Beschreibung:
RIC MESSIER, CEH, GCIH, GSEC, CISSP, CCSP is a consultant, educator, and author of many books on information security and digital forensics. With decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor.
Introduction xix
Assessment Test xxvi
Chapter 1 Ethical Hacking 1
Overview of Ethics 2
Overview of Ethical Hacking 5
Methodologies 6
Cyber Kill Chain 6
Attack Lifecycle 8
Methodology of Ethical Hacking 10
Reconnaissance and Footprinting 10
Scanning and Enumeration 11
Gaining Access 11
Maintaining Access 12
Covering Tracks 12
Summary 13
Chapter 2 Networking Foundations 15
Communications Models 17
Open Systems Interconnection 18
TCP/IP Architecture 21
Topologies 22
Bus Network 22
Star Network 23
Ring Network 24
Mesh Network 25
Hybrid 26
Physical Networking 27
Addressing 27
Switching 28
IP 29
Headers 29
Addressing 31
Subnets 33
TCP 34
UDP 38
Internet Control Message Protocol 39
Network Architectures 40
Network Types 40
Isolation 41
Remote Access 43
Cloud Computing 44
Storage as a Service 45
Infrastructure as a Service 46
Platform as a Service 48
Software as a Service 49
Internet of Things 51
Summary 52
Review Questions 54
Chapter 3 Security Foundations 57
The Triad 59
Confidentiality 59
Integrity 61
Availability 62
Parkerian Hexad 63
Risk 64
Policies, Standards, and Procedures 66
Security Policies 66
Security Standards 67
Procedures 68
Guidelines 68
Organizing Your Protections 69
Security Technology 72
Firewalls 72
Intrusion Detection Systems 77
Intrusion Prevention Systems 80
Endpoint Detection and Response 81
Security Information and Event Management 83
Being Prepared 84
Defense in Depth 84
Defense in Breadth 86
Defensible Network Architecture 87
Logging 88
Auditing 90
Summary 92
Review Questions 93
Chapter 4 Footprinting and Reconnaissance 97
Open Source Intelligence 99
Companies 99
People 108
Social Networking 111
Domain Name System 124
Name Lookups 125
Zone Transfers 130
Passive DNS 133
Passive Reconnaissance 136
Website Intelligence 139
Technology Intelligence 144
Google Hacking 144
Internet of Things (IoT) 146
Summary 148
Review Questions 150
Chapter 5 Scanning Networks 155
Ping Sweeps 157
Using fping 157
Using MegaPing 159
Port Scanning 161
Nmap 162
masscan 176
MegaPing 178
Metasploit 180
Vulnerability Scanning 183
OpenVAS 184
Nessus 196
Looking for Vulnerabilities with Metasploit 202
Packet Crafting and Manipulation 203
hping 204
packETH 207
fragroute 209
Evasion Techniques 211
Protecting and Detecting 214
Summary 215
Review Questions 217
Chapter 6 Enumeration 221
Service Enumeration 223
Remote Procedure Calls 226
SunRPC 226
Remote Method Invocation 228
Server Message Block 232
Built-in Utilities 233
nmap Scripts 237
As protecting information continues to be a growing concern for today's businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v11) certification. The CEH v11 Certified Ethical Hacker Study Guide offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instructions. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include common attack practices like reconnaissance and scanning. Also covered are topics like intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things (IoT) and more.
This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you've learned into the context of actual job roles.
* Gain a unique certification that allows you to function like an attacker, allowing you to identify vulnerabilities so they can be remediated
* Expand your career opportunities with an IT certificate that satisfies the Department of Defense's 8570 Directive for Information Assurance positions
* Fully updated for the 2020 CEH v11 exam, including the latest developments in IT security
* Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms
Thanks to its clear organization, all-inclusive coverage, and practical instruction, the CEH v11 Certified Ethical Hacker Study Guide is an excellent resource for anyone who needs to understand the hacking process or anyone who wants to demonstrate their skills as a Certified Ethical Hacker.