Details

CEH v11 Certified Ethical Hacker Study Guide


CEH v11 Certified Ethical Hacker Study Guide


1. Aufl.

von: Ric Messier

32,99 €

Verlag: Wiley
Format: PDF
Veröffentl.: 16.07.2021
ISBN/EAN: 9781119800293
Sprache: englisch
Anzahl Seiten: 704

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p>As protecting information continues to be a growing concern for today’s businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v11) certification. The <i>CEH v11 Certified Ethical Hacker Study Guide</i> offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instructions. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include common attack practices like reconnaissance and scanning. Also covered are topics like intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things (IoT) and more.</p> <p>This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you’ve learned into the context of actual job roles.</p> <ul> <li>Gain a unique certification that allows you to function like an attacker, allowing you to identify vulnerabilities so they can be remediated</li> <li>Expand your career opportunities with an IT certificate that satisfies the Department of Defense's 8570 Directive for Information Assurance positions</li> <li>Fully updated for the 2020 CEH v11 exam, including the latest developments in IT security</li> <li>Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms</li> </ul> <p>Thanks to its clear organization, all-inclusive coverage, and practical instruction, the <i>CEH v11 Certified Ethical Hacker Study Guide</i> is an excellent resource for anyone who needs to understand the hacking process or anyone who wants to demonstrate their skills as a Certified Ethical Hacker.</p>
<p>Introduction xix</p> <p>Assessment Test xxvi</p> <p><b>Chapter 1 Ethical Hacking 1</b></p> <p>Overview of Ethics 2</p> <p>Overview of Ethical Hacking 5</p> <p>Methodologies 6</p> <p>Cyber Kill Chain 6</p> <p>Attack Lifecycle 8</p> <p>Methodology of Ethical Hacking 10</p> <p>Reconnaissance and Footprinting 10</p> <p>Scanning and Enumeration 11</p> <p>Gaining Access 11</p> <p>Maintaining Access 12</p> <p>Covering Tracks 12</p> <p>Summary 13</p> <p><b>Chapter 2 Networking Foundations 15</b></p> <p>Communications Models 17</p> <p>Open Systems Interconnection 18</p> <p>TCP/IP Architecture 21</p> <p>Topologies 22</p> <p>Bus Network 22</p> <p>Star Network 23</p> <p>Ring Network 24</p> <p>Mesh Network 25</p> <p>Hybrid 26</p> <p>Physical Networking 27</p> <p>Addressing 27</p> <p>Switching 28</p> <p>IP 29</p> <p>Headers 29</p> <p>Addressing 31</p> <p>Subnets 33</p> <p>TCP 34</p> <p>UDP 38</p> <p>Internet Control Message Protocol 39</p> <p>Network Architectures 40</p> <p>Network Types 40</p> <p>Isolation 41</p> <p>Remote Access 43</p> <p>Cloud Computing 44</p> <p>Storage as a Service 45</p> <p>Infrastructure as a Service 46</p> <p>Platform as a Service 48</p> <p>Software as a Service 49</p> <p>Internet of Things 51</p> <p>Summary 52</p> <p>Review Questions 54</p> <p><b>Chapter 3 Security Foundations 57</b></p> <p>The Triad 59</p> <p>Confidentiality 59</p> <p>Integrity 61</p> <p>Availability 62</p> <p>Parkerian Hexad 63</p> <p>Risk 64</p> <p>Policies, Standards, and Procedures 66</p> <p>Security Policies 66</p> <p>Security Standards 67</p> <p>Procedures 68</p> <p>Guidelines 68</p> <p>Organizing Your Protections 69</p> <p>Security Technology 72</p> <p>Firewalls 72</p> <p>Intrusion Detection Systems 77</p> <p>Intrusion Prevention Systems 80</p> <p>Endpoint Detection and Response 81</p> <p>Security Information and Event Management 83</p> <p>Being Prepared 84</p> <p>Defense in Depth 84</p> <p>Defense in Breadth 86</p> <p>Defensible Network Architecture 87</p> <p>Logging 88</p> <p>Auditing 90</p> <p>Summary 92</p> <p>Review Questions 93</p> <p><b>Chapter 4 Footprinting and Reconnaissance 97</b></p> <p>Open Source Intelligence 99</p> <p>Companies 99</p> <p>People 108</p> <p>Social Networking 111</p> <p>Domain Name System 124</p> <p>Name Lookups 125</p> <p>Zone Transfers 130</p> <p>Passive DNS 133</p> <p>Passive Reconnaissance 136</p> <p>Website Intelligence 139</p> <p>Technology Intelligence 144</p> <p>Google Hacking 144</p> <p>Internet of Things (IoT) 146</p> <p>Summary 148</p> <p>Review Questions 150</p> <p><b>Chapter 5 Scanning Networks 155</b></p> <p>Ping Sweeps 157</p> <p>Using fping 157</p> <p>Using MegaPing 159</p> <p>Port Scanning 161</p> <p>Nmap 162</p> <p>masscan 176</p> <p>MegaPing 178</p> <p>Metasploit 180</p> <p>Vulnerability Scanning 183</p> <p>OpenVAS 184</p> <p>Nessus 196</p> <p>Looking for Vulnerabilities with Metasploit 202</p> <p>Packet Crafting and Manipulation 203</p> <p>hping 204</p> <p>packETH 207</p> <p>fragroute 209</p> <p>Evasion Techniques 211</p> <p>Protecting and Detecting 214</p> <p>Summary 215</p> <p>Review Questions 217</p> <p><b>Chapter 6 Enumeration 221</b></p> <p>Service Enumeration 223</p> <p>Remote Procedure Calls 226</p> <p>SunRPC 226</p> <p>Remote Method Invocation 228</p> <p>Server Message Block 232</p> <p>Built-in Utilities 233</p> <p>nmap Scripts 237</p> <p>NetBIOS Enumerator 239</p> <p>Metasploit 240</p> <p>Other Utilities 242</p> <p>Simple Network Management Protocol 245</p> <p>Simple Mail Transfer Protocol 247</p> <p>Web-Based Enumeration 250</p> <p>Summary 257</p> <p>Review Questions 259</p> <p><b>Chapter 7 System Hacking 263</b></p> <p>Searching for Exploits 265</p> <p>System Compromise 269</p> <p>Metasploit Modules 270</p> <p>Exploit-DB 274</p> <p>Gathering Passwords 276</p> <p>Password Cracking 279</p> <p>John the Ripper 280</p> <p>Rainbow Tables 282</p> <p>Kerberoasting 284</p> <p>Client-Side Vulnerabilities 289</p> <p>Living Off the Land 291</p> <p>Fuzzing 292</p> <p>Post Exploitation 295</p> <p>Evasion 295</p> <p>Privilege Escalation 296</p> <p>Pivoting 301</p> <p>Persistence 304</p> <p>Covering Tracks 307</p> <p>Summary 313</p> <p>Review Questions 315</p> <p><b>Chapter 8 Malware 319</b></p> <p>Malware Types 321</p> <p>Virus 321</p> <p>Worm 323</p> <p>Trojan 324</p> <p>Botnet 324</p> <p>Ransomware 326</p> <p>Dropper 328</p> <p>Malware Analysis 328</p> <p>Static Analysis 329</p> <p>Dynamic Analysis 340</p> <p>Creating Malware 349</p> <p>Writing Your Own 350</p> <p>Using Metasploit 353</p> <p>Obfuscating 356</p> <p>Malware Infrastructure 357</p> <p>Antivirus Solutions 359</p> <p>Persistence 360</p> <p>Summary 361</p> <p>Review Questions 363</p> <p><b>Chapter 9 Sniffing 367</b></p> <p>Packet Capture 368</p> <p>tcpdump 369</p> <p>tshark 376</p> <p>Wireshark 378</p> <p>Berkeley Packet Filter 382</p> <p>Port Mirroring/Spanning 384</p> <p>Packet Analysis 385</p> <p>Spoofing Attacks 390</p> <p>ARP Spoofing 390</p> <p>DNS Spoofing 394</p> <p>sslstrip 397</p> <p>Spoofing Detection 398</p> <p>Summary 399</p> <p>Review Questions 402</p> <p><b>Chapter 10 Social Engineering 407</b></p> <p>Social Engineering 408</p> <p>Pretexting 410</p> <p>Social Engineering Vectors 412</p> <p>Physical Social Engineering 413</p> <p>Badge Access 413</p> <p>Man Traps 415</p> <p>Biometrics 416</p> <p>Phone Calls 417</p> <p>Baiting 418</p> <p>Phishing Attacks 418</p> <p>Website Attacks 422</p> <p>Cloning 423</p> <p>Rogue Attacks 426</p> <p>Wireless Social Engineering 427</p> <p>Automating Social Engineering 430</p> <p>Summary 433</p> <p>Review Questions 435</p> <p><b>Chapter 11 Wireless Security 439</b></p> <p>Wi-Fi 440</p> <p>Wi-Fi Network Types 442</p> <p>Wi-Fi Authentication 445</p> <p>Wi-Fi Encryption 446</p> <p>Bring Your Own Device 450</p> <p>Wi-Fi Attacks 451</p> <p>Bluetooth 462</p> <p>Scanning 463</p> <p>Bluejacking 465</p> <p>Bluesnarfing 466</p> <p>Bluebugging 466</p> <p>Mobile Devices 466</p> <p>Mobile Device Attacks 467</p> <p>Summary 472</p> <p>Review Questions 474</p> <p><b>Chapter 12 Attack and Defense 479</b></p> <p>Web Application Attacks 480</p> <p>XML External Entity Processing 482</p> <p>Cross-Site</p> <p>Scripting 483</p> <p>SQL Injection 485</p> <p>Command Injection 487</p> <p>File Traversal 489</p> <p>Web Application Protections 490</p> <p>Denial-of-Service Attacks 492</p> <p>Bandwidth Attacks 492</p> <p>Slow Attacks 495</p> <p>Legacy 497</p> <p>Application Exploitation 497</p> <p>Buffer Overflow 498</p> <p>Heap Spraying 500</p> <p>Application Protections and Evasions 501</p> <p>Lateral Movement 502</p> <p>Defense in Depth/Defense in Breadth 504</p> <p>Defensible Network Architecture 506</p> <p>Summary 508</p> <p>Review Questions 510</p> <p><b>Chapter 13 Cryptography 515</b></p> <p>Basic Encryption 517</p> <p>Substitution Ciphers 517</p> <p>Diffie-Hellman 520</p> <p>Symmetric Key Cryptography 521</p> <p>Data Encryption Standard 522</p> <p>Advanced Encryption Standard 523</p> <p>Asymmetric Key Cryptography 524</p> <p>Hybrid Cryptosystem 525</p> <p>Nonrepudiation 525</p> <p>Elliptic Curve Cryptography 526</p> <p>Certificate Authorities and Key Management 528</p> <p>Certificate Authority 528</p> <p>Trusted Third Party 531</p> <p>Self-Signed Certificates 532</p> <p>Cryptographic Hashing 534</p> <p>PGP and S/MIME 536</p> <p>Disk and File Encryption 538</p> <p>Summary 541</p> <p>Review Questions 543</p> <p><b>Chapter 14 Security Architecture and Design 547</b></p> <p>Data Classification 548</p> <p>Security Models 550</p> <p>State Machine 550</p> <p>Biba 551</p> <p>Bell-LaPadula 552</p> <p>Clark-Wilson Integrity Model 552</p> <p>Application Architecture 553</p> <p>n-tier Application Design 554</p> <p>Service-Oriented Architecture 557</p> <p>Cloud-Based Applications 559</p> <p>Database Considerations 561</p> <p>Security Architecture 563</p> <p>Summary 567</p> <p>Review Questions 569</p> <p><b>Chapter 15 Cloud Computing and the Internet of Things 573</b></p> <p>Cloud Computing Overview 574</p> <p>Cloud Services 578</p> <p>Shared Responsibility Model 583</p> <p>Public vs. Private Cloud 585</p> <p>Cloud Architectures and Deployment 586</p> <p>Responsive Design 588</p> <p>Cloud-Native</p> <p>Design 589</p> <p>Deployment 590</p> <p>Dealing with REST 593</p> <p>Common Cloud Threats 598</p> <p>Access Management 598</p> <p>Data Breach 600</p> <p>Web Application Compromise 600</p> <p>Credential Compromise 602</p> <p>Insider Threat 604</p> <p>Internet of Things 604</p> <p>Operational Technology 610</p> <p>Summary 612</p> <p>Review Questions 614</p> <p><b>Appendix </b><b>Answers to Review Questions 617</b></p> <p>Chapter 2: Networking Foundations 618</p> <p>Chapter 3: Security Foundations 619</p> <p>Chapter 4: Footprinting and Reconnaissance 622</p> <p>Chapter 5: Scanning Networks 624</p> <p>Chapter 6: Enumeration 627</p> <p>Chapter 7: System Hacking 629</p> <p>Chapter 8: Malware 632</p> <p>Chapter 9: Sniffing 635</p> <p>Chapter 10: Social Engineering 636</p> <p>Chapter 11: Wireless Security 638</p> <p>Chapter 12: Attack and Defense 641</p> <p>Chapter 13: Cryptography 643</p> <p>Chapter 14: Security Architecture and Design 645</p> <p>Chapter 15: Cloud Computing and the Internet of Things 646</p> <p>Index 649</p>
<P><B>RIC MESSIER, CEH, GCIH, GSEC, CISSP, CCSP</B> is a consultant, educator, and author of many books on information security and digital forensics. With decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor.
<p><b>Your complete guide to preparing for the Certified Ethical Hacker version 11 Certification exam</b> <p><i>CEH v11 Certified Ethical Hacker Study Guide</i> gives you a hands-on resource for preparing for the challenging body of knowledge covered in the exam. This Sybex Study Guide covers 100% of the 2020 CEH certification requirements presented in an easy-to-follow approach. To keep track of your progress, chapters are organized by exam objective, with a section that maps each objective to its corresponding chapter. The text provides coverage of all topics, with chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include common attack practices like reconnaissance and scanning. Also covered are topics like intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things (IoT), cloud vulnerabilities, and more. <p><b>Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for:</b> <ul><li>Footprinting and Reconnaissance</li> <li>Scanning Networks</li> <li>Enumeration</li> <li>System Hacking</li> <li>Malware</li> <li>Social Engineering</li> <li>Wireless Security</li> <li>Cryptography</li></ul> <p><b>Interactive learning environment</b> <p>Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, visit <b>www.wiley.com/go/sybextestprep</b>, register your book to receive your unique PIN, and instantly gain a year of FREE access to: <ul><b><li>Interactive test bank with </b>2 practice exams. Practice exams help you identify areas where further review is needed. 500 questions total!</li> <b><li>100 electronic flashcards </b>to reinforce learning and last-minute prep before the exam</li> <b><li>Comprehensive glossary</b> in PDF format gives you instant access to the key terms so you are fully prepared</li></ul>

Diese Produkte könnten Sie auch interessieren:

Rechtschreibung - fit in 30 Minuten
Rechtschreibung - fit in 30 Minuten
von: Julia Daube
PDF ebook
5,99 €
Konzentration - fit in 30 Minuten
Konzentration - fit in 30 Minuten
von: Björn Gemmer
PDF ebook
5,99 €
Konflikte lösen - fit in 30 Minuten
Konflikte lösen - fit in 30 Minuten
von: Björn Gemmer, Christiane Sauer
PDF ebook
5,99 €