Description
Book SynopsisAs protecting informationcontinues to bea growing concern for today's businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v11) certification. The CEH v11 Certified Ethical Hacker Study Guide offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instructions. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include common attack practices like reconnaissance and scanning. Also covered are topics like intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things (IoT) and more. This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you've learned into the context of actual job roles. Gain a unique certification that allows you to function like an attacker, allowing you to identify vulnerabilities so they can be remediatedExpand your career opportunities with an IT certificate that satisfies the Department of Defense's 8570 Directive for Information Assurance positionsFully updated for the 2020 CEH v11 exam, including the latest developments in IT securityAccess the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms Thanks to its clear organization, all-inclusive coverage, and practical instruction, the CEH v11 Certified Ethical Hacker Study Guide is an excellent resource for anyone who needs to understand the hacking process or anyone who wants to demonstrate their skills as a Certified Ethical Hacker.
Table of ContentsIntroduction xix
Assessment Test xxvi
Chapter 1 Ethical Hacking 1
Overview of Ethics 2
Overview of Ethical Hacking 5
Methodologies 6
Cyber Kill Chain 6
Attack Lifecycle 8
Methodology of Ethical Hacking 10
Reconnaissance and Footprinting 10
Scanning and Enumeration 11
Gaining Access 11
Maintaining Access 12
Covering Tracks 12
Summary 13
Chapter 2 Networking Foundations 15
Communications Models 17
Open Systems Interconnection 18
TCP/IP Architecture 21
Topologies 22
Bus Network 22
Star Network 23
Ring Network 24
Mesh Network 25
Hybrid 26
Physical Networking 27
Addressing 27
Switching 28
IP 29
Headers 29
Addressing 31
Subnets 33
TCP 34
UDP 38
Internet Control Message Protocol 39
Network Architectures 40
Network Types 40
Isolation 41
Remote Access 43
Cloud Computing 44
Storage as a Service 45
Infrastructure as a Service 46
Platform as a Service 48
Software as a Service 49
Internet of Things 51
Summary 52
Review Questions 54
Chapter 3 Security Foundations 57
The Triad 59
Confidentiality 59
Integrity 61
Availability 62
Parkerian Hexad 63
Risk 64
Policies, Standards, and Procedures 66
Security Policies 66
Security Standards 67
Procedures 68
Guidelines 68
Organizing Your Protections 69
Security Technology 72
Firewalls 72
Intrusion Detection Systems 77
Intrusion Prevention Systems 80
Endpoint Detection and Response 81
Security Information and Event Management 83
Being Prepared 84
Defense in Depth 84
Defense in Breadth 86
Defensible Network Architecture 87
Logging 88
Auditing 90
Summary 92
Review Questions 93
Chapter 4 Footprinting and Reconnaissance 97
Open Source Intelligence 99
Companies 99
People 108
Social Networking 111
Domain Name System 124
Name Lookups 125
Zone Transfers 130
Passive DNS 133
Passive Reconnaissance 136
Website Intelligence 139
Technology Intelligence 144
Google Hacking 144
Internet of Things (IoT) 146
Summary 148
Review Questions 150
Chapter 5 Scanning Networks 155
Ping Sweeps 157
Using fping 157
Using MegaPing 159
Port Scanning 161
Nmap 162
masscan 176
MegaPing 178
Metasploit 180
Vulnerability Scanning 183
OpenVAS 184
Nessus 196
Looking for Vulnerabilities with Metasploit 202
Packet Crafting and Manipulation 203
hping 204
packETH 207
fragroute 209
Evasion Techniques 211
Protecting and Detecting 214
Summary 215
Review Questions 217
Chapter 6 Enumeration 221
Service Enumeration 223
Remote Procedure Calls 226
SunRPC 226
Remote Method Invocation 228
Server Message Block 232
Built-in Utilities 233
nmap Scripts 237
NetBIOS Enumerator 239
Metasploit 240
Other Utilities 242
Simple Network Management Protocol 245
Simple Mail Transfer Protocol 247
Web-Based Enumeration 250
Summary 257
Review Questions 259
Chapter 7 System Hacking 263
Searching for Exploits 265
System Compromise 269
Metasploit Modules 270
Exploit-DB 274
Gathering Passwords 276
Password Cracking 279
John the Ripper 280
Rainbow Tables 282
Kerberoasting 284
Client-Side Vulnerabilities 289
Living Off the Land 291
Fuzzing 292
Post Exploitation 295
Evasion 295
Privilege Escalation 296
Pivoting 301
Persistence 304
Covering Tracks 307
Summary 313
Review Questions 315
Chapter 8 Malware 319
Malware Types 321
Virus 321
Worm 323
Trojan 324
Botnet 324
Ransomware 326
Dropper 328
Malware Analysis 328
Static Analysis 329
Dynamic Analysis 340
Creating Malware 349
Writing Your Own 350
Using Metasploit 353
Obfuscating 356
Malware Infrastructure 357
Antivirus Solutions 359
Persistence 360
Summary 361
Review Questions 363
Chapter 9 Sniffing 367
Packet Capture 368
tcpdump 369
tshark 376
Wireshark 378
Berkeley Packet Filter 382
Port Mirroring/Spanning 384
Packet Analysis 385
Spoofing Attacks 390
ARP Spoofing 390
DNS Spoofing 394
sslstrip 397
Spoofing Detection 398
Summary 399
Review Questions 402
Chapter 10 Social Engineering 407
Social Engineering 408
Pretexting 410
Social Engineering Vectors 412
Physical Social Engineering 413
Badge Access 413
Man Traps 415
Biometrics 416
Phone Calls 417
Baiting 418
Phishing Attacks 418
Website Attacks 422
Cloning 423
Rogue Attacks 426
Wireless Social Engineering 427
Automating Social Engineering 430
Summary 433
Review Questions 435
Chapter 11 Wireless Security 439
Wi-Fi 440
Wi-Fi Network Types 442
Wi-Fi Authentication 445
Wi-Fi Encryption 446
Bring Your Own Device 450
Wi-Fi Attacks 451
Bluetooth 462
Scanning 463
Bluejacking 465
Bluesnarfing 466
Bluebugging 466
Mobile Devices 466
Mobile Device Attacks 467
Summary 472
Review Questions 474
Chapter 12 Attack and Defense 479
Web Application Attacks 480
XML External Entity Processing 482
Cross-Site
Scripting 483
SQL Injection 485
Command Injection 487
File Traversal 489
Web Application Protections 490
Denial-of-Service Attacks 492
Bandwidth Attacks 492
Slow Attacks 495
Legacy 497
Application Exploitation 497
Buffer Overflow 498
Heap Spraying 500
Application Protections and Evasions 501
Lateral Movement 502
Defense in Depth/Defense in Breadth 504
Defensible Network Architecture 506
Summary 508
Review Questions 510
Chapter 13 Cryptography 515
Basic Encryption 517
Substitution Ciphers 517
Diffie-Hellman 520
Symmetric Key Cryptography 521
Data Encryption Standard 522
Advanced Encryption Standard 523
Asymmetric Key Cryptography 524
Hybrid Cryptosystem 525
Nonrepudiation 525
Elliptic Curve Cryptography 526
Certificate Authorities and Key Management 528
Certificate Authority 528
Trusted Third Party 531
Self-Signed Certificates 532
Cryptographic Hashing 534
PGP and S/MIME 536
Disk and File Encryption 538
Summary 541
Review Questions 543
Chapter 14 Security Architecture and Design 547
Data Classification 548
Security Models 550
State Machine 550
Biba 551
Bell-LaPadula 552
Clark-Wilson Integrity Model 552
Application Architecture 553
n-tier Application Design 554
Service-Oriented Architecture 557
Cloud-Based Applications 559
Database Considerations 561
Security Architecture 563
Summary 567
Review Questions 569
Chapter 15 Cloud Computing and the Internet of Things 573
Cloud Computing Overview 574
Cloud Services 578
Shared Responsibility Model 583
Public vs. Private Cloud 585
Cloud Architectures and Deployment 586
Responsive Design 588
Cloud-Native
Design 589
Deployment 590
Dealing with REST 593
Common Cloud Threats 598
Access Management 598
Data Breach 600
Web Application Compromise 600
Credential Compromise 602
Insider Threat 604
Internet of Things 604
Operational Technology 610
Summary 612
Review Questions 614
Appendix Answers to Review Questions 617
Chapter 2: Networking Foundations 618
Chapter 3: Security Foundations 619
Chapter 4: Footprinting and Reconnaissance 622
Chapter 5: Scanning Networks 624
Chapter 6: Enumeration 627
Chapter 7: System Hacking 629
Chapter 8: Malware 632
Chapter 9: Sniffing 635
Chapter 10: Social Engineering 636
Chapter 11: Wireless Security 638
Chapter 12: Attack and Defense 641
Chapter 13: Cryptography 643
Chapter 14: Security Architecture and Design 645
Chapter 15: Cloud Computing and the Internet of Things 646
Index 649
