I promised a review of the EC-Council Ethical Hacking and Countermeasures iClass two weeks ago, so here it is folks!

Let me start with how the class is structured. The iClass is an online class that uses the Elluminate eLearning platform. The class runs from 8AM MST (10AM EST) – 4PM MST (6PM EST). From 8AM – 2PM is lecture and from 2PM-4PM is hands on labs using two virtual machines hosted by EC-Council.

My instructor for the class was a security professional with over a decade of industry experience. To put it simply, he knew his stuff and he did a wonderful job of communicating the concepts to the students. I really liked how he made the concepts more understandable by linking them to real life scenarios he has encountered during his career. Surprisingly he was able to keep the five hours of lecture interesting and made sure he was available to answer questions on the lab even after hours. There is nothing negative to say about him, he was stupendous.

The class comes with five books. Four books are used to accompany the lectures and the fifth book consists of labs. There were a number of mistakes in the books had been there for many editions according to the structure. The lab book was especially bad, it was almost like the printing company did not have the capability of printing the number of seven, because close to every module had two lab eights an no lab sevens. The content of the books really has no use outside of the class due to how much it relies on the slides that the instructor explained during the lectures.

I found some of the labs useful, but there were a number of labs where you were required to use five or six tools that did the same exact thing. Many of the tools were dated and would not run on my personal Windows 7 VM. EC-Council needs to cut out about half the labs and put more focus on nmap and Wireshark. Demonstrating some of the Linux tools would have been nice as well to help reinforce the concepts.

I did not care for the Elluminate eLearning platform. The instructor’s screen locked up at least four or five times a class forcing him to log out and log back into the software. This resulted in wasted class time. Hopefully EC-Council will see the light and switch to a more stable eLearning platform.

Prior to the class I was reading CEH Certified Ethical Hacker Study Guide by Kimberly Graves. I would recommend you do the same if you plan on taking the class. Having a basic understanding of the concepts is key to dealing with the speedy pace of the course.

To sum it up, the course is worth the time if you have the $2,700 to spend. However, I don’t believe the course is necessary to pass the exam. The Sybex book and some hands-on self-study would be sufficient. I took the course primarily to meet my CPE requirements for the CCE and EnCE. I’m still unsure as to whether I’ll take the exam, I’m simply not sold on the usefulness of the C|EH.

Lately it seems consumers are being barraged with commercials and advertisements for cloud services. “Send it to the cloud” is Microsoft’s latest catch phrase, but the consumer needs to stop and question exactly where he or she is sending that data and who is going to be maintaining it. There were recently two very high profile cases involving cloud services in the form of Google’s GMail and Yahoo’s Flickr. Here are two of the largest tech companies “accidentally” deleting the data consumers have trusted them to hold.

The Flickr scenario is mystifying. Why does a service with as large of a user base as Flickr have a system where a single employee has the power to permanently delete a user’s data? Shouldn’t there be some type of approval for the deletion of accounts by more than a single person? Why hasn’t Flickr instituted some type of temporary hold to maintain deleted data for a certain period of time? Aren’t these basic things that one would expect a company of Yahoo’s size to think of? These are the type of things that worry me when it comes to cloud services (not to mention having no idea where my data is held and who has access to it, but that is a post for another day).

Google’s situation is a bit more frightening. In this day and age email is arguably the most important form of communication and Google continues to advertise that your email is safe on Google’s servers, even safer than if it was saved on your home computer or your corporate network. Google will argue that its vast resources will allow for more efficient backup systems to maintain availability, and that confidentiality and integrity is better maintained due to Google’s superior security systems and personnel. With all this talk of how much more efficient Google’s service is than the traditional in-house mail server, 39,000 users logged in to find their mailboxes empty and years worth of email vanished. Google is currently working to recover the email, but the damage has been done.

The above scenarios are exactly what companies providing cloud services will need to overcome in order to convince the IT world to trust in the services they provide. Losing data in the age of cheap and available backup solutions is inexcusable for even a small IT shop, let alone companies the size of Yahoo and Google. Let’s hope that there are some lessons learned and internal procedures changed. Until then, I plan on keeping a backup of my Gmail and Flickr accounts local.