A certified ethical hacker (CEH) bears credentials indicating successful completion of a training program and examination in the use of hacking techniques to test computer security. These computing professionals simulate hacking attacks on networks to determine their level of security and identify weak points which may be causes of concern. They can work for consulting firms that send technicians out by request and may also be employed full time by a large company to help manage the security on its network. Alternate terms for members of this profession include white hats and penetration testers.
This credential is offered by the International Council of E-Commerce Consultants. Ethical hackers need to complete a series of course modules covering a variety of network security topics and concerns. When they have finished all the coursework, they can take an examination. If they pass, they receive certification, and can advertise this qualification. While it may not be necessary to be a certified ethical hacker for specific security positions, it can be helpful.
As the name implies, a certified ethical hacker uses the same techniques employed by hackers to penetrate and compromise computer networks, but does so with ethical goals in mind. The hacker can attempt to breach security in a variety of ways, relying on information about the latest exploits seen in the wild. As part of the test, it may be necessary to plant a file or piece of code to show which areas were penetrated successfully, and to trace loopholes in the network that provide openings for hackers. No malicious materials are planted in the system, however.
Working as a certified ethical hacker requires constant research and professional development. As computer security evolves, so do hacks, as they learn to work around it. Communication with people in the industry through conference attendance, mailing lists, paper publications, and so forth can help a certified ethical hacker remain aware of exploits that may be used against an employer. This information can be applied to the development of tighter security for systems, and to new hacking tests used to penetrate the system and find the vulnerable areas.
There is some controversy in the computing community over the idea of an ethical hacker. Some people feel that hacking is inherently unethical, and that this term presents a contradiction; they may prefer to refer to such security specialists as penetration testers, as they feel this is a more accurate reflection of the kind of work they do. Others argue that white hatting or ethical hatting involves more than just attempts to penetrate a system, and that this term is accurate and appropriate. This is especially true in the case of former malicious hackers who choose to work as security consultants and turn their skills to more law-abiding uses.
