Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ffirs.indd 2 22-07-2014 17:23:44
CEHv8Certified Ethical Hacker Version 8
Study Guide
ffirs.indd 1 22-07-2014 17:23:44
ffirs.indd 2 22-07-2014 17:23:44
CEHv8Certified Ethical Hacker Version 8
Study Guide
Sean-Philip Oriyano
ffirs.indd 3 22-07-2014 17:23:44
Senior Acquisitions Editor: Jeff KellumDevelopment Editor: Richard MateosianTechnical Editors: Albert Whale and Robert BurkeProduction Editor: Dassi ZeidelCopy Editors: Liz Welch and Tiffany TaylorEditorial Manager: Pete GaughanVice President and Executive Group Publisher: Richard SwadleyAssociate Publisher: Chris WebbMedia Project Manager I: Laura Moss-HollisterMedia Associate Producer: Marilyn HummelMedia Quality Assurance: Doug KuhnBook Designer: Judy FungProofreader: Sarah Kaikini, Word One New YorkIndexer: Ted LauxProject Coordinator, Cover: Patrick RedmondCover Designer: WileyCover Image: ©Getty Images Inc./Jeremy Woodhouse
Copyright © 2014 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-118-64767-7
ISBN: 978-1-118-76332-2 (ebk.)
ISBN: 978-1-118-98928-9 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warran-ties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent pro-fessional person should be sought. Neither the publisher nor the author shall be liable for damages arising here-from. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2014931949.
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1
ffirs.indd 4 22-07-2014 17:23:44
Dear Reader,
Thank you for choosing CEHv8: Certified Ethical Hacker Version 8 Study Guide. This book is part of a family of premium-quality Sybex books, all of which are written by out-standing authors who combine practical experience with a gift for teaching.
Sybex was founded in 1976. More than 30 years later, we’re still committed to producing consistently exceptional books. With each of our titles, we’re working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available.
I hope you see all that reflected in these pages. I’d be very interested to hear your comments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an e-mail at contactus@sybex .com. If you think you’ve found a technical error in this book, please visit http:sybex .custhelp.com. Customer feedback is critical to our efforts at Sybex.
Best regards,
Chris Webb Associate Publisher Sybex, an Imprint of Wiley
ffirs.indd 5 22-07-2014 17:23:44
ffirs.indd 6 22-07-2014 17:23:44
AcknowledgmentsFirst, I would like to send a big thanks out to my mom for all her support over the years as without her I would not be where I am today. Thank you, Mom, and I love you.Second, thanks to my support network back in Alpha Company and my classmates. All of you will eternally be my brothers and sisters, and it’s this man’s honor to serve with you.Next, thanks to my friend Jason McDowell. Your advice and input on some of the delicate topics of this book was a big help.Thanks to the copy editors, Liz Welch and Tiffany Taylor, and to the proofreader Sarah Kaikini at Word One, for all their hard work.Finally, thanks to Jeff Kellum for your support and assistance in the making of this book.UMAXISHQMWRVPGBENBZZROIOCMIORMBNYCOOGMZOAAVSLPZOCTQ-DOZHZROQOHWZKNPRLIDFLZARDOLRTD.
Duty, Service, Honor
ffirs.indd 7 22-07-2014 17:23:44
About the Author
Sean-Philip Oriyano is the owner of oriyano.com and a veteran of the IT field who has experience in the aerospace, defense, and cybersecurity industries. During his time in the industry, he has consulted and instructed on topics across the IT and cybersecurity fields for small clients up to the enterprise level. Over the course of his career, he has worked with the U.S. military and Canadian armed forces and has taught at locations such as the U.S. Air Force Academy and the U.S. Naval War College.In addition to his civilian career, Sean is a member of the California State Military Reserve, where he serves as a warrant officer specializing in networking and security. In this role, he works to support the U.S. Army and National Guard on technology issues and training.When not working, he enjoys flying, traveling, skydiving, competing in obstacle races, and cosplaying.
ffirs.indd 8 22-07-2014 17:23:44
Contents at a GlanceIntroduction xxi
Assessment Test xxx
Chapter 1 Getting Started with Ethical Hacking 1
Chapter 2 System Fundamentals 25
Chapter 3 Cryptography 55
Chapter 4 Footprinting and Reconnaissance 81
Chapter 5 Scanning Networks 103
Chapter 6 Enumeration of Services 127
Chapter 7 Gaining Access to a System 151
Chapter 8 Trojans, Viruses, Worms, and Covert Channels 179
Chapter 9 Sniffers 209
Chapter 10 Social Engineering 235
Chapter 11 Denial of Service 259
Chapter 12 Session Hijacking 283
Chapter 13 Web Servers and Web Applications 309
Chapter 14 SQL Injection 329
Chapter 15 Wireless Networking 349
Chapter 16 Evading IDSs, Firewalls, and Honeypots 373
Chapter 17 Physical Security 393
Appendix A Answers to Review Questions 415
Appendix B About the Additional Study Tools 437
Index 441
ffirs.indd 9 22-07-2014 17:23:44
ffirs.indd 10 22-07-2014 17:23:44
ContentsIntroduction xxi
Assessment Test xxx
Chapter 1 Getting Started with Ethical Hacking 1
Hacking: A Short History 2The Early Days of Hacking 2Current Developments 3Hacking: Fun or Criminal Activity? 4The Evolution and Growth of Hacking 6
What Is an Ethical Hacker? 7Ethical Hacking and Penetration Testing 10Hacking Methodologies 15Vulnerability Research and Tools 18Ethics and the Law 18
Summary 20Exam Essentials 20Review Questions 21
Chapter 2 System Fundamentals 25
Exploring Network Topologies 26Working with the Open Systems Interconnection Model 30Dissecting the TCP/IP Suite 33IP Subnetting 35Hexadecimal vs. Binary 35Exploring TCP/IP Ports 37
Domain Name System 39Understanding Network Devices 39
Routers and Switches 39Working with MAC Addresses 41
Proxies and Firewalls 42Intrusion Prevention and Intrusion Detection Systems 43Network Security 44Knowing Operating Systems 46
Windows 46Mac OS 47Linux 48
Backups and Archiving 49Summary 49Exam Essentials 50Review Questions 51
ftoc.indd 11 22-07-2014 16:58:40
xii Contents
Chapter 3 Cryptography 55
Cryptography: Early Applications and Examples 56History of Cryptography 57Tracing the Evolution 58
Cryptography in Action 59So How Does It Work? 60Symmetric Cryptography 61Asymmetric, or Public Key, Cryptography 62
Understanding Hashing 68Issues with Cryptography 69Applications of Cryptography 71
IPSec 71Pretty Good Privacy 73Secure Sockets Layer (SSL) 74
Summary 75Exam Essentials 75Review Questions 76
Chapter 4 Footprinting and Reconnaissance 81
Understanding the Steps of Ethical Hacking 82
Phase 1: Footprinting 82Phase 2: Scanning 83Phase 3: Enumeration 83Phase 4: System Hacking 83
What Is Footprinting? 84Why Perform Footprinting? 84Goals of the Footprinting Process 85
Terminology in Footprinting 87Open Source and Passive Information Gathering 87Active Information Gathering 87Pseudonymous Footprinting 88Internet Footprinting 88
Threats Introduced by Footprinting 88The Footprinting Process 88
Using Search Engines 89Location and Geography 91Social Networking and Information Gathering 91Financial Services and Information Gathering 92The Value of Job Sites 92Working with E-mail 93Competitive Analysis 94Google Hacking 95
ftoc.indd 12 22-07-2014 16:58:40
Contents xiii
Gaining Network Information 96Social Engineering: The Art of Hacking Humans 96
Summary 97Exam Essentials 97Review Questions 98
Chapter 5 Scanning Networks 103
What Is Network Scanning? 104Checking for Live Systems 106
Wardialing 106Wardriving 108Pinging 108Port Scanning 110
Checking for Open Ports 110Types of Scans 112
Full Open Scan 112Stealth Scan, or Half-open Scan 112Xmas Tree Scan 113FIN Scan 114NULL Scan 114ACK Scanning 115UDP Scanning 115
OS Fingerprinting 116Banner Grabbing 117Countermeasures 118Vulnerability Scanning 119Drawing Network Diagrams 119Using Proxies 120
Setting a Web Browser to Use a Proxy 121Summary 122Exam Essentials 122Review Questions 123
Chapter 6 Enumeration of Services 127
A Quick Review 128Footprinting 128Scanning 128
What Is Enumeration? 129Windows Basics 130
Users 130Groups 131Security Identifiers 132Services and Ports of Interest 132
ftoc.indd 13 22-07-2014 16:58:40
xiv Contents
Commonly Exploited Services 133NULL Sessions 135SuperScan 136The PsTools Suite 137
Enumeration with SNMP 137Management Information Base 138SNScan 139
Unix and Linux Enumeration 139finger 140rpcinfo 140showmount 140Enum4linux 141
LDAP and Directory Service Enumeration 141Enumeration Using NTP 142SMTP Enumeration 143
Using VRFY 143Using EXPN 144Using RCPT TO 144SMTP Relay 145Summary 145Exam Essentials 146Review Questions 147
Chapter 7 Gaining Access to a System 151
Up to This Point 152System Hacking 154Authentication on Microsoft Platforms 165Executing Applications 169Covering Your Tracks 170
Summary 172Exam Essentials 173Review Questions 174
Chapter 8 Trojans, Viruses, Worms, and Covert Channels 179
Malware 180Malware and the Law 182Categories of Malware 183Viruses 184Worms 190Spyware 192Adware 193Scareware 193Trojans 194
ftoc.indd 14 22-07-2014 16:58:40
Contents xv
Overt and Covert Channels 203Summary 205Exam Essentials 205Review Questions 206
Chapter 9 Sniffers 209
Understanding Sniffers 210Using a Sniffer 212
Sniffing Tools 213Wireshark 214TCPdump 218Reading Sniffer Output 221
Switched Network Sniffing 224MAC Flooding 224ARP Poisoning 225MAC Spoofing 226Port Mirror or SPAN Port 227On the Defensive 227Mitigating MAC Flooding 228Detecting Sniffing Attacks 230
Exam Essentials 230Summary 230Review Questions 231
Chapter 10 Social Engineering 235
What Is Social Engineering? 236Why Does Social Engineering Work? 237Why is Social Engineering Successful? 238Social-Engineering Phases 239What Is the Impact of Social Engineering? 239Common Targets of Social Engineering 240
What Is Social Networking? 241Mistakes in Social Media and Social Networking 243Countermeasures for Social Networking 245
Commonly Employed Threats 246Identity Theft 250
Protective Measures 250Know What Information Is Available 251
Summary 252Exam Essentials 252Review Questions 254
ftoc.indd 15 22-07-2014 16:58:40
xvi Contents
Chapter 11 Denial of Service 259
Understanding DoS 260DoS Targets 262Types of Attacks 262Buffer Overflow 267
Understanding DDoS 271DDoS Attacks 271
DoS Tools 273DDoS Tools 273DoS Defensive Strategies 276
Botnet-Specific Defenses 277DoS Pen Testing Considerations 277Summary 277Exam Essentials 278Review Questions 279
Chapter 12 Session Hijacking 283
Understanding Session Hijacking 284Spoofing vs. Hijacking 286Active and Passive Attacks 287Session Hijacking and Web Apps 288Types of Application-Level Session Hijacking 289A Few Key Concepts 292Network Session Hijacking 294
Exploring Defensive Strategies 302Summary 302Exam Essentials 303Review Questions 304
Chapter 13 Web Servers and Web Applications 309
Exploring the Client-Server Relationship 310The Client and the Server 311Closer Inspection of a Web Application 311Vulnerabilities of Web Servers and
Applications 313Common Flaws and Attack Methods 316
Summary 323Exam Essentials 323Review Questions 324
Chapter 14 SQL Injection 329
Introducing SQL Injection 330Results of SQL Injection 332The Anatomy of a Web Application 333
ftoc.indd 16 22-07-2014 16:58:40
Databases and Their Vulnerabilities 334Anatomy of a SQL Injection Attack 336Altering Data with a SQL
Injection Attack 339Injecting Blind 341Information Gathering 342Evading Detection Mechanisms 342SQL Injection Countermeasures 343
Summary 344Exam Essentials 344Review Questions 345
Chapter 15 Wireless Networking 349
What Is a Wireless Network? 350Wi-Fi: An Overview 350The Fine Print 351Wireless Vocabulary 353A Close Examination of Threats 360Ways to Locate Wireless Networks 364Choosing the Right Wireless Card 365Hacking Bluetooth 365
Summary 367Exam Essentials 368Review Questions 369
Chapter 16 Evading IDSs, Firewalls, and Honeypots 373
Honeypots, IDSs, and Firewalls 374The Role of Intrusion Detection Systems 374Firewalls 379What’s That Firewall Running? 382Honeypots 383Run Silent, Run Deep: Evasion
Techniques 383Evading Firewalls 385
Summary 388Exam Essentials 388Review Questions 389
Chapter 17 Physical Security 393
Introducing Physical Security 394Simple Controls 394Dealing with Mobile Device Issues 397
Contents xvii
ftoc.indd 17 22-07-2014 16:58:41
xviii Contents
Securing the Physical Area 401Defense in Depth 408
Summary 409Exam Essentials 409Review Questions 410
Appendix A Answers to Review Questions 415
Appendix B About the Additional Study Tools 437
Index 441
ftoc.indd 18 22-07-2014 16:58:41
Table of ExercisesExercise 2.1 Finding the maC address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Exercise 4.1 Finding the IP Address of a Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Exercise 4.2 Examining a Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Exercise 7.1 Extracting Hashes from a System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Exercise 7.2 Creating Rainbow Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Exercise 7.3 Working with Rainbow Crack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Exercise 7.4 PSPV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Exercise 8.1 Creating a Simple Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Exercise 8.2 Using Netstat to Detect Open Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Exercise 8.3 Using TCPView to Track Port Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Exercise 9.1 Sniffing with Wireshark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Exercise 9.2 Sniffing with TCPdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Exercise 9.3 Understanding Packet Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Exercise 11.1 Performing a SYN Flood . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Exercise 11.2 Seeing LOIC in Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Exercise 12.1 Performing an mITm Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Exercise 13.1 Performing a Password Crack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
ftoc.indd 19 22-07-2014 16:58:41
flast.indd 20 22-07-2014 11:36:25
IntroductionIf you’re preparing to take the CEH exam, you’ll undoubtedly want to find as much infor-mation as you can about computers, networks, applications, and physical security. The more information you have at your disposal and the more hands-on experience you gain, the better off you’ll be when taking the exam. This study guide was written with that goal in mind—to provide enough information to prepare you for the test, but not so much that you’ll be overloaded with information that is too far outside the scope of the exam. To make the information more understandable, I’ve included practical examples and experi-ence that supplements the theory.
This book presents the material at an advanced technical level. An understanding of net-work concepts and issues, computer hardware and operating systems, and applications will come in handy when you read this book. While every attempt has been made to present the concepts and exercises in an easy-to-understand format, you will need to have experience with IT and networking technology to get the best results.
I’ve included review questions at the end of each chapter to give you a taste of what it’s like to take the exam. If you’re already working in the security field, check out these ques-tions first to gauge your level of expertise. You can then use the book to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam itself.
If you can answer 85 percent to 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you’re unable to answer that many questions correctly, reread the chapter and try the questions again. Your score should improve.
Don’t just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions.
Before You Begin StudyingBefore you begin preparing for the exam, it’s imperative that you understand a few things about the CEH certification. CEH is a certification from the International Council of Elec-tronic Commerce Consultants (EC-Council) granted to those who obtain a passing score on a single exam (number 312-50). The exam is predominantly multiple choice, with some questions including diagrams and sketches that you must analyze to arrive at an answer. This exam requires intermediate to advanced-level experience; you’re expected to know a great deal about security from an implementation and theory perspective as well as a prac-tical perspective.
flast.indd 21 22-07-2014 11:36:25
In many books, the glossary is filler added to the back of the text; this book’s glossary (located on the companion website at www.sybex.com/go/cehv8) should be considered nec-essary reading. You’re likely to see a question on the exam about what a black or white box test is—not how to specifically implement it in a working environment. Spend your study time learning the various security solutions and identifying potential security vulnerabilities and where they are applicable. Also spend time thinking outside the box about how things work—the exam is also known to alter phrases and terminology—but keep the underlying concept as a way to test your thought process.
The EC-Council is known for presenting concepts in unexpected ways on their exam. The exam tests whether you can apply your knowledge rather than just commit informa-tion to memory and repeat it back. Use your analytical skills to visualize the situation and then determine how it works. The questions throughout this book make every attempt to re-create the structure and appearance of the CEH exam questions.
Why Become CEH Certified?There are a number of reasons for obtaining the CEH certification. These include the following:
Provides Proof of Professional Achievement Specialized certifications are the best way to stand out from the crowd. In this age of technology certifications, you’ll find hundreds of thousands of administrators who have successfully completed the Microsoft and Cisco cer-tification tracks. To set yourself apart from the crowd, you need a little bit more. The CEH exam is part of the EC-Council certification track, which includes the other security-centric certifications if you wish to attempt those.
Increases Your Marketability The CEH for several years has provided a valuable bench-mark of the skills of a pen tester to potential employers or clients. Once you hold the CEH certification, you’ll have the credentials to prove your competency. Moreover, certifications can’t be taken from you when you change jobs—you can take that certification with you to any position you accept.
Provides Opportunity for Advancement Individuals who prove themselves to be com-petent and dedicated are the ones who will most likely be promoted. Becoming certified is a great way to prove your skill level and show your employer that you’re committed to improving your skill set. Look around you at those who are certified: They are probably the people who receive good pay raises and promotions.
Fulfills Training Requirements Many companies have set training requirements for their staff so that they stay up to date on the latest technologies. Having a certification program in security provides administrators with another certification path to follow when they have exhausted some of the other industry-standard certifications.
Raises Customer Confidence Many companies, small businesses, and the governments of various countries have long discovered the advantages of being a CEH. Many organizations require that employees and contractors hold the credential in order to engage in certain work activities.
xxii Introduction
flast.indd 22 22-07-2014 11:36:26
Introduction xxiii
How to Become a CEH Certified ProfessionalThe first place to start on your way to certification is to register for the exam at any Pear-son VUE testing center. Exam pricing might vary by country or by EC-Council member-ship. You can contact Pearson VUE by going to their website (www.vue.com), or in the United States and Canada by calling toll-free 877-551-7587.
When you schedule the exam, you’ll receive instructions about appointment and cancel-lation procedures, ID requirements, and information about the testing center location. In addition, you will be required to provide a special EC-Council–furnished code in order to complete the registration process. Finally, you will also be required to fill out a form describing professional experience and background before a code will be issued for you to register.
Exam prices and codes may vary based on the country in which the exam is administered. For detailed pricing and exam registration procedures, refer to EC-Council’s website at www.eccouncil.org/certification.
After you’ve successfully passed your CEH exam, the EC-Council will award you with certification. Within four to six weeks of passing the exam, you’ll receive your official EC-Council CEH certificate.
Who Should Read This Book?If you want to acquire a solid amount of information in hacking and pen-testing techniques and your goal is to prepare for the exam by learning how to develop and improve security, this book is for you. You’ll find clear explanations of the concepts you need to grasp and plenty of help to achieve the high level of professional competency you need in order to suc-ceed in your chosen field.
If you want to become certified, this book is definitely what you need. However, if you just want to attempt to pass the exam without really understanding security, this study guide isn’t for you. You must be committed to learning the theory and concepts in this book to be successful.
In addition to reading this book, consider downloading and reading the white papers on security that are scattered throughout the Internet.
What Does This Book Cover?This book covers everything you need to know to pass the CEH exam. Here’s a breakdown chapter by chapter:
flast.indd 23 22-07-2014 11:36:26
xxiv Introduction
Chapter 1: Getting Started with Ethical Hacking This chapter covers the purpose of ethical hacking, defines the ethical hacker, and describes how to get started performing security audits.
Chapter 2: System Fundamentals This chapter presents a look at the various components that make up a system and how they are affected by security.
Chapter 3: Cryptography This chapter explores the art and science of cryptography; you’ll learn how cryptography works and how it supports security.
Chapter 4: Footprinting and Reconnaissance In this chapter, you’ll learn how to gain information from a target using both passive and active methods.
Chapter 5: Scanning Networks This chapter shows you how to gain information about the hosts and devices on a network as well as what the information means.
Chapter 6: Enumeration of Services In this chapter, you’ll learn how to probe the various services present on a given host and how to process the information to determine what it means and how to use it for later actions.
Chapter 7: Gaining Access to a System This chapter shows you how to use the informa-tion gained from footprinting, scanning, and earlier examinations in order to break into or gain access to a system.
Chapter 8: Trojans, Viruses, Worms, and Covert Channels This chapter covers the variet-ies of malware and how each can be created, used, or defended against.
Chapter 9: Sniffers This chapter discusses using packet sniffers to gather information that is flowing across the network. You’ll learn how to dissect this information for immediate or later use.
Chapter 10: Social Engineering This chapter covers how to manipulate the human being in order to gain sensitive information.
Chapter 11: Denial of Service This chapter includes an analysis of attacks that are designed to temporarily or permanently shut down a target.
Chapter 12: Session Hijacking This chapter covers how to disrupt communications as well as take over legitimate sessions between two parties.
Chapter 13: Web Servers and Web Applications This chapter explains how to break into and examine web servers and applications as well as the various methods of attack.
Chapter 14: SQL Injection In this chapter, you’ll learn how to attack databases and data stores using SQL injection to alter, intercept, view, or destroy information.
Chapter 15: Wireless Networking In this chapter, you’ll learn how to target, analyze, dis-rupt, and shut down wireless networks either temporarily or permanently.
Chapter 16: Evading IDSs, Firewalls, and Honeypots This chapter covers how to deal with the common protective measures that a system administrator may put into place; these measures include intrusion detection system (IDSs), firewalls, and honeypots.
Chapter 17: Physical Security The final chapter deals with the process of physical security and how to protect assets from being stolen, lost, or otherwise compromised.
flast.indd 24 22-07-2014 11:36:26
Introduction xxv
Tips for Taking the CEH ExamHere are some general tips for taking your exam successfully:
■ Bring two forms of ID with you. One must be a photo ID, such as a driver’s license. The other can be a major credit card or a passport. Both forms must include a signature.
■ Arrive early at the exam center so that you can relax and review your study materials, particularly tables and lists of exam-related information. After you are ready to enter the testing room, you will need to leave everything outside; you won’t be able to bring any materials into the testing area.
■ Read the questions carefully. Don’t be tempted to jump to an early conclusion. Make sure that you know exactly what each question is asking.
■ Don’t leave any unanswered questions. Unanswered questions are scored against you.
■ There will be questions with multiple correct responses. When there is more than one correct answer, a message at the bottom of the screen will prompt you either to “Choose two” or “Choose all that apply.” Be sure to read the messages displayed to know how many correct answers you must choose.
■ When answering multiple-choice questions about which you’re unsure, use a process of elimination to get rid of the obviously incorrect answers first. Doing so will improve your odds if you need to make an educated guess.
■ On form-based tests (nonadaptive), because the hard questions will take the most time, save them for last. You can move forward and backward through the exam.
■ For the latest pricing on the exams and updates to the registration procedures, visit the EC-Council’s website at www.eccouncil.org/certification.
What’s Included in the Book I’ve included several testing features in this book and on the companion website at www .sybex.com/go/cehv8. These tools will help you retain vital exam content as well as pre-pare you to sit for the actual exam:
Assessment Test At the end of this introduction is an assessment test that you can use to check your readiness for the exam. Take this test before you start reading the book; it will help you determine the areas in which you might need to brush up. The answers to the assess-ment test questions appear on a separate page after the last question of the test. Each answer includes an explanation and a note telling you the chapter in which the material appears.
Objective Map and Opening List of Objectives In the book’s front matter, I have included a detailed exam objective map showing you where each of the exam objectives is covered in this book. In addition, each chapter opens with a list of the exam objectives it covers. Use these to see exactly where each of the exam topics is covered.
Exam Essentials Each chapter, just before the summary, includes a number of exam essen-tials. These are the key topics you should take from the chapter in terms of areas to focus on when preparing for the exam.
flast.indd 25 22-07-2014 11:36:26
xxvi Introduction
Chapter Review Questions To test your knowledge as you progress through the book, there are review questions at the end of each chapter. As you finish each chapter, answer the review questions and then check your answers. The correct answers and explanations are in Appendix A. You can go back to reread the section that deals with each question you got wrong to ensure that you answer correctly the next time you’re tested on the material.
Additional Study ToolsI’ve included a number of additional study tools that can be found on the book’s compan-ion website at www.sybex.com/go/cehv8. All of the following should be loaded on your computer when you’re ready to start studying for the test:
Sybex Test Engine On the book’s companion website, you’ll get access to the Sybex Test Engine. In addition to taking the assessment test and the chapter review questions via the electronic test engine, you’ll find practice exams. Take these practice exams just as if you were taking the actual exam (without any reference material). When you’ve finished the first exam, move on to the next one to solidify your test-taking skills. If you get more than 90 percent of the answers correct, you’re ready to take the certification exam.
Electronic Flashcards You’ll find flashcard questions on the website for on-the-go review. These are short questions and answers. Use them for quick and convenient reviewing. There are 100 flashcards on the website.
PDF of Glossary of Terms The glossary of terms is on the companion website in PDF format.
How to Use This Book and Additional Study ToolsIf you want a solid foundation for preparing for the CEH exam, this is the book for you. I’ve spent countless hours putting together this book with the sole intention of helping you prepare for the exam.
This book is loaded with valuable information, and you will get the most out of your study time if you understand how I put the book together. Here’s a list that describes how to approach studying:
1. Take the assessment test immediately following this introduction. It’s okay if you don’t know any of the answers—that’s what this book is for. Carefully read over the expla-nations for any question you get wrong, and make a note of the chapters where that material is covered.
2. Study each chapter carefully, making sure that you fully understand the information and the exam objectives listed at the beginning of each one. Again, pay extra-close attention to any chapter that includes material covered in the questions that you missed on the assessment test.
3. Read over the summary and exam essentials. These highlight the sections from the chapter with which you need to be familiar before sitting for the exam.
flast.indd 26 22-07-2014 11:36:26
Introduction xxvii
4. Answer all of the review questions at the end of each chapter. Specifically note any questions that confuse you, and study those sections of the book again. Don’t just skim these questions—make sure you understand each answer completely.
5. Go over the electronic flashcards. These help you prepare for the latest CEH exam, and they’re great study tools.
6. Take the practice exams.
Exam 312-50 Exam ObjectivesThe EC-Council goes to great lengths to ensure that its certification programs accurately reflect the security industry’s best practices. They do this by continually updating their questions with help from subject matter experts (SMEs). These individuals use their indus-try experience and knowledge together with the EC-Council’s guidance to create questions that challenge a candidate’s knowledge and thought processes.
Finally, the EC-Council conducts a survey to ensure that the objectives and weightings truly reflect job requirements. Only then can the SMEs go to work writing the hundreds of questions needed for the exam. Even so, they have to go back to the drawing board for further refinements in many cases before the exam is ready to go live in its final state. Rest assured that the content you’re about to learn will serve you long after you take the exam.
Exam objectives are subject to change at any time without prior notice and at the EC-Council’s sole discretion. Visit the certification page of the EC-Council’s website at www.eccouncil.org for the most current listing of exam objectives.
The EC-Council also publishes relative weightings for each of the exam’s objectives. The following table lists the five CEH objective domains and the extent to which they are repre-sented on the exam. As you use this study guide, you’ll find that we have administered just the right dosage of objective knowledge by tailoring coverage to mirror the percentages that the EC-Council uses.
Domain % of exam
Analysis/Assessment 16%
Security 26%
Tools/Systems/Programs 32%
Procedures/Methodology 20%
Regulation/Policy 4%
flast.indd 27 22-07-2014 11:36:26
xxviii Introduction
Objectives
Objective Chapter
Background
Networking technologies (e.g., hardware, infrastructure) 2
Web technologies (e.g., Web 2.0, Skype) 13
Systems technologies 2
Communication protocols 2, 9
Malware operations 11
Mobile technologies (e.g., smartphones) 10
Telecommunication technologies 2
Backups and archiving (e.g., local, network) 2
Analysis/Assessment
Data analysis 9, 14
Systems analysis 4, 5, 6
Risk assessments 1
Technical assessment methods 1
Security
Systems security controls 2
Application/fileserver 2
Firewalls 2
Cryptography 3
Network security 2
Physical security 17
Threat modeling 17
Verification procedures (e.g., false positive/negative validation) 16
Social engineering (human factors manipulation) 10
Vulnerability scanners 5
Security policy implications 1, 17
Privacy/confidentiality (with regard to engagement) 1
Biometrics 4
Wireless access technology (e.g., networking, RFID, Bluetooth) 9, 15
Trusted networks 2
Vulnerabilities 2, 5, 7, 12, 13, 14
Tools/Systems/Programs
Network/host-based intrusion 16
flast.indd 28 22-07-2014 11:36:26
Related Documents
