تقنية معلومات أو أمن معلومات

[C|EH]

يا اخ كلرك لا توجد وظيفة تسمى هاكر

من قالك هذا الكلام ؟ هناك وظيفة بهذا الاسم ،، بل تجد اعلانات في الجرائد يطلبون شخص عنده C|EH لوظيفة كذا وكذا ،،

نزل اعلان عندنا بتوفر 20 وظيفة لحامليين C|EH في وزارة العدل ،،

اذهب الى موقع www.monster.com وهو اشهر موقع توظيف في امريكا ، واكتب Hacker او WhiteHat وشوف الوظائف المطلوبة ،،

انا مثل ما قلت لك ، لا تقيس الامور على البلد اللي انت عايش فيها ،،

[ameer_s]

تسلم CEH على المعلومات

[ameer_s]

وهذا نظام كل شركات العالم ما عدى مصر اللي تخلي الموظف يشتغل كل حاجة ، حتى يصير مراسل مرات

الفكرة انة الموضوع عرض وطلب

انا لو صاحب شركة وبختار الموظفين هافضل انة يكون ملم باكتر من حاجة احتياطي لو موظف سافر يحل مكانة او او مثلا انة استفيد منة بكل استفادة ممكنة

اغلبية اصحاب الشركات هنا بيفكرو بالمنطق دة

انا بعطلية مرتب يبقة امص دمة كمان

وطبعا دي نظرية غلط

المفروض انة تريح الموظف عشان يقدر ينتج صح ويشتغل صح

بس دة راجع لكثر الاعداد الطالبة للوظيفة مقابل انخفاض عدد الوظائف الشاغرة

تخيل لو كان العكس

كان انقلبت الآية

[Nightspy]

الظاهر اني معرفتش اوصل المعلومه كويس
انا كنت بحاول اساعد مش اكتر

انت زعلت لية ياعم انا بهظر ولا اقصد حاجة


انا شغال في مجال ال Computer Forensic
حقيقة فعلا انا لا اعلم شئ عن هذا المصطلح لو تعطى نبذة


يعني واحد مخلص MCSE يروح لسيسكو ؟ اصلا MCSE تحتاج على الاقل 3 سنين تشتغل فيها Network admin علشان تعرف تطبق اللي تدرسة وتكون جيد به ،،

طيب لو واحد اتقن هذا المجال تماما اليس من الافضل ان يتجه بعد ذلك الى مجال اخر ؟

في مصر مثلا ،، ممكن تلاقي مهندس كمبيوتر وعندة شهادات الدنيا ،، ومش لاقي وظيفة ، ولآخر شيء يشتغل مدرس في معهد ،، براتب 800 جنية فقط ،،

وهى فين ال800 جنية ؟؟؟؟ من غير حلفان انا صحيح لسة لم انهى الجامعة لاكن لو انا اشتغلت من اول الان ب800 ممكن اخد للCCIE فى اواخر 2011 لاكن للاسف مثل مانت قلت استغلال ونسيت كلمة الواسطة

اما بالنسبة لموضوع اشتغل كل حاجة

يا استاذى الفاضل انا عايش فى مصر وسوق العمل فى مصر هو بوابتى نحو الوظائف فى انحاء العالم فلازم ابداء فى هذا السوق حتى استطيع ان انتقل الى مستوى اعلى اذا فمن المعقول ان اكون على استعداد على تلبية متطلبات هذا السوق

على العموم انا لن استبق الاحداث ممكن فعلا ربنا يرزق الواحد بشغلانه ذات تخصص واحد فقط لان فعلا اتكلمت مع ناس قبل ذلك ويعملون فى حقل الشبكات فى مصر ومقسمين الشبكة الى اقسام قسم لسيسكو وقسم لمايكروسوفت وهكذا الله يرزق

[clerck]

مرحبا ،، كمان ذكرت في السابق ،، يجب عليك ان تحدد هدفك اولا وماهي الوظيفة التي تتطلع اليها او الارتقا ء الوظيفي اللي تريده في عملك ،، هذا يكون هدفك ،،

بارك الله فيك ابو يوسف
بس انا بعد المشاركه دي انا بدأ اتغلبط تاني بعد مكنت فاكر اني خلاص عرفت اناماشي ازاي
انا هدفي _المجال ال هكمل فيه _Security Analysis

يعني واحد مخلص MCSE يروح لسيسكو ؟ اصلا MCSE تحتاج على الاقل 3 سنين تشتغل فيها Network admin علشان تعرف تطبق اللي تدرسة وتكون جيد به ،،

طب انا مبدأتش بmcseانا بدأت بccnaده كده انا بدأت غلط
علي فكره انا سألت ناس هنا في المنتدي وقالولي ان كده صح وبدايه كويسه

هذا من التخبط والعشوائية ،، يجب ان تحدد مسارك
حبيبي هذا منتجات مختلفة كليا عن بعض ،، لازم الواحد يعرف ماذا يفعل وماذا يدرس ،،

الجملتين دول فعلا لغبطوني وحسيت بالقلق وبالذات -ماذا يدرس-

[clerck]

الظاهر اني معرفتش اوصل المعلومه كويس
انا كنت بحاول اساعد مش اكتر

انت زعلت لية ياعم انا بهظر ولا اقصد حاجة

انا مزعلتش انا كنت بحاول ارد عليك وبعد لقيتك زعلت اني رديت عليك
انا مش زعلان منك ياعم الحج المهم انت تكون عرفت ال انت عايزه
ربنا يوفقق ياحمد وتشتغل 10000$:D:D:D

[one-zero]

انا شغال في مجال ال Computer Forensic
حقيقة فعلا انا لا اعلم شئ عن هذا المصطلح لو تعطى نبذة

https://www.eccouncil.org/chfi.htm

[Nightspy]

انا مزعلتش انا كنت بحاول ارد عليك وبعد لقيتك زعلت اني رديت عليك
انا مش زعلان منك ياعم الحج المهم انت تكون عرفت ال انت عايزه
ربنا يوفقق ياحمد وتشتغل 10000$

انا عارف الى حد ما انا عايز اية لاكن لا يوجد مانع من فهم عقلية المحترفين امثال اخونا ابو يوسف
وانت ان شاء الله هتشتغل 20000$ يارب

--------------------------------------------------------------------------------

اقتباس:
انا شغال في مجال ال Computer Forensic
حقيقة فعلا انا لا اعلم شئ عن هذا المصطلح لو تعطى نبذة

https://www.eccouncil.org/chfi.htm

جزاك الله اخيرا يا استاذنا

لاكن حقيقة لا اظن انها ستكون بداية موفقة اذا اهتم احد بهذا المجال دون العمل فى مجال الشبكات قبل ذلك طبعا انا بتكلم على مصر طبعا

[ahmedhalo]

ربنا يوفقك يا مشرفنا العزيز CEH ويكرمك وانت تستاهل كل خير ومجتهد ومحترم جدا ومحب للخير واشكرك جزيل الشكر على المعلومات القيمه جدا جدا دي ويارب ربنا يدينا طولت العمر ونشوفك حاجة كبيرة ان شاء الله والله حاجة تشرف وتفرح لما نلاقي ناس زيك ولومارك وitiraq والناس الي بتشرح زي وبووو ومستر ياسر بتدونا دفعة قويه للاجتهاد والطموح بغض النظر عن اي ظروف وربنا يوفق الجميع يا رب

[tarabed]

اخوي CEH الللللللللللللللللللله و الله صوره مكتبك ابهرتني و كلامك و الله درر يا اخي اعطيني انا و الله جدا حاب مساء وايت هاكر يا اخي انا جدا متحمس ارجو ان تعطينا الخطه الله تتكلم عنها و شكرا جدا الك .

[one-zero]

A Guide To Information Security Certifications

Difficulty - How hard the test itself is, i.e. study-time neeeded, etc. Who - Who should be looking at this as an option. Respect - Technical respect rating within the infosec-geek community. Renown - How well-know the certificate is throughout the industry. Requirements - What’s needed to get the cert, i.e. project, exam, etc. Cost: - What it’ll cost you (or your company) to sit for the exam. Pros - Positive comments about the certification. Cons - Downsides to the certification. Comments - My own input about the credential. *Note: Numbers are on a scale from 1-10 (10 being the highest)

------------------------------------------------------------------------------------------------------------

Security+ Sponsor: CompTIA Difficulty: 1 Respectability: 2 Renown: 4 Requirements: Single Exam, +-100 Questions Cost: $225 USD (discounts available online) Who: This certification is for people just getting into the field. If you don’t have any other certifications, and your experience/skills are still developing, this is the certification for you. Pros: It’s a fairly easy cert to get and I understand it’s getting a decent amount of recognition within federal organizations. It’s also a fair, solid test that asks decent questions rather than a bunch of fluff. Cons: It’s entry-level and thus not strong as a standalone bargaining chip.

SSCP (Systems Security Certified Practitioner) Sponsor: ISC2 Difficulty: 4 Respectability: 4 Renown: 2 Requirements: Single Exam, 125 Questions Cost: $350 USD Who: The SSCP is for serious, dedicated information security professionals who are not quite ready to take the CISSP exam. Only one (1) year of experience is required for this exam vs. 3-4 (depending on if you have your degree) for the CISSP. Pros: The SSCP is administered in a very professional fashion, just like the CISSP, and it thus carries some degree of the respect that goes along with that credential. It’s also from ISC2 just like the CISSP, so that helps it as well. Cons: Unfortunately, the certification that hurts the SSCP the most is in fact its older brother — the CISSP. If you check the job boards, precious few jobs ask for the SSCP. The reasoning there is that the experience requirement for the CISSP is much of what makes it so respectable. To take that away and ask half the number of questions diminishes the SSCP to a significant degree. Comments: If you can’t show the 3-4 years experience required for the CISSP, and someone else is paying, I’d say go for the SSCP. If nothing else, it will help prepare you for the CISSP that will surely be in your future. That being said, if you want to get a truly valuable credential that doesn’t require the experience, opt for the GSEC (covered below).

CISSP (Certified Information Systems Security Professional) Sponsor: ISC2 Difficulty: 5 Respectability: 5 Renown: 10 Requirements: Single Exam, 250 Questions Cost: $500 USD Who: The CISSP is for serious, dedicated information security professionals who intend to stay in the field and grow. It says to employers that you are serious about your career and are familiar with the core basics of 10 seperate areas within the field. Pros: The CISSP is without a doubt the king of certifications right now. It’s the first infosec cert to recieve ISO recognition — a great acheivment not only for the certification itself, but also for the field as a whole. It commands a great deal of respect in many IT circles, and this can be clearly seen via job search results. It can help your chances greatly of getting high-paying jobs, and is an excellent addition to any resume. If you are only going to get one infosec cert, it should be the CISSP. Cons: While the CISSP is undoubtedly the king of information security certifications, it suffers from being thought of as something it isn’t. Many view it as proof that someone is an expert in the field, and that couldn’t be farther from the truth. ISC2 has explicitly stated in the past that the test is designed to test a broad base of general knowledge, not to certify someone as a master of their field. Despite the rumors of impossibility, the exam also supports over a 70% first-time pass rate. Comments: The CISSP is a great exam because it is not easy to take (experience in the field is required ), and once you are able to take it, it’s administered in a professional, controlled environment. What people fail to realize is that it’s for high-level security professionals such as managers. Obviously, anyone can go for it, but it’s not designed to test technical skills or the ability to actually perform in the trenches of an infosec environment. It’s a broad overview, basically — a test designed to ensure that you are familiar with some concepts. It’s when people lose sight of this that the confusion starts. As for the difficulty factor, I started studying for mine on a Monday and passed the exam on that Saturday — that’s with zero previous exposure to the CISSP study material. A buddy of mine just got his as well, and his study consisted of around 2 weeks of passively glancing at the material while leveling his WoW character. Again, that’s not to say it’s not an excellent cert, it’s just that the difficulty should not be overestimated.

GSEC (General Security Essentials Certification) Sponsor: SANS Difficulty: 7 Respectability: 7 Renown: 5 Requirements: Research Paper, Two 100-Question Exams Cost: $800 USD (Cost of exam without training) Who: The GSEC is for highly-technical, serious information security professionals who actively work with infosec technology on a day to day basis. Those who are looking to show considerable technical knowledge over a large number of infosec subjects would be well-served by attaining this credential. Pros: The SANS organization is universally recognized as a top-notch infosec organization. Any certification from them commands a decent degree of respect. Cons: The CISSP currently owns the majority of the spotlight in this arena. Few employers are aware of the GSEC, and even if they are they view the CISSP as just as valuable. Comments: The GSEC does not show expertise in a given subject; it shows that the cert-holder is technically-oriented and has a wide base of infosec knowledge. No certs at this level demonstrate true mastery. One particular thing to note with this exam vs. the CISSP is that the actual exam portions are taken from home and open-book, meaning you can use anything you want during the exams. Critics rave that this makes the exam less respectable than the CISSP since the CISSP is taken under supervision and no study materials may be used. I argue that precisely the opposite is true. Infosec professionals are not databases. We don’t pride ourselves in not having to consult external resources when solving problems; in fact, we do it constantly. To imply that an exam that tests your ability to solve problems in precisely this fashion is somehow less respectable is, in my view, a grave mistake. The GSEC exam structure represents the real world — you’re faced with a difficult problem, you find the answer and solve it. You don’t see consultants losing contracts because they had to Google for solutions that saved their clients money. Ultimately this debate comes down to an old argument: hands-on vs. academic. When evaluating someone that’s supposed to have the actual know-how to solve infosec problems in the real world, there’s no doubt in my mind that the average manager is going to prefer the former.

GCFW, GCIA, GCUX, GCIH Sponsor: SANS Difficulty: 8-9 Respectability: 8-9 Renown: 4 Requirements: Research Paper, One Or More Exams Cost: $800 USD (Cost of exam without training) Who: These various SANS certs are the mid-level offerings from the organization. They are more indepth and difficult than the GSEC, and they focus on one area specifically. GCFW is for firewalls and VPNs. GCIA is for IDS/IPS, GCUX is for Unix security, and GCIH is for incident handling. These are just a few of those that are offered, and these are geared towards veteran infosec professionals who have already specialized into an area. If you fit this bill, I’d say that pursuing one of these certifications would be ideal. Pros: The SANS organization is universally recognized as a top-notch infosec organization. Any certification from them commands a decent degree of respect, and these specialized certs say to an employer or client that you are truly profficient at what you do. Cons: There are very few holders of these more advanced certifications, and as such many employers may ask questions like, “Is that like a CISSP? Is that the same as a GSEC?” The good news is that it should be fairly easy to explain the situation to them. Comments: These certifications do show some degree of mastery of a subject. It doesn’t mean that everyone with one is great, or that those who don’t have it aren’t. It does mean, however, that the odds of someone with one of these certifications being a good fit for a job in that area are extremely high. Think of these as more difficult, more focused GSECs.

CISA (Certified Information Systems Auditor) Sponsor: ISACA Difficulty: 5-6 ? Respectability: 6 Renown: 8 Requirements: Single Exam Who: The CISA credential is ideal for anyone already doing, or looking at getting into information security auditing. Pros: The credential is highly recognized and sports even more hits than the CISSP in monster.com and other job searches. It’s highly sought after due to the onslaught of regulation hitting the infosec industry as a whole. Cons: Again, many jobs that request CISA also will take a CISSP. Certain jobs ask for CISA specifically, but most are just looking for this “class” of cert, and will accept a CISSP in its place. Comments: This area (auditing) is growing like mad. Due to SOX and other new legislation, this will do nothing but continue to accelerate. Adding a CISA to your resume is definitely a good move.

GSE (GIAC Security Expert) Sponsor: SANS Difficulty: 10 Respectability: 10 Renown: 3 Requirements: You must currently have five (5) GIAC certs (one of which must be with honors), and then pass the GSE exam. Who: The GSE is something to be pursued by those who have literally mastered a number of areas within information security, and have superior talent. Pros: If you encounter anyone who knows what all the exam involves, you’ll earn some instant respect. Cons: You aren’t likely to find any of those people. Comments: The GSE credential is the final destination for anyone pursuing certification with information security. It’s a goal in and of itself to me since I don’t see someone with the skills to attain it hurting for a job or having trouble getting raises.


Let me try and break it down the way I see it. If you are just getting into security and you don’t have much experience with networking and such, get a job where you can work with computers and start pursuing your CCNA. Study, practice, learn everything you can pertaining to operating systems, networking, and security. Once you feel your skills are fairly strong in the security realm, start studying for and take the Security+ exam.

If you have been in networking and/or security for a while now (4 years or so), and you feel your skills are pretty strong, you should be looking at the CISSP. Ignore people who say it’s too easy or that it doesn’t mean much — it doesn’t matter. The fact of the matter is that it’s more beneficial to have a CISSP right now than any other cert in its class.

After getting your CISSP, and if you’re a technical person, I suggest you look at the GSEC. It’s the perfect compliment to the CISSP. The CISSP covers the 10 domains from a manager/birds-eye view, and the GSEC gets down to some technical detail within the same areas of study — policy, encryption, etc.

Another option once you have your CISSP is to go for the CISA instead. If you’re more of a manager anyway, and/or looking to head that way, then it may not be necessary to show technical prowess. If that’s the case then opt for the CISA instead of the GSEC. The certification is absolutely on fire right now, and the odds are good that with a solid resume and a CISSP/CISA combination you could command around $90K/U.S. fairly easily.

If you have been in infosec for a long time, i.e. 5-10 years or more, and you are a geek at the core, start knocking down SANS certs being aware of the fact that you need honors for one of the 5 that are required for the GSE. To me, the GSE is a major accomplishment in its own right, and I don’t really see it being a money-maker. In my view, anyone who can get a GSE already pulls a healthy check anyway.

[C|EH]

الاخ ياسر شكرا على المشاركة ،،

مثل ما قلت بالسابق ، اولا تحدد هدفك اللي تريدة ، ثم تقوم بالدراسة لتصل لهذا الهدف ،، والهدف هو الدراسة والفهم وليس الشهادة ، الشهادة مجرد ترتيب دراسي ،،

الشهادات السابقة لكل واحدة منها منهج مستقل ، كل واحدة منها تستهدف شريحة معينة من الموظفيين ،، اغلب الشهادات اللي فوق تستهدف مدراء في الشركات ،،

مثل شهادة CISSP هذه في information security لا تتتوقع من شخص حاصل عليها ، انه يعرف يعمل هاك او يمسك فايرول او يكسر تشفير ،،

شهادة CISA تتجة للاشخاص الذين يكون هدفهم هو التدقيق في المؤسسة من حيث إدارة الشبكة و إدارة القدرة وادارة الجودة المعمول بها وادارة المشاكل ،، دراسة التهديدات التي تتعرض لها المؤسسة ، وعمل استراتيجية لمنع وقوع هذه التهديدات ، وعمل تقرار عن مجريات العمل ، ادارة مشاريع الشركة والتدقيق عليها ،،
معرفة خطة الحماية للشركة وهيكلتها ،،

وليست وظيفته حماية اجهزة الشركة وشبكتها ،، يعني شغله شغل اداري فقط ،،

نحن هنا نريد نعرف العلم الصحيح ، الموضوع يتكم عن منهج للمحققين في جرائم الكمبويتر ،، نتكلم هنا عن ناس 99% من عملهم هو قائم على الخبرة العملية والفهم العميق واستخراج الادلة ، والتعامل الذكي مع الاجهزة الذكية ،، وكيفية دراسة سلوك هؤلءا المتهمين وإدانتهم ،،

90% من مدراء الشركات وحتى الامنية منها ، يكونون مجرد اهل علم بالادارة وليس عندهم وقت اصلا لهذه الامور الفنية بل تغيب عنهم كثير من تطورات التكنلوجيا بسبب انشغالهم في امور الادارة ،،

[adam black ice]

- شكرا على الملاحظه C|EH هذه المره الكام لكلمة مهاطرات ؟ ...

ملاحظه اود ان اشارك بها ان فى مجال امن المعلومات لا يجب ان ننسى الشهادات الخاصه بل pen test وهى قويه جدا ومفيده مثل ال CEH ولى تعليق بسيط على ال CEH فهى شهادة ليست قويه ميه فلميه بهاكنج ولكنها كبدايه تعتبر قويه جدا ولن تجد شهاده تعطيك اساسيات علم الهاكنج مثلها وبهذا التوسع . بعد هذا هناك شهاده مركزه اكثر مثل ال LPT وهذه الشهاده احترمها جدا حيث انها مركزه وتركز على عنواين معينه وفى الشهور الاخير قامت ec-council بدمجها مع شهادة ال ECSA المعروفه فى الانالسز للسيكيورتى .. ويوجد ايضا شهاده قويه فى ال pen test اسمها CPTS وفى هذا اللينك معلومات عن تلك الشهاده ..

https://www.mile2.com/Certified_Pene...list_CPTS.html

[tarabed]

اخواني من ناحيه تيكنيكالما الشهاده القويه في تعليم الهاكنج و السييوريتي بعد ceh ممكن تعطونا نصائح

[adam black ice]

اخى الكريم لا احد ينكر ان ال CEH من افضل الشهادات ولكن هناك شهاده مثلا مثل ال OSCP قويه ايضا ولكنها مرتبطه تماما بتوزيعة الباك تراك .. وهناك ايضا اشياء غير مرتبطه بشهادات معينه مثل كتب ال hacking exposed فهى كتب قويه فعلا .. على العموم يا اخى بكل بساطه الموضوع هو ان تكون بدرايه ب concepts الهاكنج عموما ثم بعد ذلك تعرف كيفية استخدام التول وكيفيه عمل الattack بها وتكون دائما updated بل new vulnerabilities