Customer Reviews

CEH Certified Ethical Hacker Study Guide

5 star:		(4)
4 star:		(2)
3 star:		(1)
2 star:		(2)
1 star:		(0)

 

 

I've been shopping Amazon for years but this is the first time I was compelled to leave a review. I've been doing IT security, server administration and general networking for roughly 15 years now. I've read beautifully written, well organized works of genius (Shon Harris - CISSP All-in-one..., Nemeth/Snyder/Hein - Linux Administration Handbook, etc). I've also endured a few slapped-together, ill-composed, tomes of wasted wood.

This book qualifies as the latter. There is little - if any - flow to the way the book is written. It's as if random sentences on a given subject were strung together to complete the book. Throughout the book you find paragraphs that simply restate the information provided in the preceding paragraph. You really get the impression the author was forced to crank this out to meet an early deadline. Assuming you can choke through the text, you'll find numerous contradictions and errors among each chapter's Q&A.

Frankly, I'm stunned Sybex would publish this drivel.

I had no problems with the seller. The used book arrived on schedule and looked brand new.

Disclaimer: I have not finished reading this book, and I'm not sure I want to.

I bought CEH Certified Ethical Hacker Study Guide on Amazon because it is the most recently published (2010) of several CEH study guides and because it has been through more than one edition. Had I been able to leaf through the book for about five minutes, I would have put it back on the shelf.

Consider these passages:

"Most hacking attempts occur from within an organization and are perpetuated by employees, contractors, or others in a trusted position." (p 8)

"Buffer overflows and SQL injection are used primarily against application servers that contain databases of information." (p 11)

If you know enough about information security to see the problems with the above statements, would you want to spend your time reading the rest of this book? More importantly, if you don't know enough about information security to see the problems with the above statements, should you entrust your professional development to this book?

Here's another profound insight:

"Many ethical hackers acting in the role of security professionals use their skills to perform security evaluations or penetration tests. These tests and evaluations have three phases, generally ordered as follows: Preparation, Conduct Security Evaluation, Conclusion." (p 17)

How about a Review Question from the end of Chapter 1:

5. The security, functionality, and ease of use triangle illustrates which concept?
A. As security increases, functionality and ease of use increase.
B. As security decreases, functionality and ease of use increase.
C. As security decreases, functionality and ease of use decrease.
D. Security does not affect functionality and ease of use.

Ready for the answer?

"B. As security increases, it makes it more difficult to use and less functional." (p 29)

Are you catching my drift? If a book has problems like this with the easy concepts, how much confidence should be placed in its more technical sections?

I'm not here to flame Kimberly Graves, who might otherwise be a very fine author. However, based on my experience with the first three chapters, I'm not inclined to commend this book to the potential reader. I really hope there are better study guides out there.

I'll close with a message from Neil Edde, Sybex Vice President and Publisher:

"With each of our titles, we're working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available." (p v)

Keep trying, Neil. And you might consider boosting the copy editing budget while you're at it. Start your editors off with this paragraph:

"Checking for open ports is the second step in the CEH scanning methodology. Port scanning is the method used to check for open ports. The process of port scanning involves probing each port on a host to determine which ports are open..." (p 69)

- - - - -

UPDATE:

Well, I've made it to the fifth chapter, and I AM stopping. Although the book was revised in 2010, it appears that parts of it have not been updated since the heyday of Windows 2000. The text itself reads more like a set of lecturer's notes, hastily pulled together for publication.

As a study guide, it's starting to create more questions than answers about what's going to be on the exam. I may come back to it later, but at this point I'd rather not clutter up my head with useless (and possibly questionable) material.

I would caution the people who are using this text as an introduction to "ethical hacking" -- this book may (or may not) help you get that cert, but it's not giving you a very useful picture of the field. There are much better information security books out there. Unfortunately, none of them appear to be CEH-specific.

I'd recommend skipping the first 100 pages of the CEH Study Guide. Try Gray Hat Hacking (3rd edition) for a far more realistic introduction to the field of ethical hacking. Then go to Hacking Exposed (6th Edition) for coverage of footprinting, scanning, and enumeration. You'll come back to these books anyway, if you stay in this field, so it's not money wasted. Use the CEH Study Guide to help you outline your own crib sheet for the test. But watch out, because a lot of things have seem to have happened since this text was written.

If anyone has run across a well-written, up-to-date CEH book, do us a favor and let us know.

I managed to read this book very quickly (2 nights) and found it rather enjoyable. The materials were very well covered within the confines of the CEH exam. This was my primary reference material for the CEH, which I passed. If you DON'T have any previous networking and INFOSEC experience, I would recommend additional study elsewhere.

Overall a good source to use to study for the CEH exam. THe book does not includes some of the information you need to know on bluetooth and voip attacks but this info can easily be found by making google your friend. Much better then most of the official CEH books.

Let me start by saying that the book is not bad. It is also not super great.
For my exam prep I used this book, the CareerAcademy.com CEH prep (6 CBT DVDs), and a collection of 400+ real exam questions from one of those sites that offer real exam questions.

By FAR, the latter was the most important one for passing the exam and you have to get it.
The 6 CBT DVDs with the South African instructor (forgot his name) were useless and I won't recommend them to my enemies.

The book is good at giving you the basic concepts. So if you never heard of a buffer overflow, the book will explain it.

However, that WILL NOT help you answer a question about buffer overflows in the exam, because the exam is far more technical.
You literally get shown a piece of code, and are asked where in it the buffer overflow occurs, so it's not just the concept that matters, but also reading code and understanding which function(s) are affected by buffer overflows.

Buy the book. Read the book. However, don't make it your only source of prep for the exam.

Certified Ethical Hacker Study Guide covers all exam objectives for CEHv6, includes real-world scenarios and exercises, and pairs this with exam prep software featuring the entire book in pdf and electronic flashcards. The result is a powerful pick for any studying for the CEHv6 who wants a clear do-it-yourself home classroom in a book. Highly recommended!

This book is a fair and excellent book because is concise, straight and well done technical reference. All its information is usefull for the CEH exam and I've passed in my CEH exam using the Kimberly book.Today I'm an CEH and CEI (Certified EC-Council Instructor) and I can say that this book help me so much.

Even now that CEH exam changed (v.7) the information contained here is still updated.

I suggest another book (Gray Hat Hacking) to help the candidate passing in the CEH exam because it provides an another approach and point of view of the concepts.

Definitely, Kimberly book is great.

This is a super book! It nicely rounds out required topics for the latest EC-Council exam! It's also a very nice complement to the Review Guide. I highly recommend this book to all who are embarking down the CEH path and need further insight into the diverse topics that candidates must master.

The book was in exactly the same shape and condition as it was advertised on Amazon website. I am very happy with the order. Some of my local Security group users are studying for the CEH exam and we have a study group where we review the chapters from this book every week. It's a great book if you want to get into application security testing arena. One thing I would like to see in the next edition of the book is more details on the topic. Right now, the chapters are a bit concise compared to the some other books published on the same topic. Overall, this book is a great addition to resources on Security testing and CEH topic.