You are previewing CEH® Certified Ethical Hacker Study Guide.
O'Reilly logo
CEH® Certified Ethical Hacker Study Guide

Book Description

Prepare for the new version of CEH certification with this advanced guide

Once you learn the thought processes of unethical hackers, you can figure out how to secure your computer systems to defend against them. That's the philosophy behind ethical hacking, and it's a growing field. Prepare for certification in this important area with this advanced study guide that covers all exam objectives for the challenging CEH Certified Ethical Hackers exam. The book provides full coverage of exam topics, real-world examples, and a CD with additional materials for extra review and practice.

  • Covers ethics and legal issues, footprinting, scanning, enumeration, system hacking, trojans and backdoors, sniffers, denial of service, social engineering, session hijacking, hacking Web servers, Web application vulnerabilities, and more

  • Walks you through exam topics and includes plenty of real-world scenarios to help reinforce concepts

  • Includes a CD with review questions, bonus exams, and more study tools

This is the ideal guide to prepare you for the new CEH certification exam.

Table of Contents

  1. Copyright
  2. Dear Reader,
  3. Acknowledgments
  4. About the Author
  5. Introduction
    1. What Is CEH Certification?
    2. Who Should Buy This Book?
    3. How to Use This Book and the CD
    4. Tips for Taking the CEH Exam
    5. The CEH Exam Objectives
    6. Hardware and Software Requirements
    7. How to Contact the Publisher
  6. Assessment Test
    1. Answers to Assessment Test
  7. 1. Introduction to Ethical Hacking, Ethics, and Legality
    1. 1.1. Defining Ethical Hacking
      1. 1.1.1. Understanding the Purpose of Ethical Hacking
        1. 1.1.1.1. White Hats
        2. 1.1.1.2. Black Hats
        3. 1.1.1.3. Gray Hats
        4. 1.1.1.4. What Do Ethical Hackers Do?
        5. 1.1.1.5. Goals Attackers Try to Achieve
      2. 1.1.2. An Ethical Hacker's Skill Set
      3. 1.1.3. Ethical Hacking Terminology
      4. 1.1.4. The Phases of Ethical Hacking
        1. 1.1.4.1. Phase 1: Passive and Active Reconnaissance
        2. 1.1.4.2. Phase 2: Scanning
        3. 1.1.4.3. Phase 3: Gaining Access
        4. 1.1.4.4. Phase 4: Maintaining Access
        5. 1.1.4.5. Phase 5: Covering Tracks
      5. 1.1.5. Identifying Types of Hacking Technologies
      6. 1.1.6. Identifying Types of Ethical Hacks
      7. 1.1.7. Understanding Testing Types
        1. 1.1.7.1. Security, Functionality, and Ease of Use Triangle
        2. 1.1.7.2. Vulnerability Research and Tools
        3. 1.1.7.3. Ethical Hacking Report
    2. 1.2. How to Be Ethical
      1. 1.2.1. Performing a Penetration Test
    3. 1.3. Keeping It Legal
      1. 1.3.1. Cyber Security Enhancement Act and SPY ACT
      2. 1.3.2. 18 USC §1029 and 1030
      3. 1.3.3. U.S. State Laws
      4. 1.3.4. Federal Managers Financial Integrity Act
      5. 1.3.5. Freedom of Information Act (FOIA)
      6. 1.3.6. Federal Information Security Management Act (FISMA)
      7. 1.3.7. Privacy Act of 1974
      8. 1.3.8. USA PATRIOT Act
      9. 1.3.9. Government Paperwork Elimination Act (GPEA)
      10. 1.3.10. Cyber Laws in Other Countries
    4. 1.4. Summary
    5. 1.5. Exam Essentials
    6. 1.6. Review Questions
    7. 1.7. Answers to Review Questions
  8. 2. Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering
    1. 2.1. Reconnaissance
      1. 2.1.1. Understanding Competitive Intelligence
    2. 2.2. Information-Gathering Methodology
      1. 2.2.1. Footprinting
        1. 2.2.1.1. Footprinting Tools
        2. 2.2.1.2. Footprinting a Target
      2. 2.2.2. Using Google to Gather Information
      3. 2.2.3. Understanding DNS Enumeration
        1. 2.2.3.1. NSlookup and DNSstuff
      4. 2.2.4. Understanding Whois and ARIN Lookups
        1. 2.2.4.1. Analyzing Whois Output
        2. 2.2.4.2. Finding the Address Range of the Network
      5. 2.2.5. Identifying Types of DNS Records
      6. 2.2.6. Using Traceroute in Footprinting
      7. 2.2.7. Understanding Email Tracking
      8. 2.2.8. Understanding Web Spiders
    3. 2.3. Social Engineering
      1. 2.3.1. The Art of Manipulation
      2. 2.3.2. Types of Social Engineering-Attacks
        1. 2.3.2.1. Human-Based Social Engineering
        2. 2.3.2.2. Computer-Based Social Engineering
        3. 2.3.2.3. Insider Attacks
        4. 2.3.2.4. Identity Theft
        5. 2.3.2.5. Phishing Attacks
        6. 2.3.2.6. Online Scams
        7. 2.3.2.7. URL Obfuscation
      3. 2.3.3. Social-Engineering Countermeasures
    4. 2.4. Summary
    5. 2.5. Exam Essentials
    6. 2.6. Review Questions
    7. 2.7. Answers to Review Questions
  9. 3. Gathering Network and Host Information: Scanning and Enumeration
    1. 3.1. Scanning
      1. 3.1.1. The CEH Scanning Methodology
      2. 3.1.2. Ping Sweep Techniques
        1. 3.1.2.1. Detecting Ping Sweeps
        2. 3.1.2.2. Scanning Ports and Identifying Services
        3. 3.1.2.3. Port-Scan Countermeasures
      3. 3.1.3. nmap Command Switches
      4. 3.1.4. Scan Types
      5. 3.1.5. TCP Communication Flag Types
      6. 3.1.6. War-Dialing Techniques
      7. 3.1.7. Banner Grabbing and OS Fingerprinting Techniques
      8. 3.1.8. Scanning Anonymously
    2. 3.2. Enumeration
      1. 3.2.1. Null Sessions
        1. 3.2.1.1. NetBIOS Enumeration and Null Session Countermeasures
      2. 3.2.2. SNMP Enumeration
        1. 3.2.2.1. SNMP Enumeration Countermeasures
      3. 3.2.3. Windows 2000 DNS Zone Transfer
    3. 3.3. Summary
    4. 3.4. Exam Essentials
    5. 3.5. Review Questions
    6. 3.6. Answers to Review Questions
  10. 4. System Hacking: Password Cracking, Escalating Privileges, and Hiding Files
    1. 4.1. The Simplest Way to Get a Password
    2. 4.2. Types of Passwords
      1. 4.2.1. Passive Online Attacks
      2. 4.2.2. Active Online Attacks
        1. 4.2.2.1. Performing Automated Password Guessing
        2. 4.2.2.2. Defending Against Password Guessing
      3. 4.2.3. Offline Attacks
      4. 4.2.4. Nonelectronic Attacks
    3. 4.3. Cracking a Password
      1. 4.3.1. Understanding the LAN Manager Hash
      2. 4.3.2. Cracking Windows 2000 Passwords
      3. 4.3.3. Redirecting the SMB Logon to the Attacker
      4. 4.3.4. SMB Relay MITM Attacks and Countermeasures
      5. 4.3.5. NetBIOS DoS Attacks
      6. 4.3.6. Password-Cracking Countermeasures
        1. 4.3.6.1. Password Change Interval
        2. 4.3.6.2. Monitoring Event Viewer Logs
    4. 4.4. Understanding Keyloggers and Other Spyware Technologies
    5. 4.5. Escalating Privileges
      1. 4.5.1. Executing Applications
      2. 4.5.2. Buffer Overflows
    6. 4.6. Understanding Rootkits
      1. 4.6.1. Planting Rootkits on Windows 2000 and XP Machines
      2. 4.6.2. Rootkit Embedded TCP/IP Stack
      3. 4.6.3. Rootkit Countermeasures
    7. 4.7. Hiding Files
      1. 4.7.1. NTFS File Streaming
      2. 4.7.2. NTFS Stream Countermeasures
    8. 4.8. Understanding Steganography Technologies
    9. 4.9. Covering Your Tracks and Erasing Evidence
    10. 4.10. Summary
    11. 4.11. Exam Essentials
    12. 4.12. Review Questions
    13. 4.13. Answers to Review Questions
  11. 5. Trojans, Backdoors, Viruses, and Worms
    1. 5.1. Trojans and Backdoors
      1. 5.1.1. Overt and Covert Channels
      2. 5.1.2. Types of Trojans
      3. 5.1.3. How Reverse-Connecting Trojans Work
      4. 5.1.4. How the Netcat Trojan Works
      5. 5.1.5. Trojan Construction Kit and Trojan Makers
      6. 5.1.6. Trojan Countermeasures
      7. 5.1.7. Checking a System with System File Verification
    2. 5.2. Viruses and Worms
      1. 5.2.1. Types of Viruses
      2. 5.2.2. Virus Detection Methods
    3. 5.3. Summary
    4. 5.4. Exam Essentials
    5. 5.5. Review Questions
    6. 5.6. Answers to Review Questions
  12. 6. Gathering Data from Networks: Sniffers
    1. 6.1. Understanding Host-to-Host Communication
    2. 6.2. How a Sniffer Works
    3. 6.3. Sniffing Countermeasures
    4. 6.4. Bypassing the Limitations of Switches
      1. 6.4.1. How ARP Works
      2. 6.4.2. ARP Spoofing and Poisoning Countermeasures
    5. 6.5. Wireshark Filters
    6. 6.6. Understanding MAC Flooding and DNS Spoofing
    7. 6.7. Summary
    8. 6.8. Exam Essentials
    9. 6.9. Review Questions
    10. 6.10. Answers to Review Questions
  13. 7. Denial of Service and Session Hijacking
    1. 7.1. Denial of Service
      1. 7.1.1. How DDoS Attacks Work
      2. 7.1.2. How BOTs/BOTNETs Work
      3. 7.1.3. Smurf and SYN Flood Attacks
      4. 7.1.4. DoS/DDoS Countermeasures
    2. 7.2. Session Hijacking
      1. 7.2.1. Sequence Prediction
      2. 7.2.2. Dangers Posed by Session Hijacking
      3. 7.2.3. Preventing Session Hijacking
    3. 7.3. Summary
    4. 7.4. Exam Essentials
    5. 7.5. Review Questions
    6. 7.6. Answers to Review Questions
  14. 8. Web Hacking: Google, Web Servers, Web Application Vulnerabilities, and Web-Based Password Cracking Techniques
    1. 8.1. How Web Servers Work
    2. 8.2. Types of Web Server Vulnerabilities
      1. 8.2.1. Attacking a Web Server
        1. 8.2.1.1. Hacking Internet Information Server
      2. 8.2.2. Patch-Management Techniques
      3. 8.2.3. Web Server Hardening Methods
    3. 8.3. Web Application Vulnerabilities
      1. 8.3.1. Web Application Threats and Countermeasures
      2. 8.3.2. Google Hacking
    4. 8.4. Web-Based Password-Cracking Techniques
      1. 8.4.1. Authentication Types
      2. 8.4.2. Password Attacks and Password Cracking
    5. 8.5. Summary
    6. 8.6. Exam Essentials
    7. 8.7. Review Questions
    8. 8.8. Answers to Review Questions
  15. 9. Attacking Applications: SQL Injection and Buffer Overflows
    1. 9.1. SQL Injection
      1. 9.1.1. Finding a SQL Injection Vulnerability
      2. 9.1.2. The Purpose of SQL Injection
      3. 9.1.3. SQL Injection Using Dynamic Strings
      4. 9.1.4. SQL Injection Countermeasures
    2. 9.2. Buffer Overflows
      1. 9.2.1. Types of Buffer Overflows and Methods of Detection
      2. 9.2.2. Buffer Overflow Countermeasures
    3. 9.3. Summary
    4. 9.4. Exam Essentials
    5. 9.5. Review Questions
    6. 9.6. Answers to Review Questions
  16. 10. Wireless Network Hacking
    1. 10.1. Wi-Fi and Ethernet
    2. 10.2. Authentication and Cracking Techniques
    3. 10.3. Using Wireless Sniffers to Locate SSIDs
    4. 10.4. MAC Filters and MAC Spoofing
    5. 10.5. Rogue Access Points
      1. 10.5.1. Evil Twin or AP Masquerading
    6. 10.6. Wireless Hacking Techniques
    7. 10.7. Securing Wireless Networks
      1. 10.7.1.
        1. 10.7.1.1. Securing Home Wireless Networks
    8. 10.8. Summary
    9. 10.9. Exam Essentials
    10. 10.10. Review Questions
    11. 10.11. Answers to Review Questions
  17. 11. Physical Site Security
    1. 11.1. Components of Physical Security
    2. 11.2. Understanding Physical Security
    3. 11.3. Physical Site Security Countermeasures
    4. 11.4. What to Do After a Security Breach Occurs
    5. 11.5. Summary
    6. 11.6. Exam Essentials
    7. 11.7. Review Questions
    8. 11.8. Answers to Review Questions
  18. 12. Hacking Linux Systems
    1. 12.1. Linux Basics
    2. 12.2. Compiling a Linux Kernel
    3. 12.3. GCC Compilation Commands
    4. 12.4. Installing Linux Kernel Modules
    5. 12.5. Linux Hardening Methods
    6. 12.6. Summary
    7. 12.7. Exam Essentials
    8. 12.8. Review Questions
    9. 12.9. Answers to Review Questions
  19. 13. Bypassing Network Security: Evading IDSs, Honeypots, and Firewalls
    1. 13.1. Types of IDSs and Evasion Techniques
      1. 13.1.1.
        1. 13.1.1.1. Understanding Snort Rules and Output
        2. 13.1.1.2. Configuring Snort
        3. 13.1.1.3. Snort Rules
        4. 13.1.1.4. Snort Output
    2. 13.2. Firewall Types and Honeypot Evasion Techniques
    3. 13.3. Summary
    4. 13.4. Exam Essentials
    5. 13.5. Review Questions
    6. 13.6. Answers to Review Questions
  20. 14. Cryptography
    1. 14.1. Cryptography and Encryption Techniques
      1. 14.1.1. Types of Encryption
      2. 14.1.2. Stream Ciphers vs. Block Ciphers
    2. 14.2. Generating Public and Private Keys
      1. 14.2.1. Other Uses for Encryption
    3. 14.3. Cryptography Algorithms
      1. 14.3.1. Cryptography Attacks
    4. 14.4. Summary
    5. 14.5. Exam Essentials
    6. 14.6. Review Questions
    7. 14.7. Answers to Review Questions
  21. 15. Performing a Penetration Test
    1. 15.1. Defining Security Assessments
    2. 15.2. Penetration Testing
      1. 15.2.1. Penetration Testing Steps
      2. 15.2.2. The Pen Test Legal Framework
      3. 15.2.3. Automated Penetration Testing Tools
    3. 15.3. Pen Test Deliverables
    4. 15.4. Summary
    5. 15.5. Exam Essentials
    6. 15.6. Review Questions
    7. 15.7. Answers to Review Questions
  22. A. About the Companion CD
    1. A.1. What You'll Find on the CD
      1. A.1.1. Sybex Test Engine
      2. A.1.2. PDF of Glossary of Terms
      3. A.1.3. Adobe Reader
      4. A.1.4. Electronic Flashcards
    2. A.2. System Requirements
    3. A.3. Using the CD
    4. A.4. Troubleshooting
      1. A.4.1. Customer Care
  23. Glossary