SØG - mellem flere end 8 millioner bøger:
Viser: Certified Ethical Hacker (CEH) Version 9 Cert Guide
Certified Ethical Hacker (CEH) Version 9 Cert Guide
Michael Gregg
(2017)
Sprog: Engelsk
Pearson Education, Limited
468,00 kr.
Denne titel er udgået og kan derfor ikke bestilles. Vi beklager.
Detaljer om varen
- 2. Udgave
- Hardback: 656 sider
- Udgiver: Pearson Education, Limited (April 2017)
- ISBN: 9780789756916
In this best-of-breed study guide, leading expert Michael Gregg helps you master all the topics you need to know to succeed on your Certified Ethical Hacker Version 9 exam and advance your career in IT security. Michael's concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.
- Every feature of this book supports both efficient exam preparation and long-term mastery: - Opening Topics Lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives - Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success - Exam Preparation Tasks enable you to review key topics, complete memory tables, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career - Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology
This study guide helps you master all the topics on the latest CEH exam, including - Ethical hacking basics - Technical foundations of hacking - Footprinting and scanning - Enumeration and system hacking - Linux distro's, such as Kali and automated assessment tools - Trojans and backdoors - Sniffers, session hijacking, and denial of service - Web server hacking, web applications, and database attacks - Wireless technologies, mobile security, and mobile attacks - IDS, firewalls, and honeypots - Buffer overflows, viruses, and worms - Cryptographic attacks and defenses - Cloud security and social engineering
- Every feature of this book supports both efficient exam preparation and long-term mastery: - Opening Topics Lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives - Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success - Exam Preparation Tasks enable you to review key topics, complete memory tables, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career - Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology
This study guide helps you master all the topics on the latest CEH exam, including - Ethical hacking basics - Technical foundations of hacking - Footprinting and scanning - Enumeration and system hacking - Linux distro's, such as Kali and automated assessment tools - Trojans and backdoors - Sniffers, session hijacking, and denial of service - Web server hacking, web applications, and database attacks - Wireless technologies, mobile security, and mobile attacks - IDS, firewalls, and honeypots - Buffer overflows, viruses, and worms - Cryptographic attacks and defenses - Cloud security and social engineering
Introduction xxi
Chapter 1 An Introduction to Ethical Hacking "Do I Know This Already?" Quiz Foundation Topics Security Fundamentals Goals of Security Risk, Assets, Threats, and Vulnerabilities Backing Up Data to Reduce Risk Defining an Exploit Risk Assessment Security Testing No-Knowledge Tests (Black Box) Full-Knowledge Testing (White Box) Partial-Knowledge Testing (Gray Box) Types of Security Tests Hacker and Cracker Descriptions Who Attackers Are Ethical Hackers Required Skills of an Ethical Hacker Modes of Ethical Hacking Test Plans-Keeping It Legal Test Phases Establishing Goals Getting Approval Ethical Hacking Report Vulnerability Research-Keeping Up with Changes Ethics and Legality Overview of U.S. Federal Laws Compliance Regulations Payment Card Industry Data Security Standard (PCI-DSS) Summary Exam Preparation Tasks Hands-On Labs Lab 1-1 Examining Security Policies Review Questions
Chapter 2 The Technical Foundations of Hacking "Do I Know This Already?" Quiz Foundation Topics The Attacker''s Process Performing Reconnaissance and Footprinting Scanning and Enumeration Gaining Access Escalation of Privilege Maintaining Access Covering Tracks and Planting Backdoors The Ethical Hacker''s Process NIST SP 800-15 Operationally Critical Threat, Asset, and Vulnerability Evaluation Open Source Security Testing Methodology Manual Security and the Stack The OSI Model Anatomy of TCP/IP Protocols The Application Layer The Transport Layer The Internet Layer The Network Access Layer Summary Exam Preparation Tasks Exercises
2.1 Install a Sniffer and Perform Packet Captures
2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack
Chapter 3 Footprinting and Scanning "Do I Know This Already?" Quiz Foundation Topics Overview of the Seven-Step Information-Gathering Process Information Gathering Documentation The Organization''s Website Job Boards Employee and People Searches EDGAR Database Google Hacking Usenet Registrar Query DNS Enumeration Determining the Network Range Traceroute Identifying Active Machines Finding Open Ports and Access Points Nmap SuperScan THC-Amap Hping Port Knocking War Driving OS Fingerprinting Active Fingerprinting Tools Fingerprinting Services Default Ports and Services Finding Open Services Mapping the Network Attack Surface Manual Mapping Automated Mapping Summary Exam Preparation Tasks Exercises
3.1 Performing Passive Reconnaissance
3.2 Performing Active Reconnaissance
Chapter 4 Enumeration and System Hacking "Do I Know This Already?" Quiz Foundation Topics Enumeration Windows Enumeration Windows Security NetBIOS and LDAP Enumeration NetBIOS Enumeration Tools SNMP Enumeration Linux/UNIX Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration System Hacking Nontechnical Password Attacks Technical Password Attacks Password Guessing Automated Password Guessing Password Sniffing Keylogging Privilege Escalation and Exploiting Vulnerabilities Exploiting an Application Exploiting a Buffer Overflow Owning the Box Windows Authentication Types Cracking Windows Passwords Linux Authentication and Passwords Cracking Linux Passwords Hiding Files and Covering Tracks Rootkits File Hiding Summary Exam Preparation Tasks Exercise
4.1 NTFS File Streaming Review Questions
Chapter 5 Malware Threats "Do I Know This Already?" Quiz Foundation Topics Viruses and Worms Types and Transmission Methods of Viruses Virus Payloads History of Viruses Well-Known Viruses Virus Tools Trojans Trojan Types Trojan Ports and Communication Methods Trojan Goals Trojan Infection Mechanisms Effects of Trojans Trojan Tools Distributing Trojans Covert Communication Tunneling via the Internet Layer Tunneling via the Transport Layer Tunneling via the Application Layer Port Redirection Keystroke Logging and Spyware Hardware Keyloggers Software Keyloggers Spyware Malware Countermeasures Detecting Malware Antivirus Analyzing Malware Static Analysis Dynamic Analysis Summary Exam Preparation Tasks Exercises
5.1 Finding Malicious Programs
5.2 Using Process Explorer Review Questions
Chapter 6 Sniffers, Session Hijacking, and Denial of Service "Do I Know This Already?" Quiz Foundation Topics Sniffers Passive Sniffing Active Sniffing Address Resolution Protocol ARP Poisoning and MAC Flooding Tools for Sniffing Wireshark Other Sniffing Tools Sniffing and Spoofing Countermeasures Session Hijacking Transport Layer Hijacking Identify and Find an Active Session Predict the Sequence Number Take One of the Parties Offline Take Control of the Session Application Layer Hijacking Session Sniffing Predictable Session Token ID Man-in-the-Middle Attacks Man-in-the-Browser Attacks Client-Side Attacks Session Replay Attacks Session Fixation Attacks Session Hijacking Tools Preventing Session Hijacking Denial of Service and Distributed Denial of Service DoS Attack Techniques Bandwidth Attacks SYN Flood Attacks ICMP Attacks Peer-to-Peer Attacks Program- and Application-Level Attacks Permanent DoS Attacks Distributed Denial of Service DDoS Tools DoS and DDOS Countermeasures Summary Exam Preparation Tasks Exercises
6.1 Scanning for DDoS Programs
6.2 Using SMAC to Spoof Your MAC Address Review Questions
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks "Do I Know This Already?" Quiz Foundation Topics Web Server Hacking Scanning Web Servers Banner Grabbing and Enumeration Web Server Vulnerability Identification Attacking the Web Server DoS/DDoS Attacks DNS Server Hijacking and DNS Amplification Attacks Directory Traversal Man-in-the-Middle Attacks Website Defacement Web Server Misconfiguration HTTP Response Splitting Web Server Password Cracking IIS Vulnerabilities Automated Exploit Tools Securing Web Servers Web Application Hacking Unvalidated Input Parameter/Form Tampering Injection Flaws Cross-Site Scripting and Cross-Site Request Forgery Attacks Hidden Field Attacks Other Web Application Attacks Attacking Web-Based Authentication Web-Based Password Cracking and Authentication Attacks Cookies URL Obfuscation Intercepting Web Traffic Securing Web Applications Database Hacking Identifying SQL Servers SQL Injection Vulnerabilities SQL Injection Hacking Tools Summary Exam Preparation Tasks Exercise
7.1 Review CVEs and Buffer Overflows Review Questions
Chapter 8 Wireless Technologies, Mobile Security, and Attacks "Do I Know This Already?" Quiz Foundation Topics Wireless Technologies Wireless History Satellite TV Cordless Phones Mobile Device Operation and Security Mobile Device Concerns Mobile Device Platforms Android iOS Windows Phone BlackBerry Mobile Device Management and Protection Bluetooth Wireless LANs Wireless LAN Basics Wireless LAN Frequencies and Signaling Wireless LAN Security Wireless LAN Threats Eavesdropping Configured as Open Authentication Rogue and Unauthorized Access Points Denial of Service (DoS) Wireless Hacking Tools Discover Wi-Fi Networks Perform GPS Mapping Wireless Traffic Analysis Launch Wireless Attacks Crack and Compromise the Wi-Fi Network Securing Wireless Networks Defense in Depth Site Survey Robust Wireless Authentication Misuse Detection Summary Exam Preparation Tasks Review Questions
Chapter 9 IDS, Firewalls, and Honeypots "Do I Know This Already?" Quiz Foundation Topics Intrusion Detection Systems IDS Types and Components Pattern Matching and Anomaly Detection Snort IDS Evasion Flooding Insertion and Evasion Session Splicing Shellcode Attacks Other IDS Evasion Techniques IDS Evasion Tools Firewalls Firewall Types Network Address Translation Packet Filters Application and Circuit-Level Gateways Stateful Inspection Identifying Firewalls Bypassing Firewalls Honeypots Types of Honeypots Detecting Honeypots Summary Exam Preparation Tasks Review Questions Cha
Chapter 1 An Introduction to Ethical Hacking "Do I Know This Already?" Quiz Foundation Topics Security Fundamentals Goals of Security Risk, Assets, Threats, and Vulnerabilities Backing Up Data to Reduce Risk Defining an Exploit Risk Assessment Security Testing No-Knowledge Tests (Black Box) Full-Knowledge Testing (White Box) Partial-Knowledge Testing (Gray Box) Types of Security Tests Hacker and Cracker Descriptions Who Attackers Are Ethical Hackers Required Skills of an Ethical Hacker Modes of Ethical Hacking Test Plans-Keeping It Legal Test Phases Establishing Goals Getting Approval Ethical Hacking Report Vulnerability Research-Keeping Up with Changes Ethics and Legality Overview of U.S. Federal Laws Compliance Regulations Payment Card Industry Data Security Standard (PCI-DSS) Summary Exam Preparation Tasks Hands-On Labs Lab 1-1 Examining Security Policies Review Questions
Chapter 2 The Technical Foundations of Hacking "Do I Know This Already?" Quiz Foundation Topics The Attacker''s Process Performing Reconnaissance and Footprinting Scanning and Enumeration Gaining Access Escalation of Privilege Maintaining Access Covering Tracks and Planting Backdoors The Ethical Hacker''s Process NIST SP 800-15 Operationally Critical Threat, Asset, and Vulnerability Evaluation Open Source Security Testing Methodology Manual Security and the Stack The OSI Model Anatomy of TCP/IP Protocols The Application Layer The Transport Layer The Internet Layer The Network Access Layer Summary Exam Preparation Tasks Exercises
2.1 Install a Sniffer and Perform Packet Captures
2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack
Chapter 3 Footprinting and Scanning "Do I Know This Already?" Quiz Foundation Topics Overview of the Seven-Step Information-Gathering Process Information Gathering Documentation The Organization''s Website Job Boards Employee and People Searches EDGAR Database Google Hacking Usenet Registrar Query DNS Enumeration Determining the Network Range Traceroute Identifying Active Machines Finding Open Ports and Access Points Nmap SuperScan THC-Amap Hping Port Knocking War Driving OS Fingerprinting Active Fingerprinting Tools Fingerprinting Services Default Ports and Services Finding Open Services Mapping the Network Attack Surface Manual Mapping Automated Mapping Summary Exam Preparation Tasks Exercises
3.1 Performing Passive Reconnaissance
3.2 Performing Active Reconnaissance
Chapter 4 Enumeration and System Hacking "Do I Know This Already?" Quiz Foundation Topics Enumeration Windows Enumeration Windows Security NetBIOS and LDAP Enumeration NetBIOS Enumeration Tools SNMP Enumeration Linux/UNIX Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration System Hacking Nontechnical Password Attacks Technical Password Attacks Password Guessing Automated Password Guessing Password Sniffing Keylogging Privilege Escalation and Exploiting Vulnerabilities Exploiting an Application Exploiting a Buffer Overflow Owning the Box Windows Authentication Types Cracking Windows Passwords Linux Authentication and Passwords Cracking Linux Passwords Hiding Files and Covering Tracks Rootkits File Hiding Summary Exam Preparation Tasks Exercise
4.1 NTFS File Streaming Review Questions
Chapter 5 Malware Threats "Do I Know This Already?" Quiz Foundation Topics Viruses and Worms Types and Transmission Methods of Viruses Virus Payloads History of Viruses Well-Known Viruses Virus Tools Trojans Trojan Types Trojan Ports and Communication Methods Trojan Goals Trojan Infection Mechanisms Effects of Trojans Trojan Tools Distributing Trojans Covert Communication Tunneling via the Internet Layer Tunneling via the Transport Layer Tunneling via the Application Layer Port Redirection Keystroke Logging and Spyware Hardware Keyloggers Software Keyloggers Spyware Malware Countermeasures Detecting Malware Antivirus Analyzing Malware Static Analysis Dynamic Analysis Summary Exam Preparation Tasks Exercises
5.1 Finding Malicious Programs
5.2 Using Process Explorer Review Questions
Chapter 6 Sniffers, Session Hijacking, and Denial of Service "Do I Know This Already?" Quiz Foundation Topics Sniffers Passive Sniffing Active Sniffing Address Resolution Protocol ARP Poisoning and MAC Flooding Tools for Sniffing Wireshark Other Sniffing Tools Sniffing and Spoofing Countermeasures Session Hijacking Transport Layer Hijacking Identify and Find an Active Session Predict the Sequence Number Take One of the Parties Offline Take Control of the Session Application Layer Hijacking Session Sniffing Predictable Session Token ID Man-in-the-Middle Attacks Man-in-the-Browser Attacks Client-Side Attacks Session Replay Attacks Session Fixation Attacks Session Hijacking Tools Preventing Session Hijacking Denial of Service and Distributed Denial of Service DoS Attack Techniques Bandwidth Attacks SYN Flood Attacks ICMP Attacks Peer-to-Peer Attacks Program- and Application-Level Attacks Permanent DoS Attacks Distributed Denial of Service DDoS Tools DoS and DDOS Countermeasures Summary Exam Preparation Tasks Exercises
6.1 Scanning for DDoS Programs
6.2 Using SMAC to Spoof Your MAC Address Review Questions
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks "Do I Know This Already?" Quiz Foundation Topics Web Server Hacking Scanning Web Servers Banner Grabbing and Enumeration Web Server Vulnerability Identification Attacking the Web Server DoS/DDoS Attacks DNS Server Hijacking and DNS Amplification Attacks Directory Traversal Man-in-the-Middle Attacks Website Defacement Web Server Misconfiguration HTTP Response Splitting Web Server Password Cracking IIS Vulnerabilities Automated Exploit Tools Securing Web Servers Web Application Hacking Unvalidated Input Parameter/Form Tampering Injection Flaws Cross-Site Scripting and Cross-Site Request Forgery Attacks Hidden Field Attacks Other Web Application Attacks Attacking Web-Based Authentication Web-Based Password Cracking and Authentication Attacks Cookies URL Obfuscation Intercepting Web Traffic Securing Web Applications Database Hacking Identifying SQL Servers SQL Injection Vulnerabilities SQL Injection Hacking Tools Summary Exam Preparation Tasks Exercise
7.1 Review CVEs and Buffer Overflows Review Questions
Chapter 8 Wireless Technologies, Mobile Security, and Attacks "Do I Know This Already?" Quiz Foundation Topics Wireless Technologies Wireless History Satellite TV Cordless Phones Mobile Device Operation and Security Mobile Device Concerns Mobile Device Platforms Android iOS Windows Phone BlackBerry Mobile Device Management and Protection Bluetooth Wireless LANs Wireless LAN Basics Wireless LAN Frequencies and Signaling Wireless LAN Security Wireless LAN Threats Eavesdropping Configured as Open Authentication Rogue and Unauthorized Access Points Denial of Service (DoS) Wireless Hacking Tools Discover Wi-Fi Networks Perform GPS Mapping Wireless Traffic Analysis Launch Wireless Attacks Crack and Compromise the Wi-Fi Network Securing Wireless Networks Defense in Depth Site Survey Robust Wireless Authentication Misuse Detection Summary Exam Preparation Tasks Review Questions
Chapter 9 IDS, Firewalls, and Honeypots "Do I Know This Already?" Quiz Foundation Topics Intrusion Detection Systems IDS Types and Components Pattern Matching and Anomaly Detection Snort IDS Evasion Flooding Insertion and Evasion Session Splicing Shellcode Attacks Other IDS Evasion Techniques IDS Evasion Tools Firewalls Firewall Types Network Address Translation Packet Filters Application and Circuit-Level Gateways Stateful Inspection Identifying Firewalls Bypassing Firewalls Honeypots Types of Honeypots Detecting Honeypots Summary Exam Preparation Tasks Review Questions Cha
De oplyste priser er inkl. moms
Butikker og åbningstid
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Polyteknisk Boghandel og Forlag A/S - Anker Engelundsvej 1 - 2800 Lyngby
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927