CEH v10 Certified Ethical Hacker Study Guide

Ric Messier, CEH, GCIH, GSEC, CISSP is a consultant, educator, and author of many books on information security and digital forensics. Meer over Ric Messier

Lees het volledige artikel

Ric Messier

CEH v10 Certified Ethical Hacker Study Guide

Name: CEH v10 Certified Ethical Hacker Study Guide
Author: Ric Messier

Paperback Engels 2019 9781119533191

Verkooppositie 1979

Verwachte levertijd ongeveer 8 werkdagen

51,14

In winkelwagen

Samenvatting

As protecting information becomes a rapidly growing concern for today’s businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v10) certification.

The 'CEH v10 Certified Ethical Hacker Study Guide' offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instruction. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include intrusion detection, DDoS attacks, buffer overflows, virus creation, and more.

This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you’ve learned into the context of actual job roles.

- Gain a unique certification that allows you to understand the mind of a hacker
- Expand your career opportunities with an IT certificate that satisfies the Department of Defense’s 8570 Directive for Information Assurance positions
- Fully updated for the 2018 CEH v10 exam, including the latest developments in IT security
- Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms

Thanks to its clear organization, all-inclusive coverage, and practical instruction, the 'CEH v10 Certified Ethical Hacker Study Guide' is an excellent resource for anyone who needs to understand the hacking process or anyone who wants to demonstrate their skills as a Certified Ethical Hacker.

Specificaties

ISBN13:9781119533191

Trefwoorden:netwerken, certificering, beveiliging, hackers

Taal:Engels

Bindwijze:paperback

Aantal pagina's:584

Uitgever:Sybex

Verschijningsdatum:23-8-2019

Hoofdrubriek:IT-management / ICT

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Schrijf een recensie

Geef uw waardering

Zeer goed Goed Voldoende Matig Slecht

Over Ric Messier

Ric Messier, CEH, GCIH, GSEC, CISSP is a consultant, educator, and author of many books on information security and digital forensics. With decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor.

Andere boeken door Ric Messier

Bekijk alle boeken

Inhoudsopgave

Introduction xvii
Assessment Test xxiv

Chapter 1 Ethical Hacking 1
Overview of Ethics 2
Overview of Ethical Hacking 4
Methodology of Ethical Hacking 5
Reconnaissance and Footprinting 6
Scanning and Enumeration 6
Gaining Access 7
Maintaining Access 7
Covering Tracks 8
Summary 8

Chapter 2 Networking Foundations 9
Communications Models 11
Open Systems Interconnection 12
TCP/IP Architecture 15
Topologies 16
Bus Network 16
Star Network 17
Ring Network 18
Mesh Network 19
Hybrid 20
Physical Networking 21
Addressing 21
Switching 22
IP 23
Headers 23
Addressing 25
Subnets 26
TCP 28
UDP 31
Internet Control Message Protocol 32
Network Architectures 33
Network Types 34
Isolation 35
Remote Access 36
Cloud Computing 36
Storage as a Service 37
Infrastructure as a Service 39
Platform as a Service 40
Software as a Service 42
Internet of Things 43
Summary 44
Review Questions 46

Chapter 3 Security Foundations 49
The Triad 51
Confidentiality 51
Integrity 53
Availability 54
Parkerian Hexad 55
Risk 56
Policies, Standards, and Procedures 58
Security Policies 58
Security Standards 59
Procedures 60
Guidelines 60
Security Technology 61
Firewalls 61
Intrusion Detection Systems 65
Intrusion Prevention Systems 68
Security Information and Event Management 69
Being Prepared 70
Defense in Depth 71
Defense in Breadth 73
Logging 74
Auditing 76
Summary 78
Review Questions 79

Chapter 4 Footprinting and Reconnaissance 83
Open-Source Intelligence 85
Companies 85
People 93
Social Networking 97
Domain Name System 108
Name Lookups 109
Zone Transfers 115
Passive Reconnaissance 117
Website Intelligence 120
Technology Intelligence 124
Google Hacking 125
Internet of Things (IoT) 126
Summary 128
Review Questions 130

Chapter 5 Scanning Networks 135
Ping Sweeps 137
Using fping 137
Using MegaPing 139
Port Scanning 141
Nmap 142
masscan 155
MegaPing 157
Vulnerability Scanning 159
OpenVAS 160
Nessus 171
Packet Crafting and Manipulation 177
hping 178
packETH 180
fragroute 183
Evasion Techniques 185
Summary 187
Review Questions 189

Chapter 6 Enumeration 193
Service Enumeration 195
Remote Procedure Calls 198
SunRPC 198
Remote Method Invocation 200
Server Message Block 204
Built-In Utilities 205
Nmap Scripts 207
Metasploit 209
Other Utilities 212
Simple Network Management Protocol 215
Simple Mail Transfer Protocol 217
Web-Based Enumeration 220
Summary 226
Review Questions 228

Chapter 7 System Hacking 233
Searching for Exploits 234
System Compromise 239
Metasploit Modules 239
Exploit-DB 243
Gathering Passwords 245
Password Cracking 248
John the Ripper 248
Rainbow Tables 250
Client-Side Vulnerabilities 253
Post Exploitation 255
Privilege Escalation 255
Pivoting 260
Persistence 262
Covering Tracks 265
Summary 272
Review Questions 274

Chapter 8 Malware 279
Malware Types 281
Virus 281
Worm 282
Trojan 284
Botnet 284
Ransomware 285
Dropper 286
Malware Analysis 287
Static Analysis 288
Dynamic Analysis 296
Creating Malware 305
Writing Your Own 305
Using Metasploit 308
Malware Infrastructure 311
Antivirus Solutions 314
Summary 314
Review Questions 316

Chapter 9 Sniffing 321
Packet Capture 322
tcpdump 323
tshark 329
Wireshark 331
Berkeley Packet Filter (BPF) 335
Port Mirroring/Spanning 336
Contents xiii
ftoc.indd 05/20/2019 Page xiii
Packet Analysis 337
Spoofing Attacks 342
ARP Spoofing 342
DNS Spoofing 346
sslstrip 348
Summary 350
Review Questions 352

Chapter 10 Social Engineering 357
Social Engineering 358
Pretexting 360
Social Engineering Vectors 362
Physical Social Engineering 362
Badge Access 363
Man Traps 364
Biometrics 365
Phone Calls 366
Baiting 367
Phishing Attacks 368
Website Attacks 371
Cloning 371
Rogue Attacks 374
Wireless Social Engineering 375
Automating Social Engineering 379
Summary 381
Review Questions 383

Chapter 11 Wireless Security 387
Wi-Fi 388
Wi-Fi Network Types 390
Wi-Fi Authentication 392
Wi-Fi Encryption 393
Bring Your Own Device (BYOD) 397
Wi-Fi Attacks 398
Bluetooth 407
Scanning 408
Bluejacking 409
Bluesnarfing 410
Bluebugging 410
Mobile Devices 411
Mobile Device Attacks 412
Summary 414
Review Questions 416

Chapter 12 Attack and Defense 419
Web Application Attacks 420
XML External Entity Processing 422
Cross-Site Scripting (XSS) 423
SQL Injection 425
Command Injection 427
Denial of Service Attacks 428
Bandwidth Attacks 428
Slow Attacks 431
Legacy 432
Application Exploitation 433
Buffer Overflow 433
Heap Spraying 436
Lateral Movement 436
Defense in Depth/Defense in Breadth 438
Defensible Network Architecture 440
Summary 441
Review Questions 443

Chapter 13 Cryptography 447
Basic Encryption 449
Substitution Ciphers 449
Diffie-Hellman 452
Symmetric Key Cryptography 453
Data Encryption Standard (DES) 453
Advanced Encryption Standard (AES) 454
Asymmetric Key Cryptography 456
Hybrid Cryptosystem 456
Non-Repudiation 457
Elliptic Curve Cryptography 457
Certificate Authorities and Key Management 459
Certificate Authority 459
Trusted Third Party 462
Self-Signed Certificates 463
Cryptographic Hashing 465
PGP and S/MIME 467
Summary 469
Review Questions 471

Chapter 14 Security Architecture and Design 475
Data Classification 476
Security Models 478
State Machine 478
Biba 479
Bell-LaPadula 480
Clark-Wilson Integrity Model 480
Application Architecture 481
n-tier Application Design 482
Service-Oriented Architecture 485
Cloud-Based Applications 487
Database Considerations 489
Security Architecture 492
Summary 495
Review Questions 497

Appendix Answers to Review Questions 501

Index 531