SKIP THE SHIPPING
Use code NOSHIP during checkout to save 40% on eligible eBooks, now through January 5. Shop now.
Register your product to gain access to bonus material or receive a coupon.
This EPUB will be accessible from your Account page after purchase.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
This is the eBook version of the print title. Note that the eBook does not provide access to the practice test software that accompanies the print book.
Learn, prepare, and practice for CEH v8 exam success with this cert guide from Pearson IT Certification, a leader in IT certification learning.
Certified Ethical Hacker (CEH) Cert Guide is a best-of-breed exam study guide. Leading security consultant and certification expert Michael Gregg shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
You'll get a complete test preparation routine organized around proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
This EC-Council authorized study guide helps you master all the topics on the CEH v8 (312-50) exam, including:
Introduction xxiii
Chapter 1 Ethical Hacking Basics 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
Security Fundamentals 6
Goals of Security 7
Risk, Assets, Threats, and Vulnerabilities 8
Defining an Exploit 10
Security Testing 10
No-Knowledge Tests (Black Box) 11
Full-Knowledge Testing (White Box) 11
Partial-Knowledge Testing (Gray Box) 11
Types of Security Tests 12
Hacker and Cracker Descriptions 13
Who Attackers Are 15
Hacker and Cracker History 16
Ethical Hackers 17
Required Skills of an Ethical Hacker 18
Modes of Ethical Hacking 19
Test Plans–Keeping It Legal 21
Test Phases 23
Establishing Goals 24
Getting Approval 25
Ethical Hacking Report 25
Vulnerability Research–Keeping Up with Changes 26
Ethics and Legality 27
Overview of U.S. Federal Laws 28
Compliance Regulations 30
Chapter Summary 31
Exam Preparation Tasks 32
Review All Key Topics 32
Hands-On Labs 32
Lab 1-1 Examining Security Policies 32
Review Questions 33
Define Key Terms 36
View Recommended Resources 36
Chapter 2 The Technical Foundations of Hacking 39
“Do I Know This Already?” Quiz 39
Foundation Topics 42
The Attacker’s Process 42
Performing Reconnaissance and Footprinting 42
Scanning and Enumeration 43
Gaining Access 44
Escalation of Privilege 45
Maintaining Access 45
Covering Tracks and Planting Backdoors 45
The Ethical Hacker’s Process 46
National Institute of Standards and Technology 47
Operational Critical Threat, Asset, and Vulnerability Evaluation 47
Open Source Security Testing Methodology Manual 48
Security and the Stack 48
The OSI Model 48
Anatomy of TCP/IP Protocols 51
The Application Layer 53
The Transport Layer 57
The Internet Layer 60
The Network Access Layer 65
Chapter Summary 67
Exam Preparation Tasks 67
Review All Key Topics 67
Define Key Terms 68
Exercises 68
2.1 Install a Sniffer and Perform Packet Captures 68
2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack 70
Review Questions 71
Suggested Reading and Resources 75
Chapter 3 Footprinting and Scanning 77
“Do I Know This Already?” Quiz 77
Foundation Topics 80
The Seven-Step Information-Gathering Process 80
Information Gathering 80
Documentation 80
The Organization’s Website 81
Job Boards 83
Employee and People Searches 84
EDGAR Database 87
Google Hacking 88
Usenet 92
Registrar Query 93
DNS Enumeration 96
Determine the Network Range 101
Traceroute 101
Identifying Active Machines 104
Finding Open Ports and Access Points 105
Nmap 112
SuperScan 115
THC-Amap 115
Scanrand 116
Hping 116
Port Knocking 117
War Dialers 117
War Driving 118
OS Fingerprinting 118
Active Fingerprinting Tools 120
Fingerprinting Services 122
Default Ports and Services 122
Finding Open Services 123
Mapping the Network Attack Surface 125
Manual Mapping 125
Automated Mapping 125
Chapter Summary 127
Exam Preparation Tasks 127
Review All Key Topics 127
Define Key Terms 128
Command Reference to Check Your Memory 128
Exercises 129
3.1 Performing Passive Reconnaissance 129
3.2 Performing Active Reconnaissance 130
Review Questions 131
Suggested Reading and Resources 134
Chapter 4 Enumeration and System Hacking 137
“Do I Know This Already?” Quiz 137
Foundation Topics 140
Enumeration 140
Windows Enumeration 140
Windows Security 142
NetBIOS and LDAP Enumeration 143
NetBIOS Enumeration Tools 145
SNMP Enumeration 148
Linux/UNIX Enumeration 149
NTP Enumeration 150
SMTP Enumeration 150
DNS Enumeration 151
System Hacking 151
Nontechnical Password Attacks 151
Technical Password Attacks 152
Password Guessing 152
Automated Password Guessing 153
Password Sniffing 154
Keystroke Loggers 155
Privilege Escalation and Exploiting Vulnerabilities 155
Exploiting an Application 156
Exploiting a Buffer Overflow 156
Owning the Box 157
Authentication Types 158
Cracking the Passwords 159
Hiding Files and Covering Tracks 162
File Hiding 163
Chapter Summary 165
Exam Preparation Tasks 165
Review All Key Topics 165
Define Key Terms 166
Command Reference to Check Your Memory 166
Exercise 166
4.1 NTFS File Streaming 166
Review Questions 167
Suggested Reading and Resources 171
Chapter 5 Linux and Automated Assessment Tools 173
“Do I Know This Already?” Quiz 173
Foundation Topics 176
Linux 176
Linux or Windows? Picking the Right Platform 176
Linux File Structure 177
Linux Basics 179
Passwords and the Shadow File 182
Linux Passwords 183
Compressing, Installing, and Compiling Linux 185
Hacking Linux 186
Reconnaissance 186
Scanning 186
Enumeration 188
Gaining Access 188
Privilege Escalation 190
Maintaining Access and Covering Tracks 191
Hardening Linux 194
Automated Assessment Tools 196
Automated Assessment Tools 196
Source Code Scanners 197
Application-Level Scanners 197
System-Level Scanners 198
Automated Exploit Tools 201
Chapter Summary 203
Exam Preparation Tasks 204
Review All Key Topics 204
Define Key Terms 204
Command Reference to Check Your Memory 205
Exercises 205
5.1 Downloading and Running Backtrack 205
5.2 Using Backtrack to Perform a Port Scan 206
5.3 Creating a Virtual Machine 206
5.4 Cracking Passwords with John the Ripper 207
Review Questions 208
Suggested Reading and Resources 210
Chapter 6 Trojans and Backdoors 213
“Do I Know This Already?” Quiz 213
Foundation Topics 216
Trojans 216
Trojan Types 216
Trojan Ports and Communication Methods 217
Trojan Goals 219
Trojan Infection Mechanisms 219
Effects of Trojans 220
Trojan Tools 221
Distributing Trojans 225
Trojan Tool Kits 226
Covert Communication 227
Covert Communication Tools 231
Port Redirection 232
Other Redirection and Covert Tools 234
Keystroke Logging and Spyware 235
Hardware 236
Software 236
Spyware 237
Trojan and Backdoor Countermeasures 238
Chapter Summary 240
Exam Preparation Tasks 241
Review All Key Topics 241
Define Key Terms 242
Command Reference to Check Your Memory 242
Exercises 243
6.1 Finding Malicious Programs 243
6.2 Using a Scrap Document to Hide Malicious Code 244
6.3 Using Process Explorer 244
Review Questions 246
Suggested Reading and Resources 248
Chapter 7 Sniffers, Session Hijacking, and Denial of Service 251
“Do I Know This Already?” Quiz 251
Foundation Topics 254
Sniffers 254
Passive Sniffing 254
Active Sniffing 255
Address Resolution Protocol 255
ARP Poisoning and Flooding 256
Tools for Sniffing 260
Wireshark 260
Other Sniffing Tools 262
Sniffing and Spoofing Countermeasures 263
Session Hijacking 264
Transport Layer Hijacking 264
Predict the Sequence Number 265
Take One of the Parties Offline 267
Take Control of the Session 267
Application Layer Hijacking 267
Session Sniffing 267
Predictable Session Token ID 268
Man-in-the-Middle Attacks 268
Man-in-the-Browser Attacks 269
Client-Side Attacks 269
Session-Hijacking Tools 271
Preventing Session Hijacking 273
Denial of Service, Distributed Denial of Service, and Botnets 274
Types of DoS 275
Bandwidth Attacks 276
SYN Flood Attacks 277
Program and Application Attacks 277
Distributed Denial of Service 278
DDoS Tools 280
Botnets 282
DoS, DDOS, and Botnet Countermeasures 285
Summary 288
Exam Preparation Tasks 289
Review All Key Topics 289
Define Key Terms 290
Exercises 290
7.1 Scanning for DDoS Programs 290
7.2 Using SMAC to Spoof Your MAC Address 291
Review Questions 291
Suggested Reading and Resources 294
Chapter 8 Web Server Hacking, Web Applications, and Database Attacks 297
“Do I Know This Already?” Quiz 297
Foundation Topics 300
Web Server Hacking 300
Scanning Web Servers 302
Banner Grabbing and Enumeration 302
Web Server Vulnerability Identification 306
Attacks Against Web Servers 307
IIS Vulnerabilities 308
Securing IIS and Apache Web Servers 312
Web Application Hacking 314
Unvalidated Input 315
Parameter/Form Tampering 315
Injection Flaws 315
Cross-Site Scripting and Cross-Site Request Forgery Attacks 316
Hidden Field Attacks 317
Other Web Application Attacks 318
Web-Based Authentication 319
Web-Based Password Cracking and Authentication Attacks 320
Cookies 324
URL Obfuscation 324
Intercepting Web Traffic 326
Database Hacking 329
Identifying SQL Servers 330
SQL Injection Vulnerabilities 331
SQL Injection Hacking Tools 333
Summary 334
Exam Preparation Tasks 335
Review All Key Topics 335
Define Key Terms 336
Exercise 336
8.1 Hack the Bank 336
Review Questions 337
Suggested Reading and Resources 339
Chapter 9 Wireless Technologies, Mobile Security, and Attacks 341
“Do I Know This Already?” Quiz 341
Foundation Topics 344
Wireless Technologies 344
Wireless History 344
Satellite TV 344
Cordless Phones 346
Cell Phones and Mobile Devices 346
Mobile Devices 348
Smartphone Vulnerabilities and Attack Vectors 349
Android 350
iOS 352
Windows Phone 8 352
BlackBerry 353
Mobile Device Management and Protection 353
Bluetooth 354
Wireless LANs 355
Wireless LAN Basics 355
Wireless LAN Frequencies and Signaling 357
Wireless LAN Security 358
Wireless LAN Threats 361
Eavesdropping 362
Configured as Open Authentication 363
Rogue and Unauthorized Access Points 363
Denial of Service (DoS) 365
Wireless Hacking Tools 366
Discover WiFi Networks 366
Perform GPS Mapping 367
Wireless Traffic Analysis 367
Launch Wireless Attacks 368
Crack and Compromise the WiFi Network 368
Securing Wireless Networks 369
Defense in Depth 369
Site Survey 371
Robust Wireless Authentication 372
Misuse Detection 373
Summary 374
Exam Preparation Tasks 374
Review All Key Topics 375
Define Key Terms 375
Review Questions 375
Suggested Reading and Resources 378
Chapter 10 IDS, Firewalls, and Honeypots 381
“Do I Know This Already?” Quiz 381
Intrusion Detection Systems 385
IDS Types and Components 385
Pattern Matching and Anomaly Detection 387
Snort 388
IDS Evasion 392
IDS Evasion Tools 394
Firewalls 395
Firewall Types 395
Network Address Translation 395
Packet Filters 396
Application and Circuit-Level Gateways 398
Stateful Inspection 399
Identifying Firewalls 400
Bypassing Firewalls 402
Honeypots 407
Types of Honeypots 408
Detecting Honeypots 409
Summary 410
Exam Preparation Tasks 411
Review All Key Topics 411
Define Key Terms 411
Review Questions 412
Suggested Reading and Resources 414
Chapter 11 Buffer Overflows, Viruses, and Worms 417
“Do I Know This Already?” Quiz 417
Foundation Topics 420
Buffer Overflows 420
What Is a Buffer Overflow? 420
Why Are Programs Vulnerable? 421
Understanding Buffer-Overflow Attacks 423
Common Buffer-Overflow Attacks 426
Preventing Buffer Overflows 427
Viruses and Worms 429
Types and Transmission Methods of Viruses 429
Virus Payloads 431
History of Viruses 432
Well-Known Viruses 434
The Late 1980s 434
The 1990s 434
2000 and Beyond 435
Virus Tools 438
Preventing Viruses 439
Antivirus 440
Malware Analysis 442
Static Analysis 442
Dynamic Analysis 445
Summary 446
Exam Preparation Tasks 447
Review All Key Topics 447
Define Key Terms 447
Exercises 448
11.1 Locating Known Buffer Overflows 448
11.2 Review CVEs and Buffer Overflows 449
Review Questions 449
Suggested Reading and Resources 451
Chapter 12 Cryptographic Attacks and Defenses 453
“Do I Know This Already?” Quiz 453
Foundation Topics 456
Functions of Cryptography 456
History of Cryptography 457
Algorithms 459
Symmetric Encryption 460
Data Encryption Standard (DES) 461
Advanced Encryption Standard (AES) 463
Rivest Cipher (RC) 463
Asymmetric Encryption (Public Key Encryption) 464
RSA 465
Diffie-Hellman 465
ElGamal 466
Elliptic Curve Cryptography (ECC) 466
Hashing 466
Digital Signature 467
Steganography 468
Steganography Operation 469
Steganographic Tools 470
Digital Watermark 472
Digital Certificates 473
Public Key Infrastructure 474
Trust Models 475
Single Authority 475
Hierarchical Trust 476
Web of Trust 476
Protocols, Standards, and Applications 477
Encryption Cracking and Tools 479
Weak Encryption 481
Encryption-Cracking Tools 482
Summary 483
Exam Preparation Tasks 484
Review All Key Topics 484
Define Key Terms 484
Exercises 485
12.1 Examining an SSL Certificate 485
12.2 Using PGP 486
12.3 Using a Steganographic Tool to Hide a Message 487
Review Questions 487
Suggested Reading and Resources 490
Chapter 13 Physical Security and Social Engineering 493
“Do I Know This Already?” Quiz 493
Foundation Topics 496
Physical Security 496
Threats to Physical Security 496
Equipment Controls 499
Locks 499
Fax Machines 504
Area Controls 505
Location Data and Geotagging 506
Facility Controls 508
Personal Safety Controls 510
Fire Prevention, Detection, and Suppression 510
Physical Access Controls 511
Authentication 511
Defense in Depth 512
Social Engineering 513
Six Types of Social Engineering 513
Person-to-Person Social Engineering 514
Computer-Based Social Engineering 514
Reverse Social Engineering 515
Policies and Procedures 515
Employee Hiring and Termination Policies 516
Help Desk Procedures and Password Change Policies 516
Employee Identification 516
Privacy Policies 517
Governmental and Commercial Data Classification 518
User Awareness 519
Summary 519
Exam Preparation Tasks 520
Review All Key Topics 520
Define Key Terms 521
Exercises 521
13.1 Biometrics and Fingerprint Recognition 521
Review Questions 522
Suggested Reading and Resources 524
Chapter 14 Final Preparation 527
Tools for Final Preparation 527
Pearson Cert Practice Test Engine and Questions on the CD 527
Install the Software from the CD 527
Activate and Download the Practice Exam 528
Activating Other Exams 529
Premium Edition 529
Memory Tables 530
End-of-Chapter Review Tools 530
Suggested Plan for Final Review and Study 530
Summary 532
Glossary 535
Practice Exam 1 EC-Council CEH 312-50 561
Practice Exam 2 EC-Council CEH 312-50 603
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions (CD only)
Appendix B Memory Tables (CD only)
Appendix C Memory Table Answer Key (CD only)
9780789751270 TOC 11/4/2013