Spine .864” Prepare For CEH Certifi Cation With This .

Covers all Exam Objectives for CEHv6Includes Real-World Scenarios, Hands-On Exercises, andLeading-Edge Exam Prep Software Featuring: Custom Test Engine Hundreds of Sample Questions Electronic Flashcards Entire Book in PDFCEH CertifiedEthical HackerSTUDY GUIDEExam 312-50Exam EC0-350SERIOUS SKILLS.Kimberly Graves

CEH: Certified Ethical Hacker Study GuideCEH (312-50) ObjectivesObjectiveChapterEthics and LegalityUnderstand ethical hacking terminologyDefine the job role of an ethical hackerUnderstand the different phases involved in ethical hackingIdentify different types of hacking technologiesList the 5 stages of ethical hackingWhat is hacktivism?List different types of hacker classesDefine the skills required to become an ethical hackerWhat is vulnerability research?Describe the ways of conducting ethical hackingUnderstand the legal implications of hackingUnderstand 18 U.S.C. § 1030 US Federal Law111111111111FootprintingDefine the term footprintingDescribe information gathering methodologyDescribe competitive intelligenceUnderstand DNS enumerationUnderstand Whois, ARIN lookupIdentify different types of DNS recordsUnderstand how traceroute is used in footprintingUnderstand how email tracking worksUnderstand how web spiders work222222222ScanningDefine the terms port scanning, network scanning, and vulnerability scanningUnderstand the CEH scanning methodologyUnderstand Ping Sweep techniquesUnderstand nmap command switchesUnderstand SYN, Stealth, XMAS, NULL, IDLE, and FIN scansList TCP communication flag typesUnderstand war dialing techniquesUnderstand banner grabbing and OF fingerprinting techniquesUnderstand how proxy servers are used in launching an attackHow do anonymizers work?Understand HTTP tunneling techniquesUnderstand IP spoofing techniques333333333333

ObjectiveChapterEnumerationWhat is enumeration?What is meant by null sessions?What is SNMP enumeration?What are the steps involved in performing enumeration?3333System HackingUnderstanding password cracking techniquesUnderstanding different types of passwordsIdentifying various password cracking toolsUnderstand escalating privilegesUnderstanding keyloggers and other spyware technologiesUnderstand how to hide filesUnderstanding rootkitsUnderstand steganography technologiesUnderstand how to cover your tracks and erase evidence444444444Trojans and BackdoorsWhat is a Trojan?What is meant by overt and covert channels?List the different types of TrojansWhat are the indications of a Trojan attack?Understand how “Netcat” Trojan worksWhat is meant by “wrapping”?How do reverse connecting Trojans work?What are the countermeasure techniques in preventing Trojans?Understand Trojan evading techniques555555555SniffersUnderstand the protocol susceptible to sniffingUnderstand active and passive sniffingUnderstand ARP poisoningUnderstand Ethereal capture and display filtersUnderstand MAC floodingUnderstand DNS spoofing techniquesDescribe sniffing countermeasures6666666Denial of ServiceUnderstand the types of DoS AttacksUnderstand how DDoS attack worksUnderstand how BOTs/BOTNETs workWhat is a “Smurf” attack?What is “SYN” flooding?Describe the DoS/DDoS countermeasures777777Exam specifications and content are subject to change at any time without priornotice and at the EC-Council’s sole discretion. Please visit EC-Council’s website(www.eccouncil.org) for the most current information on their exam content.

ObjectiveSocial EngineeringWhat is social engineering?What are the common types of attacks?Understand dumpster divingUnderstand reverse social engineeringUnderstand insider attacksUnderstand identity theftDescribe phishing attacksUnderstand online scamsUnderstand URL obfuscationSocial engineering countermeasuresSession HijackingUnderstand spoofing vs. hijackingList the types of session hijackingUnderstand sequence predictionWhat are the steps in performing session hijacking?Describe how you would prevent session hijackingHacking Web ServersList the types of web server vulnerabilitiesUnderstand the attacks against web serversUnderstand IIS Unicode exploitsUnderstand patch management techniquesUnderstand Web Application ScannerWhat is the Metasploit Framework?Describe web server hardening methodsWeb Application VulnerabilitiesUnderstanding how a web application worksObjectives of web application hackingAnatomy of an attackWeb application threatsUnderstand Google hackingUnderstand web application countermeasuresWeb-Based Password Cracking TechniquesList the authentication typesWhat is a password cracker?How does a password cracker work?Understand password attacks – classificationUnderstand password cracking countermeasuresSQL InjectionWhat is SQL injection?Understand the steps to conduct SQL injectionUnderstand SQL Server vulnerabilitiesDescribe SQL injection 888889999

ObjectiveChapterWireless HackingOverview of WEP, WPA authentication systems, and cracking techniquesOverview of wireless sniffers and SSID, MAC spoofingUnderstand rogue access pointsUnderstand wireless hacking techniquesDescribe the methods of securing wireless networksVirus and WormsUnderstand the difference between a virus and a wormUnderstand the types of virusesHow a virus spreads and infects the systemUnderstand antivirus evasion techniquesUnderstand virus detection methodsPhysical SecurityPhysical security breach incidentsUnderstanding physical securityWhat is the need for physical security?Who is accountable for physical security?Factors affecting physical securityLinux HackingUnderstand how to compile a Linux kernelUnderstand GCC compilation commandsUnderstand how to install LKM modulesUnderstand Linux hardening methodsEvading IDS, Honeypots, and FirewallsList the types of intrusion detection systems and evasion techniquesList firewall and honeypot evasion techniquesBuffer OverflowsOverview of stack-based buffer overflowsIdentify the different types of buffer overflows and methods of detectionOverview of buffer overflow mutation techniquesCryptographyOverview of cryptography and encryption techniquesDescribe how public and private keys are generatedOverview of MD5, SHA, RC4, RC5, Blowfish algorithmsPenetration Testing MethodologiesOverview of penetration testing methodologiesList the penetration testing stepsOverview of the pen-test legal frameworkOverview of the pen-test deliverablesList the automated penetration testing toolsExam specifications and content are subject to change at any time without priornotice and at the EC-Council’s sole discretion. Please visit EC-Council’s website(www.eccouncil.org) for the most current information on their exam 14141515151515

CEHCertified Ethical Hacker Study Guide

CEHCertified Ethical Hacker Study GuideKimberly Graves

Disclaimer: This eBook does not include ancillary media that was packaged with theprinted version of the book.Acquisitions Editor: Jeff KellumDevelopment Editor: Pete GaughanTechnical Editors: Keith Parsons, Chris CarsonProduction Editor: Angela SmithCopy Editor: Liz WelchEditorial Manager: Pete GaughanProduction Manager: Tim TateVice President and Executive Group Publisher: Richard SwadleyVice President and Publisher: Neil EddeMedia Project Manager 1: Laura Moss-HollisterMedia Associate Producer: Josh FrankMedia Quality Assurance: Shawn PatrickBook Designers: Judy Fung and Bill GibsonCompositor: Craig Johnson, Happenstance Type-O-RamaProofreader: Publication Services, Inc.Indexer: Ted LauxProject Coordinator, Cover: Lynsey StanfordCover Designer: Ryan SneedCopyright 2010 by Wiley Publishing, Inc., Indianapolis, IndianaPublished simultaneously in CanadaISBN: 978-0-470-52520-3No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorizationthrough payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008,or online at http://www.wiley.com/go/permissions.Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respectto the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including withoutlimitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotionalmaterials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with theunderstanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher northe author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this workas a citation and/or a potential source of further information does not mean that the author or the publisher endorses theinformation the organization or Web site may provide or recommendations it may make. Further, readers should be awarethat Internet Web sites listed in this work may have changed or disappeared between when this work was written and whenit is read.For general information on our other products and services or to obtain technical support, please contact our CustomerCare Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be availablein electronic books.Library of Congress Cataloging-in-Publication DataGraves, Kimberly, 1974CEH : certified ethical hacker study guide / Kimberly Graves. — 1st ed.p. cm.Includes bibliographical references and index.ISBN 978-0-470-52520-3 (paper/cd-rom : alk. paper)1. Electronic data processing personnel—Certification. 2. Computer security—Examinations—Study guides.3. Computer hackers—Examinations—Study guides. 4. Computer networks—Examinations—Study guides. I. Title.QA76.3.G6875 2010005.8—dc222010003135TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley &Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission.CEH Certified Ethical Hacker is a trademark of EC-Council. All other trademarks are the property of their respectiveowners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.10 9 8 7 6 5 4 3 2 1

Dear Reader,Thank you for choosing CEH: Certified Ethical Hacker Study Guide. This book is partof a family of premium-quality Sybex books, all of which are written by outstandingauthors who combine practical experience with a gift for teaching.Sybex was founded in 1976. More than 30 years later, we’re still committed to producingconsistently exceptional books. With each of our titles, we’re working hard to set a newstandard for the industry. From the paper we print on, to the authors we work with, ourgoal is to bring you the best books available.I hope you see all that reflected in these pages. I’d be very interested to hear your commentsand get your feedback on how we’re doing. Feel free to let me know what you think aboutthis or any other Sybex book by sending me an email at nedde@wiley.com. If you think you’vefound a technical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.Best regards,Neil EddeVice President and PublisherSybex, an Imprint of Wiley