RIC MESSIER, CEH, GCIH, GSEC, CISSP, CCSP is a consultant, educator, and author of many books on information security and digital forensics. With decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor.

Introduction xix
 
Assessment Test xxvi
 
Chapter 1 Ethical Hacking 1
 
Overview of Ethics 2
 
Overview of Ethical Hacking 5
 
Methodologies 6
 
Cyber Kill Chain 6
 
Attack Lifecycle 8
 
Methodology of Ethical Hacking 10
 
Reconnaissance and Footprinting 10
 
Scanning and Enumeration 11
 
Gaining Access 11
 
Maintaining Access 12
 
Covering Tracks 12
 
Summary 13
 
Chapter 2 Networking Foundations 15
 
Communications Models 17
 
Open Systems Interconnection 18
 
TCP/IP Architecture 21
 
Topologies 22
 
Bus Network 22
 
Star Network 23
 
Ring Network 24
 
Mesh Network 25
 
Hybrid 26
 
Physical Networking 27
 
Addressing 27
 
Switching 28
 
IP 29
 
Headers 29
 
Addressing 31
 
Subnets 33
 
TCP 34
 
UDP 38
 
Internet Control Message Protocol 39
 
Network Architectures 40
 
Network Types 40
 
Isolation 41
 
Remote Access 43
 
Cloud Computing 44
 
Storage as a Service 45
 
Infrastructure as a Service 46
 
Platform as a Service 48
 
Software as a Service 49
 
Internet of Things 51
 
Summary 52
 
Review Questions 54
 
Chapter 3 Security Foundations 57
 
The Triad 59
 
Confidentiality 59
 
Integrity 61
 
Availability 62
 
Parkerian Hexad 63
 
Risk 64
 
Policies, Standards, and Procedures 66
 
Security Policies 66
 
Security Standards 67
 
Procedures 68
 
Guidelines 68
 
Organizing Your Protections 69
 
Security Technology 72
 
Firewalls 72
 
Intrusion Detection Systems 77
 
Intrusion Prevention Systems 80
 
Endpoint Detection and Response 81
 
Security Information and Event Management 83
 
Being Prepared 84
 
Defense in Depth 84
 
Defense in Breadth 86
 
Defensible Network Architecture 87
 
Logging 88
 
Auditing 90
 
Summary 92
 
Review Questions 93
 
Chapter 4 Footprinting and Reconnaissance 97
 
Open Source Intelligence 99
 
Companies 99
 
People 108
 
Social Networking 111
 
Domain Name System 124
 
Name Lookups 125
 
Zone Transfers 130
 
Passive DNS 133
 
Passive Reconnaissance 136
 
Website Intelligence 139
 
Technology Intelligence 144
 
Google Hacking 144
 
Internet of Things (IoT) 146
 
Summary 148
 
Review Questions 150
 
Chapter 5 Scanning Networks 155
 
Ping Sweeps 157
 
Using fping 157
 
Using MegaPing 159
 
Port Scanning 161
 
Nmap 162
 
masscan 176
 
MegaPing 178
 
Metasploit 180
 
Vulnerability Scanning 183
 
OpenVAS 184
 
Nessus 196
 
Looking for Vulnerabilities with Metasploit 202
 
Packet Crafting and Manipulation 203
 
hping 204
 
packETH 207
 
fragroute 209
 
Evasion Techniques 211
 
Protecting and Detecting 214
 
Summary 215
 
Review Questions 217
 
Chapter 6 Enumeration 221
 
Service Enumeration 223
 
Remote Procedure Calls 226
 
SunRPC 226
 
Remote Method Invocation 228
 
Server Message Block 232
 
Built-in Utilities 233
 
nmap Scripts 237

As protecting information continues to be a growing concern for today's businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v11) certification. The CEH v11 Certified Ethical Hacker Study Guide offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instructions. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include common attack practices like reconnaissance and scanning. Also covered are topics like intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things (IoT) and more.
 
This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you've learned into the context of actual job roles.
* Gain a unique certification that allows you to function like an attacker, allowing you to identify vulnerabilities so they can be remediated
* Expand your career opportunities with an IT certificate that satisfies the Department of Defense's 8570 Directive for Information Assurance positions
* Fully updated for the 2020 CEH v11 exam, including the latest developments in IT security
* Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms
 
Thanks to its clear organization, all-inclusive coverage, and practical instruction, the CEH v11 Certified Ethical Hacker Study Guide is an excellent resource for anyone who needs to understand the hacking process or anyone who wants to demonstrate their skills as a Certified Ethical Hacker.