Certified Ethical Hacker Version 9 Study Guide
Buch, Englisch, 656 Seiten, Format (B × H): 235 mm x 189 mm, Gewicht: 1090 g
ISBN: 978-1-119-25224-5
Verlag: John Wiley & Sons Inc
The ultimate preparation guide for the unique CEH exam.
The CEH v9: Certified Ethical Hacker Version 9 Study Guide is your ideal companion for CEH v9 exam preparation. This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material.
The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material.
* Review all CEH v9 topics systematically
* Reinforce critical skills with hands-on exercises
* Learn how concepts apply in real-world scenarios
* Identify key proficiencies prior to the exam
The CEH certification puts you in professional demand, and satisfies the Department of Defense's 8570 Directive for all Information Assurance government positions. Not only is it a highly-regarded credential, but it's also an expensive exam--making the stakes even higher on exam day. The CEH v9: Certified Ethical Hacker Version 9 Study Guide gives you the intense preparation you need to pass with flying colors.
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
Introduction xxi
Assessment Test xxxii
Chapter 1 Introduction to Ethical Hacking 1
Hacking: the Evolution 3
The Early Days of Hacking 3
Current Developments 4
Hacking: Fun or Criminal Activity? 5
The Evolution and Growth of Hacking 7
So, What Is an Ethical Hacker? 9
What Are Your Responsibilities? 9
Code of Conduct and Ethics 11
Ethical Hacking and Penetration Testing 12
Hacking Methodologies 17
Vulnerability Research and Tools 21
What Is Incident Response? 21
Business Continuity Plan 26
Ethics and the Law 33
Summary 34
Exam Essentials 35
Review Questions 36
Chapter 2 System Fundamentals 39
Exploring Network Topologies 40
Working with the Open Systems Interconnection Model 44
Dissecting the TCP/IP Suite 47
IP Subnetting 49
Hexadecimal vs. Binary 49
Exploring TCP/IP Ports 50
Domain Name System 53
Understanding Network Devices 53
Routers and Switches 53
Working with MAC Addresses 55
Proxies and Firewalls 56
Intrusion Prevention and Intrusion Detection Systems 57
Network Security 58
Knowing Operating Systems 60
Microsoft Windows 60
Mac OS 61
Android 62
Linux 62
Backups and Archiving 63
Summary 64
Exam Essentials 65
Review Questions 66
Chapter 3 Cryptography 71
Cryptography: Early Applications and Examples 73
History of Cryptography 73
Tracing the Evolution 75
Cryptography in Action 76
So How Does It Work? 77
Symmetric Cryptography 77
Asymmetric, or Public Key, Cryptography 80
Understanding Hashing 86
Issues with Cryptography 88
Applications of Cryptography 89
IPsec 90
Pretty Good Privacy 92
Secure Sockets Layer 93
Summary 94
Exam Essentials 94
Review Questions 95
Chapter 4 Footprinting 99
Understanding the Steps of Ethical Hacking 100
Phase 1: Footprinting 100
Phase 2: Scanning 101
Phase 3: Enumeration 101
Phase 4: System Hacking 102
What Is Footprinting? 102
Why Perform Footprinting? 103
Goals of the Footprinting Process 103
Terminology in Footprinting 106
Open Source and Passive Information Gathering 106
Passive Information Gathering 106
Pseudonymous Footprinting 106
Internet Footprinting 107
Threats Introduced by Footprinting 107
The Footprinting Process 108
Using Search Engines 108
Google Hacking 108
Public and Restricted Websites 111
Location and Geography 112
Social Networking and Information Gathering 113
Financial Services and Information Gathering 116
The Value of Job Sites 116
Working with Email 117
Competitive Analysis 118
Gaining Network Information 119
Social Engineering: the Art of Hacking Humans 120
Summary 121
Exam Essentials 121
Review Questions 123
Chapter 5 Scanning 127
What Is Scanning? 128
Types of Scans 129
Checking for Live Systems 130
Wardialing 131
Using Ping 133
Hping3: the Heavy Artillery 134
Checking the Status of Ports 135
The Family Tree of Scans 138
Full-Open Scan 138
Stealth or Half-Open Scan 138
Xmas Tree Scan 139
FIN Scan 140
NULL Scan 141
Idle Scanning 142
ACK Scanning 143
UDP Scanning 144
OS Fingerprinting 145
Active Fingerprinting with Nmap 146
Passive Fingerprinting an OS 147
Banner Grabbing 149
Countermeasures 151
Vulnerability Scanning 151
Mapping the Network 152
Using Proxies 153
Setting a Web Browser to Use a Proxy 154
Summary 155
Exam Essentials 155
Review Questions 156
Chapter 6 Enumeration 159
A Quick Review 160
Footprinting 160
Scanning 161
What Is Enumeration? 161
About Windows Enumeration 163
Users 163
Groups 164
Security Identifiers 166
Linux Basic 168
Users 168
Services and Ports of Interest 169
Commonly Exploited Services 170
NULL Sessions 173
SuperScan 174
DNS Zone Transfers 174
The PsTools Suite 177
Using finger 178
Enumeration with SNMP 178
Management Information Base 179
SNScan 180
Unix and Linux Enumeration 180
finger 180
rpcinfo 181
showmount 181
enum4linux 181
LDAP and Directory Service Enumeration 182
JXplorer 183
Preventing LDAP Enumeration 183
Enumeration Using NTP 184
SMTP Enumeration 184
Using VRFY 185
Using EXPN 185
Using RCPT TO 186
SMTP Relay 186
Summary 187
Exam Essentials 187
Review Questions 189
Chapter 7 System Hacking 193
Up to This Point 194
Footprinting 194
Scanning 195
Enumeration 195
System Hacking 196
Password Cracking 196
Authentication on Microsoft Platforms 209
Executing Applications 213
Covering Your Tracks 215
Summary 217
Exam Essentials 218
Review Questions 219
Chapter 8 Malware 223
Malware 224
Malware and the Law 226
Categories of Malware 227
Viruses 228
Worms 234
Spyware 236
Adware 237
Scareware 237
Ransomware 238
Trojans 238
Overt and Covert Channels 247
Summary 249
Exam Essentials 250
Review Questions 251
Chapter 9 Sniffers 255
Understanding Sniffers 256
Using a Sniffer 259
Sniffing Tools 259
Wireshark 260
Tcpdump 264
Reading Sniffer Output 266
Switched Network Sniffing 270
MAC Flooding 270
ARP Poisoning 271
MAC Spoofing 272
Port Mirror or SPAN Port 272
On the Defensive 273
Mitigating MAC Flooding 274
Detecting Sniffing Attacks 275
Summary 275
Exam Essentials 276
Review Questions 277
Chapter 10 Social Engineering 281
What Is Social Engineering? 282
Why Does Social Engineering Work? 283
The Power of Social Engineering 284
Social-Engineering Phases 285
What Is the Impact of Social Engineering? 285
Common Targets of Social Engineering 286
Social Networking to Gather Information? 287
Networking 289
Countermeasures for Social Networking 291
Commonly Employed Threats 293
Identity Theft 296
Protective Measures 297
Know What Information Is Available 298
Summary 298
Exam Essentials 299
Review Questions 300
Chapter 11 Denial of Service 305
Understanding DoS 306
DoS Targets 308
Types of Attacks 308
Buffer Overflow 314
Understanding DDoS 317
DDoS Attacks 318
DoS Tools 319
DDoS Tools 320
DoS Defensive Strategies 323
Botnet-Specific Defenses 323
DoS Pen-Testing Considerations 324
Summary 324
Exam Essentials 324
Review Questions 326
Chapter 12 Session Hijacking 331
Understanding Session Hijacking 332
Spoofing vs. Hijacking 334
Active and Passive Attacks 335
Session Hijacking and Web Apps 336
Types of Application-Level Session Hijacking 337
A Few Key Concepts 341
Network Session Hijacking 344
Exploring Defensive Strategies 352
Summary 353
Exam Essentials 353
Review Questions 355
Chapter 13 Web Servers and Applications 359
Exploring the Client?]Server Relationship 360
Looking Closely at Web Servers 361
Web Applications 363
The Client and the Server 364
A Look at the Cloud 365
Closer Inspection of a Web Application 366
Vulnerabilities of Web Servers and Applications 369
Common Flaws and Attack Methods 375
Testing Web Applications 383
Summary 384
Exam Essentials 384
Review Questions 385
Chapter 14 SQL Injection 389
Introducing SQL Injection 390
Results of SQL Injection 392
The Anatomy of a Web Application 393
Databases and Their Vulnerabilities 394
Anatomy of a SQL Injection Attack 396
Altering Data with a SQL Injection Attack 399
Injecting Blind 401
Information Gathering 402
Evading Detection Mechanisms 403
SQL Injection Countermeasures 404
Summary 405
Exam Essentials 405
Review Questions 406
Chapter 15 Hacking Wi?]Fi and Bluetooth 409
What Is a Wireless Network? 410
Wi?]Fi: an Overview 410
The Fine Print 411
Wireless Vocabulary 414
A Close Examination of Threats 425
Ways to Locate Wireless Networks 429
Choosing the Right Wireless Card 430
Hacking Bluetooth 431
Summary 433
Exam Essentials 434
Review Questions 435
Chapter 16 Mobile Device Security 439
Mobile OS Models and Architectures 440
Goals of Mobile Security 441
Device Security Models 442
Google Android OS 443
Apple iOS 446
Common Problems with Mobile Devices 447
Penetration Testing Mobile Devices 449
Penetration Testing Using Android 450
Countermeasures 454
Summary 455
Exam Essentials 456
Review Questions 457
Chapter 17 Evasion 461
Honeypots, IDSs, and Firewalls 462
The Role of Intrusion Detection Systems 462
Firewalls 467
What's That Firewall Running? 470
Honeypots 473
Run Silent, Run Deep: Evasion Techniques 475
Evading Firewalls 477
Summary 480
Exam Essentials 481
Review Questions 482
Chapter 18 Cloud Technologies and Security 485
What Is the Cloud? 486
Types of Cloud Solutions 487
Forms of Cloud Services 488
Threats to Cloud Security 489
Cloud Computing Attacks 491
Controls for Cloud Security 494
Testing Security in the Cloud 495
Summary 496
Exam Essentials 497
Review Questions 498
Chapter 19 Physical Security 501
Introducing Physical Security 502
Simple Controls 503
Dealing with Mobile Device Issues 505
Data Storage Security 506
Securing the Physical Area 510
Entryways 517
Server Rooms and Networks 518
Other Items to Consider 519
Education and Awareness 519
Defense in Depth 519
Summary 520
Exam Essentials 521
Review Questions 522
Appendix A Answers to Review Questions 525
Chapter 1: Introduction to Ethical Hacking 526
Chapter 2: System Fundamentals 527
Chapter 3: Cryptography 528
Chapter 4: Footprinting 529
Chapter 5: Scanning 530
Chapter 6: Enumeration 532
Chapter 7: System Hacking 532
Chapter 8: Malware 533
Chapter 9: Sniffers 534
Chapter 10: Social Engineering 536
Chapter 11: Denial of Service 537
Chapter 12: Session Hijacking 539
Chapter 13: Web Servers and Applications 540
Chapter 14: SQL Injection 541
Chapter 15: Hacking Wi-Fi and Bluetooth 542
Chapter 16: Mobile Device Security 544
Chapter 17: Evasion 544
Chapter 18: Cloud Technologies and Security 546
Chapter 19: Physical Security 547
Appendix B Penetration Testing Frameworks 549
Overview of Alternative Methods 550
Penetration Testing Execution Standard 552
Working with PTES 553
Pre-Engagement Interactions 553
Contents of a Contract 555
Gaining Permission 556
Intelligence Gathering 557
Threat Modeling 558
Vulnerability Analysis 559
Exploitation 560
Post-Exploitation 560
Reporting 562
Mopping Up 563
Summary 563
Appendix C Building a Lab 565
Why Build a Lab? 566
The Build Process 566
What You Will Need 567
Creating a Test Setup 568
Virtualization Software Options 569
The Installation Process 569
Installing a Virtualized Operating System 570
Installing Tools 570
Summary 574
Index 575
