 |
CPTS -vs- CEH |
|
| Comparison between Certified Pen Testing Specialist and Certified Ethical Hacker Training Courses |
| |
History of CPTS - Certified Pen Testing Specialist |
| |
- CPTS was developed by Mile2 and its security partners as an
upgrade from the CEH classes previously offered to address the
training needs of IT professionals required in executing the
responsibilities of penetrating, analyzing and auditing the
security of a network, effectively filling the gap for a course
that goes beyond basic hacking techniques.
- CPTS includes intensive hands-on labs and case studies to
validate the participants understanding and hands-on competency.
- CPTS emphasis is on methodology, practices and techniques in
assessing and verifying security vulnerabilities in network,
connectivity, applications, database etc.
|
| |
Undisputed Benchmark
Mile2's famous penetration testing training classes have become the de facto standard for the US Military with dedicated classes being delivered at US Air Force bases as well as US Marines, US Army and National Guard. Mile2 has also taught personnel from the United Nations, NATO, foreign Military and Government personnel and a large number of fortune 100 companies. Traditionally, student participation has also come from a wide spectrum ranging from charities, banking, insurance, health, communications, transport, law enforcement and education to almost any sector imaginable. |
| |
Distinctions |
| |
- CPTS details the differences between a hacker and a
Penetration Tester and the types of procedures followed by the
professional penetration tester in assessing the vulnerabilities
of computer systems.
- Unlike other courses that focus on the ‘how to’ of hacking
(i.e. techniques and tools used by script kiddies to compromise
systems), this course places equal emphasis on the ‘how to’ of
penetration testing.
- CPTS Is designed to develop the candidate’s understanding of
penetration testing methodology and the skills necessary for a
professional to perform penetration testing to verify system
threats and vulnerabilities.
|
| |
Differences |
| |
- The distinctions above illustrate the unique view point of
CPTS which produces professionals that understand hacking, hackers
and penetration testing; not just “script kiddies”.
- Instructors - The CPTS philosophy is to deliver what the
student needs when he or she needs it using the best possible
means. Mile2 employs instructors who eat, sleep and drink
security. They practice what they teach, they perform penetration
tests and work in the hands on arena of security. In contrast, a
CEH delivered by non-Mile2 partners are likely to have an
instructor that can only teach what is in the book because they
are required to maintain"general" training skills in order to
teach a myriad of other topics between each CEH class which may
only be once every two or three months. An important point to
remember is that the additional materials developed by Mile2 when
it was EC-Council’s largest customer are no longer included in the
CEH course materials.
- Courseware - CPTS material is updated continuously and usually
printed the week before class. Security threats change daily and
our courseware is designed to adapt. When a serious vulnerability
manifests, CPTS will cover it. This is one of the biggest
distinctions between the CPTS and CEH as the latter is printed in
bulk.
- Labs - CPTS has in-depth labs designed to make you a better
security professional. The labs are designed to make the students
think on their feet; the IT security business demands this because
most hacking tools do not work the same way every time. Our labs
are designed to make an individual work through those issues faced
in the real world. CEH labs do not offer the same depth of
understanding in real world pen testing.
|
| |
Third Party Verification of CEH Inadequacies
Feb 16 2005 - UK Police Officer questions EC-Council's motivations for CEH Exam Delivery.
April 26 2005 - EC-Council Authorized Training Partner Verifies Inadequacies
Today an EC-Council Authorized Training Center contacted Mile2 to request information about CPTS & CPTE. In addition to training they have a professional services practice that offers Pen Testing. The caller said he had an employee sitting next to him who teaches CEH, and that this instructor stated that "there is hacking, and there is pen-testing". When asked if he believes that CEH is adequate for pen testing, he responded "No". Further, he said if they receive a request for pen testing services, they can't even send their CEH instructor because "it is not pen testing" and that they "have to use a different methodology".
Oct 14 2005 - Today Mile2 was awarded a contract to deliver CPTS & CPTE as dedicated classes for I.T. Staff at a major US Air Force Base. The statement of work included the following quote: |
| |
| "These courses cannot be substituted with a Certified Ethical Hacker (CEH) curriculum." |
| |
| US Air Force Statement of Work 05T0273 Published 09/14/2005 inviting public bids for Penetration Testing Training. Awarded to Mile2 10/14/2005.
One prospective respondent to the solicitation asked the following question on Sept 28 2005:
Q: " Why doesn't Wright-Patterson AFB want a CEH-certified curriculum?"
USAF's response was as follows:
A: "CEH-certified courses tend to focus on teaching the student how to use a
handful of tools that are available on the internet. While this knowledge is
somewhat useful during a penetration test, our goal is to expand on this and
learn how to turn our results into a professional report. Most of our students
know how to use these tools, but need to learn the methodology behind a full
penetration test. This methodology could include identifying protection
opportunities, justifying testing activities and optimizing security controls to
reduce business risk." |
| |
CEH |
CPTS |
“A Certified Ethical Hacker is a skilled
professional who understands and knows how to look for the
weaknesses and vulnerabilities in target systems and uses the
same knowledge and tools as a malicious hacker”
~
www.eccouncil.org |
“CPTS develops and validates the minimum baseline knowledge
and skills in penetration testing required by a professional
to audit and recommend measures against the threats and
vulnerabilities in the operating systems, applications,
network, controls and connectivity of an enterprise-wide
heterogeneous network.”~
www.mile2.com |
|
| |
Emphasis |
CEH |
CPTS |
| Hacker techniques and the use of freely available tools to
hackers for exploits. |
Very High |
Mid |
| Technical understanding of why & how an attack takes
place and logic behind the use of the tools for
verification. |
Low-Mid |
Very High |
| Practical competency in using the tools to carry
out the penetration testing responsibilities single
handedly. |
Low |
Very High |
Methodology and the procedures in performing a penetration
test assessment.
|
Mid |
High |
|
| |
| Courseware Content Comparison: |
| |
CPTS KIT |
CEH KIT |
- Student Workbook
- Student Lab Guide
- Penetration Testers Open Source Toolkit
- Two Student DVD's
- Pen
- Notepad
|
- Student Courseware Binder
- Lab Files CD – 2
- Bootable Knoppix
- Notepad
- Pen
- Mouse pad
|
|
| Important Intellectual Property Information: |
| |
- CEH, "Certified Ethical Hacker" and
"EC-Council" are trademarks of EC-Council.
- Mile2 is no-longer an EC-Council ATC and has
chosen to distance itself from the organization for various
reasons.
- Nothing on this page or mile2.com should be
construed to suggest that Mile2 and EC-Council still have an
active or official relationship.
|
| |
