Muutke küpsiste eelistusi

Certified Ethical Hacker (CEH) Version 10 Cert Guide 3rd edition [Multiple-component retail product]

3.25/5 (8 hinnangut Goodreads-ist)
,
  • Formaat: Multiple-component retail product, 704 pages, kõrgus x laius x paksus: 234x198x38 mm, kaal: 1343 g, Contains 1 Digital product license key and 1 Hardback
  • Sari: Certification Guide
  • Ilmumisaeg: 25-Sep-2019
  • Kirjastus: Pearson IT Certification
  • ISBN-10: 0789760525
  • ISBN-13: 9780789760524
Teised raamatud teemal:
Certified Ethical Hacker (CEH) Version 10 Cert Guide 3rd editionSuurem pilt
  • Formaat: Multiple-component retail product, 704 pages, kõrgus x laius x paksus: 234x198x38 mm, kaal: 1343 g, Contains 1 Digital product license key and 1 Hardback
  • Sari: Certification Guide
  • Ilmumisaeg: 25-Sep-2019
  • Kirjastus: Pearson IT Certification
  • ISBN-10: 0789760525
  • ISBN-13: 9780789760524
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780789760524.html
Märksõnad:

In this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all the topics you need to know to succeed on your Certified Ethical Hacker Version 10 exam and advance your career in IT security. The authors’ concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.


Every feature of this book supports both efficient exam preparation and long-term mastery:

·         Opening Topics Lists identify the topics you need to learn in each chapter and list EC-Council’s official exam objectives

·         Key Topics figures, tables, and lists call attention to the information that’s most crucial for exam success

·         Exam Preparation Tasks enable you to review key topics, define key terms, work through scenarios, and answer review questions…going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career

·         Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field’s essential terminology


This study guide helps you master all the topics on the latest CEH exam, including

·         Ethical hacking basics

·         Technical foundations of hacking

·         Footprinting and scanning

·         Enumeration and system hacking

·         Social engineering, malware threats, and vulnerability analysis

·         Sniffers, session hijacking, and denial of service

·         Web server hacking, web applications, and database attacks

·         Wireless technologies, mobile security, and mobile attacks

·         IDS, firewalls, and honeypots

·         Cryptographic attacks and defenses

·         Cloud computing, IoT, and botnets 

Introduction xxii
Chapter 1 An Introduction to Ethical Hacking 3(42)
"Do I Know This Already?" Quiz
3(3)
Security Fundamentals
6(7)
Goals of Security
7(1)
Risk, Assets, Threats, and Vulnerabilities
8(2)
Backing Up Data to Reduce Risk
10(1)
Defining an Exploit
11(1)
Risk Assessment
12(1)
Security Testing
13(3)
No-Knowledge Tests (Black Box)
13(1)
Full-Knowledge Testing (White Box)
14(1)
Partial-Knowledge Testing (Gray Box)
14(1)
Types of Security Tests
14(2)
Hacker and Cracker Descriptions
16(3)
Who Attackers Are
18(1)
Ethical Hackers
19(5)
Required Skills of an Ethical Hacker
20(1)
Modes of Ethical Hacking
21(3)
Test Plans-Keeping It Legal
24(5)
Test Phases
25(1)
Establishing Goals
26(1)
Getting Approval
27(1)
Ethical Hacking Report
28(1)
Vulnerability Research-Keeping Up with Changes
29(1)
Ethics and Legality
29(6)
Overview of U.S. Federal Laws
30(3)
Compliance Regulations
33(1)
Payment Card Industry Data Security Standard (PCI-DSS)
34(1)
Summary
35(1)
Review All Key Topics
36(1)
Define Key Terms
36(1)
Exercises
36(1)
1-1 Searching for Exposed Passwords
37(1)
1-2 Examining Security Policies
37(1)
Review Questions
37(5)
Suggested Reading and Resources
42(3)
Chapter 2 The Technical Foundations of Hacking 45(42)
"Do I Know This Already?" Quiz
45(3)
The Hacking Process
48(4)
Performing Reconnaissance and Footprinting
48(1)
Scanning and Enumeration
49(1)
Gaining Access
50(1)
Escalation of Privilege
51(1)
Maintaining Access
51(1)
Covering Tracks and Planting Backdoors
51(1)
The Ethical Hacker's Process
52(2)
NIST SP 800-15
53(1)
Operationally Critical Threat, Asset, and Vulnerability Evaluation
53(1)
Open Source Security Testing Methodology Manual
54(1)
Information Security Systems and the Stack
54(22)
The OSI Model
55(2)
Anatomy of TCP/IP Protocols
57(2)
The Application Layer
59(5)
The Transport Layer
64(1)
Transmission Control Protocol
64(2)
User Datagram Protocol
66(1)
The Internet Layer
66(6)
Traceroute
72(2)
The Network Access Layer
74(2)
Summary
76(1)
Review All Key Topics
77(1)
Define Key Terms
77(1)
Exercises
78(2)
2.1 Install a Sniffer and Perform Packet Captures
78(1)
2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack
79(1)
2.3 Using Traceroute for Network Troubleshooting
79(1)
Review Questions
80(4)
Suggested Reading and Resources
84(3)
Chapter 3 Footprinting and Scanning 87(62)
"Do I Know This Already?" Quiz
87(3)
Overview of the Seven-Step Information-Gathering Process
90(1)
Information Gathering
90(22)
Documentation
91(1)
The Organization's Website
91(2)
Job Boards
93(2)
Employee and People Searches
95(3)
EDGAR Database
98(1)
Google Hacking
99(4)
Usenet
103(1)
Registrar Query
104(3)
DNS Enumeration
107(5)
Determining the Network Range
112(3)
Traceroute
114(1)
Identifying Active Machines
115(1)
Finding Open Ports and Access Points
116(14)
Nmap
124(4)
SuperScan
128(1)
THC-Amap
128(1)
Hping
129(1)
Port Knocking
129(1)
War Driving
130(1)
OS Fingerprinting
130(4)
Active Fingerprinting Tools
132(2)
Fingerprinting Services
134(2)
Default Ports and Services
134(1)
Finding Open Services
134(2)
Mapping the Network Attack Surface
136(2)
Manual Mapping
136(1)
Automated Mapping
136(2)
Summary
138(1)
Review All Key Topics
139(1)
Define Key Terms
139(1)
Exercises
140(1)
3.1 Performing Passive Reconnaissance
140(1)
3.2 Performing Active Reconnaissance
141(1)
Review Questions
141(5)
Suggested Reading and Resources
146(3)
Chapter 4 Enumeration and System Hacking 149(46)
"Do I Know This Already?" Quiz
149(3)
Enumeration
152(11)
Windows Enumeration
152(2)
Windows Security
154(1)
NetBIOS and LDAP Enumeration
155(2)
NetBIOS Enumeration Tools
157(3)
SNMP Enumeration
160(1)
Linux/UNIX Enumeration
161(1)
NTP Enumeration
162(1)
SMTP Enumeration
162(1)
IPsec and VoIP Enumeration
162(1)
DNS Enumeration
163(1)
System Hacking
163(23)
Nontechnical Password Attacks
164(1)
Technical Password Attacks
165(1)
Password Guessing
165(2)
Automated Password Guessing
167(1)
Password Sniffing
167(1)
Keylogging
168(1)
Privilege Escalation and Exploiting Vulnerabilities
169(1)
Exploiting an Application
170(1)
Exploiting a Buffer Overflow
171(2)
Owning the Box
173(1)
Windows Authentication Types
173(2)
Cracking Windows Passwords
175(3)
Linux Authentication and Passwords
178(2)
Cracking Linux Passwords
180(1)
Hiding Files and Covering Tracks
181(1)
Rootkits
182(3)
File Hiding
185(1)
Summary
186(1)
Review All Key Topics
187(1)
Define Key Terms
187(1)
Exercise
188(1)
4.1 NTFS File Streaming
188(1)
Review Questions
189(4)
Suggested Reading and Resources
193(2)
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis 195(78)
"Do I Know This Already?" Quiz
195(4)
Social Engineering
199(14)
Phishing
200(1)
Pharming
200(1)
Malvertising
201(1)
Spear Phishing
202(7)
SMS Phishing
209(1)
Voice Phishing
210(1)
Whaling
210(1)
Elicitation, Interrogation, and Impersonation (Pretexting)
210(2)
Social Engineering Motivation Techniques
212(1)
Shoulder Surfing and USB Key Drop
212(1)
Malware Threats
213(40)
Viruses and Worms
213(1)
Types and Transmission Methods of Viruses and Malware
213(2)
Virus Payloads
215(1)
History of Viruses
216(1)
Well-Known Viruses and Worms
217(2)
Virus Creation Tools
219(1)
Trojans
220(1)
Trojan Types
220(1)
Trojan Ports and Communication Methods
221(1)
Trojan Goals
222(1)
Trojan Infection Mechanisms
223(1)
Effects of Trojans
224(1)
Trojan Tools
225(2)
Distributing Trojans
227(1)
Wrappers
228(1)
Packers
229(1)
Droppers
229(1)
Crypters
229(1)
Ransomware
230(2)
Covert Communication
232(1)
Tunneling via the Internet Layer
233(3)
Tunneling via the Transport Layer
236(1)
Tunneling via the Application Layer
237(1)
Port Redirection
238(2)
Keystroke Logging and Spyware
240(1)
Hardware Keyloggers
241(1)
Software Keyloggers
241(1)
Spyware
242(1)
Malware Countermeasures
243(1)
Detecting Malware
243(3)
Antivirus
246(3)
Analyzing Malware
249(1)
Static Analysis
250(1)
Dynamic Analysis
251(2)
Vulnerability Analysis
253(7)
Passive vs. Active Assessments
253(1)
External vs. Internal Assessments
254(1)
Vulnerability Assessment Solutions
254(1)
Tree-based vs. Inference-based Assessments
255(1)
Vulnerability Scoring Systems
255(4)
Vulnerability Scanning Tools
259(1)
Summary
260(2)
Review All Key Topics
262(1)
Define Key Terms
263(1)
Command Reference to Check Your Memory
263(1)
Exercises
264(2)
5.1 Finding Malicious Programs
264(1)
5.2 Using Process Explorer
265(1)
Review Questions
266(5)
Suggested Reading and Resources
271(2)
Chapter 6 Sniffers, Session Hijacking, and Denial of Service 273(52)
"Do I Know This Already?" Quiz
273(3)
Sniffers
276(15)
Passive Sniffing
277(1)
Active Sniffing
277(1)
Address Resolution Protocol
278(1)
ARP Poisoning and MAC Flooding
279(7)
Tools for Sniffing
286(1)
Wireshark
286(3)
Other Sniffing Tools
289(1)
Sniffing and Spoofing Countermeasures
290(1)
Session Hijacking
291(12)
Transport Layer Hijacking
292(3)
Identify and Find an Active Session
292(1)
Predict the Sequence Number
293(2)
Take One of the Parties Offline
295(1)
Take Control of the Session
295(1)
Application Layer Hijacking
295(4)
Session Sniffing
295(1)
Predictable Session Token ID
296(1)
Man-in-the-Middle Attacks
296(1)
Client-Side Attacks
297(2)
Man-in-the-Browser Attacks
299(1)
Session Replay Attacks
299(1)
Session Fixation Attacks
299(1)
Session Hijacking Tools
299(3)
Preventing Session Hijacking
302(1)
Denial of Service and Distributed Denial of Service
303(12)
DoS Attack Techniques
305(1)
Volumetric Attacks
305(1)
SYN Flood Attacks
306(1)
ICMP Attacks
306(1)
Peer-to-Peer Attacks
307(1)
Application-Level Attacks
307(2)
Permanent DoS Attacks
309(1)
Distributed Denial of Service
309(1)
DDoS Tools
310(2)
DoS and DDOS Countermeasures
312(3)
Summary
315(1)
Review All Key Topics
316(1)
Define Key Terms
317(1)
Exercises
317(2)
6.1 Scanning for DDoS Programs
317(1)
6.2 Using SMAC to Spoof Your MAC Address
318(1)
6.3 Using the KnowBe4 SMAC to Spoof Your MAC Address
318(1)
Review Questions
319(4)
Suggested Reading and Resources
323(2)
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks 325(82)
"Do I Know This Already?" Quiz
325(3)
Web Server Hacking
328(33)
The HTTP Protocol
328(8)
Scanning Web Servers
336(1)
Banner Grabbing and Enumeration
337(5)
Web Server Vulnerability Identification
342(1)
Attacking the Web Server
342(1)
DoS/DDoS Attacks
343(1)
DNS Server Hijacking and DNS Amplification Attacks
343(2)
Directory Traversal
345(2)
Man-in-the-Middle Attacks
347(1)
Website Defacement
347(1)
Web Server Misconfiguration
347(1)
HTTP Response Splitting
348(1)
Understanding Cookie Manipulation Attacks
348(1)
Web Server Password Cracking
349(1)
Web Server-Specific Vulnerabilities
349(2)
Comments in Source Code
351(1)
Lack of Error Handling and Overly Verbose Error Handling
352(1)
Hard-Coded Credentials
352(1)
Race Conditions
352(1)
Unprotected APIs
353(3)
Hidden Elements
356(1)
Lack of Code Signing
356(1)
Automated Exploit Tools
356(2)
Securing Web Servers
358(1)
Harden Before Deploying
358(1)
Patch Management
359(1)
Disable Unneeded Services
359(1)
Lock Down the File System
360(1)
Log and Audit
360(1)
Provide Ongoing Vulnerability Scans
360(1)
Web Application Hacking
361(23)
Unvalidated Input
362(1)
Parameter/Form Tampering
362(1)
Injection Flaws
362(1)
Understanding Cross-site Scripting (XSS) Vulnerabilities
363(1)
Reflected XSS
364(2)
Stored XSS
366(1)
DOM-based XSS
367(1)
XSS Evasion Techniques
368(1)
XSS Mitigations
369(2)
Understanding Cross-site Request Forgery Vulnerabilities and Related Attacks
371(1)
Understanding Clickjacking
372(1)
Other Web Application Attacks
372(2)
Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations
374(1)
Web-Based Password Cracking and Authentication Attacks
375(2)
Understanding What Cookies Are and Their Use
377(1)
URL Obfuscation
378(2)
Intercepting Web Traffic
380(1)
Securing Web Applications
381(2)
Lack of Code Signing
383(1)
Database Hacking
384(13)
A Brief Introduction to SQL and SQL Injection
385(4)
SQL Injection Categories
389(2)
Fingerprinting the Database
391(1)
Surveying the UNION Exploitation Technique
392(2)
Using Boolean in SQL Injection Attacks
394(1)
Understanding Out-of-Band Exploitation
394(2)
Exploring the Time-Delay SQL Injection Technique
396(1)
Surveying Stored Procedure SQL Injection
396(1)
Understanding SQL Injection Mitigations
396(1)
SQL Injection Hacking Tools
397(1)
Summary
398(1)
Review All Key Topics
399(1)
Exercise
400(1)
7.1 Complete the Exercises in WebGoat
400(1)
Review Questions
400(5)
Suggested Reading and Resources
405(2)
Chapter 8 Wireless Technologies, Mobile Security, and Attacks 407(48)
"Do I Know This Already?" Quiz
407(3)
Wireless Technologies
410(1)
Mobile Device Operation and Security
410(12)
Mobile Device Concerns
412(1)
Mobile Device Platforms
413(1)
Android
414(3)
iOS
417(1)
Windows Mobile Operating System
417(1)
BlackBerry
418(1)
Mobile Device Management and Protection
418(1)
Bluetooth
419(3)
Radio-frequency Identification (RFID) Attacks
422(1)
Wireless LANs
422(25)
Wireless LAN Basics
423(1)
Wireless LAN Frequencies and Signaling
424(1)
Wireless LAN Security
425(8)
Installing Rogue Access Points
428(1)
Evil Twin Attacks
429(1)
Deauthentication Attacks
429(4)
Attacking the Preferred Network Lists
433(1)
Jamming Wireless Signals and Causing Interference
433(1)
War Driving
433(7)
Attacking WEP
433(2)
Attacking WPA
435(5)
Wireless Networks Configured with Open Authentication
440(3)
KRACK Attacks
440(1)
Attacking Wi-Fi Protected Setup (WPS)
441(1)
KARMA Attack
441(1)
Fragmentation Attacks
441(2)
Additional Wireless Hacking Tools
443(1)
Performing GPS Mapping
443(1)
Wireless Traffic Analysis
443(1)
Launch Wireless Attacks
444(1)
Crack and Compromise the Wi-Fi Network
444(1)
Securing Wireless Networks
445(1)
Site Survey
445(13)
Robust Wireless Authentication
446(1)
Misuse Detection
447(1)
Summary
447(1)
Review All Key Topics
448(1)
Define Key Terms
448(1)
Review Questions
449(3)
Suggested Reading and Resources
452(3)
Chapter 9 IDS, Firewalls, and Honeypots 455(48)
"Do I Know This Already?" Quiz
455(3)
Intrusion Detection and Prevention Systems
458(16)
IDS Types and Components
458(3)
Pattern Matching
461(2)
Protocol Analysis
463(1)
Heuristic-Based Analysis
463(1)
Anomaly-Based Analysis
464(1)
Global Threat Correlation Capabilities
465(1)
Snort
465(5)
IDS Evasion
470(1)
Flooding
470(1)
Insertion and Evasion
470(1)
Session Splicing
471(1)
Shellcode Attacks
471(1)
Other IDS Evasion Techniques
472(1)
IDS Evasion Tools
473(1)
Firewalls
474(16)
Firewall Types
475(1)
Network Address Translation
475(1)
Packet Filters
476(2)
Application and Circuit-Level Gateways
478(1)
Stateful Inspection
479(1)
Identifying Firewalls
480(4)
Bypassing Firewalls
484(6)
Honeypots
490(4)
Types of Honeypots
492(1)
Detecting Honeypots
493(1)
Summary
494(1)
Review All Key Topics
494(1)
Define Key Terms
495(1)
Review Questions
495(5)
Suggested Reading and Resources
500(3)
Chapter 10 Cryptographic Attacks and Defenses 503(44)
"Do I Know This Already?" Quiz
503(3)
Functions of Cryptography
506(1)
History of Cryptography
507(2)
Algorithms
509(16)
Symmetric Encryption
510(1)
Data Encryption Standard (DES)
511(3)
Advanced Encryption Standard (AES)
514(1)
Rivest Cipher
514(1)
Asymmetric Encryption (Public Key Encryption)
514(2)
RSA
516(1)
Diffie-Hellman
516(1)
ElGamal
516(1)
Elliptic Curve Cryptography (ECC)
516(1)
Hashing
517(1)
Digital Signature
518(1)
Steganography
519(1)
Steganography Operation
520(1)
Steganographic Tools
521(3)
Digital Watermark
524(1)
Digital Certificates
524(1)
Public Key Infrastructure
525(4)
Trust Models
527(1)
Single-Authority Trust
527(1)
Hierarchical Trust
527(1)
Web of Trust
528(1)
Protocols, Applications, and Attacks
529(7)
Encryption Cracking and Tools
531(3)
Weak Encryption
534(2)
Encryption-Cracking Tools
536(1)
Summary
536(1)
Review All Key Topics
537(1)
Define Key Terms
538(1)
Exercises
538(2)
10.1 Examining an SSL Certificate
538(1)
10.2 Using PGP
539(1)
10.3 Using a Steganographic Tool to Hide a Message
540(1)
Review Questions
540(5)
Suggested Reading and Resources
545(2)
Chapter 11 Cloud Computing, loT, and Botnets 547(26)
"Do I Know This Already?" Quiz
547(3)
Cloud Computing
550(6)
Cloud Computing Issues and Concerns
552(2)
Cloud Computing Attacks
554(1)
Cloud Computing Security
555(1)
IoT
556(4)
IoT Protocols
558(2)
Hacking IoT Implementations
560(1)
Botnets
560(6)
Botnet Countermeasures
563(3)
Summary
566(1)
Review All Key Topics
566(1)
Define Key Terms
567(1)
Exercise
567(1)
11.1 Scanning for DDoS Programs
567(1)
Review Questions
568(2)
Suggested Reading and Resources
570(3)
Chapter 12 Final Preparation 573(4)
Hands-on Activities
573(1)
Suggested Plan for Final Review and Study
574(1)
Summary
575(2)
Glossary 577(26)
Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 603(36)
Index 639
Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cyber security operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organizations assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies.

He has more than 20 years of experience in the IT field and holds two associates degrees, a bachelors degree, and a masters degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored 14 other books, including Build Your Own Security Lab: A Field Guide for Network Testing (Wiley, 2008); Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network (Syngress, 2006); Certified Ethical Hacker Exam Prep 2 (Que, 2006); and Inside Network Security Assessment: Guarding Your IT Infrastructure (Sams, 2005).

Michael has testified before a U.S congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cyber security and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cyber security, CISSP, CISA, Security+, and others.

When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car.

You can reach Michael by email at MikeG@thesolutionfirm.com.

Omar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure.

Omar is the author of more than 20 books and video courses and numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities.

Omar has been quoted by numerous media outlets, such as The Register, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune, Ars Technica, and more. Additional information about Omar can be obtained from h4cker.org and omarsantos.io. You can follow Omar on Twitter at @santosomar.