Sean-Philip Oriyano
Ethical Hacking Study Guide
Development Editor: Kim Wimpsett
Technical Editors: Raymond Blockmon, Jason McDowell, Tom Updegrove
Production Editor: Rebecca Anderson
Copy Editor: Linda Recktenwald
Editorial Manager: Mary Beth Wakefield
Production Manager: Kathleen Wisor
Executive Editor: Jim Minatel
Media Supervising Producer: Rich Graves
Book Designers: Judy Fung and Bill Gibson
Proofreader: Nancy Carrasco
Indexer: J & J Indexing
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: ©Getty Images Inc./Jeremy Woodhouse
Purchase Now !
Just with Paypal
Just with Paypal
Book Details
Price
|
5.00 USD |
|---|---|
Pages
| 662 p |
File Size
|
9,774 KB |
File Type
|
PDF format |
ISBN
| 978-1-119-25224-5 978-1-119-25227-6 (ebk.) 978-1-119-25225-2 (ebk.) |
Copyright
| 2016 by John Wiley & Sons, Inc |
Sean Oriyano (www.oriyano.com) is a seasoned security professional and entrepreneur.
Over the past 25 years he has split his time among writing, researching, consulting, and
training various people and organizations on a wide range of topics relating to both IT and
security. As an instructor and consultant, Sean has traveled all over the world, sharing his
knowledge as well as gaining exposure to many different environments and cultures
along the way. His broad knowledge and easy-to-understand manner, along with a healthy
dose of humor, have led to Sean being a regularly requested instructor.
Outside of training and consulting, Sean is also a best-selling author with many years of
experience in both digital and print media. Sean has published books for McGraw-Hill,
Wiley, Sybex, O’Reilly Media, and Jones & Bartlett. Over the last decade Sean has
expanded his reach even further by appearing in shows on both TV and radio. To date,
Sean has appeared in over a dozen TV programs and radio shows discussing various
cybersecurity topics and technologies.
When in front of the camera, Sean has been noted for his casual demeanor and praised for his ability to explain complex topics in an easy-tounderstand manner.
Outside his own business activities, Sean is a member of the military as a chief warrant
officer specializing in infrastructure and security as well as the development of
new troops. In addition, as a CWO he is recognized as a subject matter expert in his field
and is frequently called upon to provide expertise, training, and mentoring wherever needed.
When not working, Sean is an avid obstacle course racer, having completed numerous
races, including a world championship race and a Spartan Trifecta.
He also enjoys traveling, bodybuilding, training, and developing his mixed martial arts skills plus taking survival courses.
Sean holds many certifications and qualifications that demonstrate his knowledge and
experience in the IT field, such as the CISSP, CNDA, and Security+.
Acknowledgments
Writing acknowledgements is probably the toughest part of writing a book in my opinion
as I always feel that I have forgotten someone who had to deal with my hijinks over the
past few months. Anyway, here goes.
First of all, I want to thank my Mom and Dad for all of your support over the years as well
as being your favorite son. That’s right, I said it.
I would also like to take a moment to thank all the men and women I have served with
over the years. It is an honor for this Chief Warrant Officer to serve with each of you. I
would also like to extend a special thanks to my own unit for all the work you do, you are
each a credit to the uniform. Finally, thanks to my Commander for your mentorship,
support, and faith in my abilities.
To my friends I want to say thanks for tearing me away from my computer now and then
when you knew I needed to let my brain cool off a bit. Mark, Jason, Jennifer, Fred, Misty,
Arnold, Shelly, and especially Lisa, you all helped me put my focus elsewhere for a while
before I went crazy(er).
I would also like to thank Shigeru Miyamoto for bringing the Legend of Zelda into reality.
Finally, on a more serious note, I would like to dedicate this book to Medal of Honor
recipient (and personal hero) Sgt. Maj. (USA) Jon R. Cavaiani who passed away some
time before this book was written. Thank you for giving me the honor to shake your hand.
—Sean-Philip Oriyano
Duty, Service, Honor
Introduction
Exam 312-50 Exam Objectives
Assessment Test
Answers to Assessment Test
Chapter 1: Introduction to Ethical Hacking
Hacking: the Evolution
So, What Is an Ethical Hacker?
Summary
Exam Essentials
Review Questions
Chapter 2: System Fundamentals
Exploring Network Topologies
Working with the Open Systems Interconnection Model
Dissecting the TCP/IP Suite
IP Subnetting
Hexadecimal vs. Binary
Exploring TCP/IP Ports
Understanding Network Devices
Working with MAC Addresses
Intrusion Prevention and Intrusion Detection Systems
Network Security
Knowing Operating Systems
Backups and Archiving
Summary
Exam Essentials
Review Questions
Chapter 3: Cryptography
Cryptography: Early Applications and Examples
Cryptography in Action
Understanding Hashing
Issues with Cryptography
Applications of Cryptography
Summary
Exam Essentials
Review Questions
Chapter 4: Footprinting
Understanding the Steps of Ethical Hacking
What Is Footprinting?
Terminology in Footprinting
Threats Introduced by Footprinting
The Footprinting Process
Summary
Exam Essentials
Review Questions
Chapter 5: Scanning
What Is Scanning?
Checking for Live Systems
Checking the Status of Ports
The Family Tree of Scans
OS Fingerprinting
Countermeasures
Vulnerability Scanning
Mapping the Network
Using Proxies
Summary
Exam Essentials
Review Questions
Chapter 6: Enumeration
A Quick Review
What Is Enumeration?
About Windows Enumeration
Linux Basic
Enumeration with SNMP
Unix and Linux Enumeration
LDAP and Directory Service Enumeration
Enumeration Using NTP
SMTP Enumeration
Summary
Exam Essentials
Review Questions
Chapter 7: System Hacking
Up to This Point
System Hacking
Summary
Exam Essentials
Review Questions
Chapter 8: Malware
Malware
Overt and Covert Channels
Summary
Exam Essentials
Review Questions
Chapter 9: Sniffers
Understanding Sniffers
Using a Sniffer
Switched Network Sniffing
Summary
Exam Essentials
Review Questions
Chapter 10: Social Engineering
What Is Social Engineering?
Social Networking to Gather Information?
Commonly Employed Threats
Identity Theft
Summary
Exam Essentials
Review Questions
Chapter 11: Denial of Service
Understanding DoS
Understanding DDoS
DoS Tools
DDoS Tools
DoS Defensive Strategies
DoS Pen-Testing Considerations
Summary
Exam Essentials
Review Questions
Chapter 12: Session Hijacking
Understanding Session Hijacking
Exploring Defensive Strategies
Summary
Exam Essentials
Review Questions
Chapter 13: Web Servers and Applications
Exploring the Client-Server Relationship
Summary
Exam Essentials
Review Questions
Chapter 14: SQL Injection
Introducing SQL Injection
Summary
Exam Essentials
Review Questions
Chapter 15: Hacking Wi-Fi and Bluetooth
What Is a Wireless Network?
Summary
Exam Essentials
Review Questions
Chapter 16: Mobile Device Security
Mobile OS Models and Architectures
Goals of Mobile Security
Device Security Models
Countermeasures
Summary
Exam Essentials
Review Questions
Chapter 17: Evasion
Honeypots, IDSs, and Firewalls
Summary
Exam Essentials
Review Questions
Chapter 18: Cloud Technologies and Security
What Is the Cloud?
Summary
Exam Essentials
Review Questions
Chapter 19: Physical Security
Introducing Physical Security
Summary
Exam Essentials
Review Questions
Appendix A: Answers to Review Questions
Chapter 1: Introduction to Ethical Hacking
Chapter 2: System Fundamentals
Chapter 3: Cryptography
Chapter 4: Footprinting
Chapter 5: Scanning
Chapter 6: Enumeration
Chapter 7: System Hacking
Chapter 8: Malware
Chapter 9: Sniffers
Chapter 10: Social Engineering
Chapter 11: Denial of Service
Chapter 12: Session Hijacking
Chapter 13: Web Servers and Applications
Chapter 14: SQL Injection
Chapter 15: Hacking Wi-Fi and Bluetooth
Chapter 16: Mobile Device Security
Chapter 17: Evasion
Chapter 18: Cloud Technologies and Security
Chapter 19: Physical Security
Appendix B: Penetration Testing Frameworks
Overview of Alternative Methods
Penetration Testing Execution Standard
Summary
Appendix C: Building a Lab
Why Build a Lab?
Creating a Test Setup
The Installation Process
Summary
Advert
EULA
Bookscreen
Introduction
If you’re preparing to take the CEH exam, you’ll undoubtedly want to find as much
information as you can about computers, networks, applications, and physical security.
The more information you have at your disposal and the more hands-on experience you
gain, the better off you’ll be when taking the exam. This study guide was written with that
goal in mind—to provide enough information to prepare you for the test, but not so much
that you’ll be overloaded with information that is too far outside the scope of the exam.
To make the information more understandable, I’ve included practical examples and
experience that supplement the theory.
This book presents the material at an advanced technical level. An understanding of
network concepts and issues, computer hardware and operating systems, and applications
will come in handy when you read this book. While every attempt has been made to
present the concepts and exercises in an easy-to-understand format, you will need to have
experience with IT and networking technology to get the best results.
I’ve included review questions at the end of each chapter to give you a taste of what it’s
like to take the exam. If you’re already working in the security field, check out these
questions first to gauge your level of expertise. You can then use the book to fill in the
gaps in your current knowledge. This study guide will help you round out your knowledge
base before tackling the exam itself.
If you can answer 85 percent to 90 percent or more of the review questions correctly for a
given chapter, you can feel safe moving on to the next chapter. If you’re unable to answer
that many questions correctly, reread the chapter and try the questions again. Your score
should improve.
Before You Begin Studying
Before you begin preparing for the exam, it’s imperative that you understand a few things
about the CEH certification. CEH is a certification from the International Council of
Electronic Commerce Consultants (EC-Council) granted to those who obtain a passing
score on a single exam (number 312-50). The exam is predominantly multiple choice,
with some questions including diagrams and sketches that you must analyze to arrive at
an answer. This exam requires intermediate- to advanced-level experience; you’re
expected to know a great deal about security from an implementation and theory
perspective as well as a practical perspective.
In many books, the glossary is filler added to the back of the text; this book’s glossary
(included as part of the online test bank at sybextestbanks.wiley.com) should be
considered necessary reading. You’re likely to see a question on the exam about what a
black- or white-box test is—not how to specifically implement it in a working
environment. Spend your study time learning the various security solutions and
identifying potential security vulnerabilities and where they are applicable. Also spend
time thinking outside the box about how things work—the exam is also known to alter
phrases and terminology—but keep the underlying concept as a way to test your thought process.
The EC-Council is known for presenting concepts in unexpected ways on their exam. The
exam tests whether you can apply your knowledge rather than just commit information to
memory and repeat it back. Use your analytical skills to visualize the situation and then
determine how it works. The questions throughout this book make every attempt to recreate
the structure and appearance of the CEH exam questions.
Why Become CEH Certified?
There are a number of reasons for obtaining the CEH certification. These include the
following:
Provides Proof of Professional Achievement Specialized certifications are the best
way to stand out from the crowd. In this age of technology certifications, you’ll find
hundreds of thousands of administrators who have successfully completed the Microsoft
and Cisco certification tracks. To set yourself apart from the crowd, you need a bit more.
The CEH exam is part of the EC-Council certification track, which includes other securitycentric
certifications if you wish to attempt those.
Increases Your Marketability The CEH for several years has provided a valuable
benchmark of the skills of a pentester to potential employers or clients. Once you hold
the CEH certification, you’ll have the credentials to prove your competency. Moreover,
certifications can’t be taken from you when you change jobs—you can take that
certification with you to any position you accept.
Provides Opportunity for Advancement Individuals who prove themselves to be
competent and dedicated are the ones who will most likely be promoted. Becoming
certified is a great way to prove your skill level and show your employer that you’re
committed to improving your skill set. Look around you at those who are certified: They
are probably the people who receive good pay raises and promotions.
Fulfills Training Requirements Many companies have set training requirements for
their staff so that they stay up to date on the latest technologies. Having a certification
program in security provides administrators with another certification path to follow
when they have exhausted some of the other industry-standard certifications.
Raises Customer Confidence Many companies, small businesses, and the
governments of various countries have long discovered the advantages of being a CEH.
Many organizations require that employees and contractors hold the credential in order
to engage in certain work activities.
How to Become a CEH-Certified Professional
The first place to start on your way to certification is to register for the exam at any
Pearson VUE testing center. Exam pricing might vary by country or by EC-Council
membership. You can contact Pearson VUE by going to their website (www.vue.com) or
in the United States and Canada by calling toll-free (877)-551-7587.
When you schedule the exam, you’ll receive instructions about appointment and
cancellation procedures, ID requirements, and information about the testing center
location. In addition, you will be required to provide a special EC-Council–furnished code
in order to complete the registration process. Finally, you will also be required to fill out a
form describing your professional experience and background before a code will be issued
for you to register.
After you’ve successfully passed your CEH exam, the EC-Council will award you with
certification. Within four to six weeks of passing the exam, you’ll receive your official ECCouncil
CEH certificate.
Who Should Read This Book?
If you want to acquire solid information in hacking and pen-testing techniques and your
goal is to prepare for the exam by learning how to develop and improve security, this book
is for you. You’ll find clear explanations of the concepts you need to grasp and plenty of
help to achieve the high level of professional competency you need to succeed in your chosen field.
If you want to become certified, this book is definitely what you need. However, if you
just want to attempt to pass the exam without really understanding security, this study
guide isn’t for you. You must be committed to learning the theory and concepts in this
book to be successful.
What Does This Book Cover?
This book covers everything you need to know to pass the CEH exam. Here’s a breakdown
chapter by chapter:
Chapter 1: Introduction to Ethical Hacking This chapter covers the purpose of
ethical hacking, defines the ethical hacker, and describes how to get started performing
security audits.
Chapter 2: System Fundamentals This chapter presents a look at the various
components that make up a system and how they are affected by security.
Chapter 3: Cryptography This chapter explores the art and science of cryptography;
you’ll learn how cryptography works and how it supports security.
Chapter 4: Footprinting In this chapter, you’ll learn how to gain information from a
target using both passive and active methods.
Chapter 5: Scanning This chapter shows you how to gain information about the hosts
and devices on a network as well as what the information means.
Chapter 6: Enumeration In this chapter, you’ll learn how to probe the various services
present on a given host and how to process the information to determine what it means
and how to use it for later actions.
Chapter 7: System Hacking This chapter shows you how to use the information gained
from footprinting, scanning, and earlier examinations in order to break into or gain access
to a system.
Chapter 8: Malware This chapter covers the varieties of malware and how each can be
created, used, or defended against.
Chapter 9: Sniffers This chapter discusses using packet sniffers to gather information
that is flowing across the network. You’ll learn how to dissect this information for
immediate or later use.
Chapter 10: Social Engineering This chapter covers how to manipulate human beings
in order to gain sensitive information.
Chapter 11: Denial of Service This chapter includes an analysis of attacks that are
designed to temporarily or permanently shut down a target.
Chapter 12: Session Hijacking This chapter covers how to disrupt communications as
well as take over legitimate sessions between two parties.
Chapter 13: Web Servers and Applications This chapter explains how to break into
and examine web servers and applications as well as the various methods of attack.
Chapter 14: SQL Injection In this chapter, you’ll learn how to attack databases and
data stores using SQL injection to alter, intercept, view, or destroy information.
Chapter 15: Hacking Wi-Fi and Bluetooth In this chapter, you’ll learn how to target,
analyze, disrupt, and shut down wireless networks either temporarily or permanently.
Chapter 16: Mobile Device Security In this chapter, you’ll learn how to target,
analyze, and work with mobile devices.
Chapter 17: Evasion This chapter covers how to deal with the common protective
measures that a system administrator may put into place; these measures include
intrusion detection systems (IDSs), firewalls, and honeypots.
Chapter 18: Cloud Technologies and Security In this chapter, you’ll learn how to
integrate and secure cloud technologies.
Chapter 19: Physical Security This chapter deals with the aspects of physical security
and how to protect assets from being stolen, lost, or otherwise compromised.
Appendix A: Answers to Review Questions In this appendix, you can find all the
answers to the review questions throughout the book.
Appendix B: Penetration Testing Frameworks In this appendix, you will explore an
alternative penetration testing framework.
Appendix C: Building a Lab In this appendix, you’ll learn how to build a lab to test and
experiment with your penetration testing skills.