, even a novice will see that hacking is not a mysterious, arcane art known only to gifted manipulators of programming code. Rather, it is a series of systematic steps that can be disrupted by savvy information security professionals.
On the downside, the guide offers only thin slices of information, not prime rib. Some chapters are extremely brief, most notably the chapter on cryptography, which is only eight pages long. The glossary is also poor; composed mostly of one-line definitions.
The included CD-ROM offers the same lean content found in the text. While the two practice tests on the CD-ROM are useful for a quick review, the electronic flash cards provide brief answers with little insight or background, and the electronic glossary offers nothing beyond the print version. An electronic version of the entire text would have been useful, but it is not provided.
Fittingly, the guide directs the reader to additional resources. Security professionals should follow this text with Certified Ethical Hacker by Michael Gregg.
As with any profession, there’s no substitute for experience. If you’ve never tried Ethereal to sniff IP traffic or used Snort as an intrusion detection system, you won’t have a feel for the subject.
Readers should not assume that the book is a computer study guide for the CEH examination. Those seeking their CEH certification should use the book as a capstone atop more detailed study.
(Published by Sybex, www.sybex.com (Web); 238 pages; $29.99.)
Reviewed by Ronald L. Mendell, CISSP (Certified Information Systems Security Professional) is a security consultant and is the author of Document Security: Protecting Physical and Electronic Content. He teaches computer security at Austin Community College in Austin, Texas.