Cantitate/Preț
Produs

CEH v11 Certified Ethical Hacker Study Guide

Autor R Messier
en Limba Engleză Paperback – 15 sep 2021
As protecting information continues to be a growing concern for today's businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v11) certification. The CEH v11 Certified Ethical Hacker Study Guide offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instructions. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include common attack practices like reconnaissance and scanning. Also covered are topics like intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things (IoT) and more. This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you've learned into the context of actual job roles. * Gain a unique certification that allows you to function like an attacker, allowing you to identify vulnerabilities so they can be remediated * Expand your career opportunities with an IT certificate that satisfies the Department of Defense's 8570 Directive for Information Assurance positions * Fully updated for the 2020 CEH v11 exam, including the latest developments in IT security * Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms Thanks to its clear organization, all-inclusive coverage, and practical instruction, the CEH v11 Certified Ethical Hacker Study Guide is an excellent resource for anyone who needs to understand the hacking process or anyone who wants to demonstrate their skills as a Certified Ethical Hacker.
Citește tot Restrânge

Preț: 26665 lei

Nou

Puncte Express: 400

Preț estimativ în valută:
5105 5561$ 4282£

Carte disponibilă

Livrare economică 28 noiembrie-12 decembrie
Livrare express 13-19 noiembrie pentru 6606 lei

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9781119800286
ISBN-10: 1119800285
Pagini: 704
Dimensiuni: 189 x 240 x 35 mm
Greutate: 1.16 kg
Editura: Sybex
Locul publicării:Hoboken, United States

Notă biografică

RIC MESSIER, CEH, GCIH, GSEC, CISSP, CCSP is a consultant, educator, and author of many books on information security and digital forensics. With decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor.

Cuprins

Introduction xix Assessment Test xxvi Chapter 1 Ethical Hacking 1 Overview of Ethics 2 Overview of Ethical Hacking 5 Methodologies 6 Cyber Kill Chain 6 Attack Lifecycle 8 Methodology of Ethical Hacking 10 Reconnaissance and Footprinting 10 Scanning and Enumeration 11 Gaining Access 11 Maintaining Access 12 Covering Tracks 12 Summary 13 Chapter 2 Networking Foundations 15 Communications Models 17 Open Systems Interconnection 18 TCP/IP Architecture 21 Topologies 22 Bus Network 22 Star Network 23 Ring Network 24 Mesh Network 25 Hybrid 26 Physical Networking 27 Addressing 27 Switching 28 IP 29 Headers 29 Addressing 31 Subnets 33 TCP 34 UDP 38 Internet Control Message Protocol 39 Network Architectures 40 Network Types 40 Isolation 41 Remote Access 43 Cloud Computing 44 Storage as a Service 45 Infrastructure as a Service 46 Platform as a Service 48 Software as a Service 49 Internet of Things 51 Summary 52 Review Questions 54 Chapter 3 Security Foundations 57 The Triad 59 Confidentiality 59 Integrity 61 Availability 62 Parkerian Hexad 63 Risk 64 Policies, Standards, and Procedures 66 Security Policies 66 Security Standards 67 Procedures 68 Guidelines 68 Organizing Your Protections 69 Security Technology 72 Firewalls 72 Intrusion Detection Systems 77 Intrusion Prevention Systems 80 Endpoint Detection and Response 81 Security Information and Event Management 83 Being Prepared 84 Defense in Depth 84 Defense in Breadth 86 Defensible Network Architecture 87 Logging 88 Auditing 90 Summary 92 Review Questions 93 Chapter 4 Footprinting and Reconnaissance 97 Open Source Intelligence 99 Companies 99 People 108 Social Networking 111 Domain Name System 124 Name Lookups 125 Zone Transfers 130 Passive DNS 133 Passive Reconnaissance 136 Website Intelligence 139 Technology Intelligence 144 Google Hacking 144 Internet of Things (IoT) 146 Summary 148 Review Questions 150 Chapter 5 Scanning Networks 155 Ping Sweeps 157 Using fping 157 Using MegaPing 159 Port Scanning 161 Nmap 162 masscan 176 MegaPing 178 Metasploit 180 Vulnerability Scanning 183 OpenVAS 184 Nessus 196 Looking for Vulnerabilities with Metasploit 202 Packet Crafting and Manipulation 203 hping 204 packETH 207 fragroute 209 Evasion Techniques 211 Protecting and Detecting 214 Summary 215 Review Questions 217 Chapter 6 Enumeration 221 Service Enumeration 223 Remote Procedure Calls 226 SunRPC 226 Remote Method Invocation 228 Server Message Block 232 Built-in Utilities 233 nmap Scripts 237 NetBIOS Enumerator 239 Metasploit 240 Other Utilities 242 Simple Network Management Protocol 245 Simple Mail Transfer Protocol 247 Web-Based Enumeration 250 Summary 257 Review Questions 259 Chapter 7 System Hacking 263 Searching for Exploits 265 System Compromise 269 Metasploit Modules 270 Exploit-DB 274 Gathering Passwords 276 Password Cracking 279 John the Ripper 280 Rainbow Tables 282 Kerberoasting 284 Client-Side Vulnerabilities 289 Living Off the Land 291 Fuzzing 292 Post Exploitation 295 Evasion 295 Privilege Escalation 296 Pivoting 301 Persistence 304 Covering Tracks 307 Summary 313 Review Questions 315 Chapter 8 Malware 319 Malware Types 321 Virus 321 Worm 323 Trojan 324 Botnet 324 Ransomware 326 Dropper 328 Malware Analysis 328 Static Analysis 329 Dynamic Analysis 340 Creating Malware 349 Writing Your Own 350 Using Metasploit 353 Obfuscating 356 Malware Infrastructure 357 Antivirus Solutions 359 Persistence 360 Summary 361 Review Questions 363 Chapter 9 Sniffing 367 Packet Capture 368 tcpdump 369 tshark 376 Wireshark 378 Berkeley Packet Filter 382 Port Mirroring/Spanning 384 Packet Analysis 385 Spoofing Attacks 390 ARP Spoofing 390 DNS Spoofing 394 sslstrip 397 Spoofing Detection 398 Summary 399 Review Questions 402 Chapter 10 Social Engineering 407 Social Engineering 408 Pretexting 410 Social Engineering Vectors 412 Physical Social Engineering 413 Badge Access 413 Man Traps 415 Biometrics 416 Phone Calls 417 Baiting 418 Phishing Attacks 418 Website Attacks 422 Cloning 423 Rogue Attacks 426 Wireless Social Engineering 427 Automating Social Engineering 430 Summary 433 Review Questions 435 Chapter 11 Wireless Security 439 Wi-Fi 440 Wi-Fi Network Types 442 Wi-Fi Authentication 445 Wi-Fi Encryption 446 Bring Your Own Device 450 Wi-Fi Attacks 451 Bluetooth 462 Scanning 463 Bluejacking 465 Bluesnarfing 466 Bluebugging 466 Mobile Devices 466 Mobile Device Attacks 467 Summary 472 Review Questions 474 Chapter 12 Attack and Defense 479 Web Application Attacks 480 XML External Entity Processing 482 Cross-Site Scripting 483 SQL Injection 485 Command Injection 487 File Traversal 489 Web Application Protections 490 Denial-of-Service Attacks 492 Bandwidth Attacks 492 Slow Attacks 495 Legacy 497 Application Exploitation 497 Buffer Overflow 498 Heap Spraying 500 Application Protections and Evasions 501 Lateral Movement 502 Defense in Depth/Defense in Breadth 504 Defensible Network Architecture 506 Summary 508 Review Questions 510 Chapter 13 Cryptography 515 Basic Encryption 517 Substitution Ciphers 517 Diffie-Hellman 520 Symmetric Key Cryptography 521 Data Encryption Standard 522 Advanced Encryption Standard 523 Asymmetric Key Cryptography 524 Hybrid Cryptosystem 525 Nonrepudiation 525 Elliptic Curve Cryptography 526 Certificate Authorities and Key Management 528 Certificate Authority 528 Trusted Third Party 531 Self-Signed Certificates 532 Cryptographic Hashing 534 PGP and S/MIME 536 Disk and File Encryption 538 Summary 541 Review Questions 543 Chapter 14 Security Architecture and Design 547 Data Classification 548 Security Models 550 State Machine 550 Biba 551 Bell-LaPadula 552 Clark-Wilson Integrity Model 552 Application Architecture 553 n-tier Application Design 554 Service-Oriented Architecture 557 Cloud-Based Applications 559 Database Considerations 561 Security Architecture 563 Summary 567 Review Questions 569 Chapter 15 Cloud Computing and the Internet of Things 573 Cloud Computing Overview 574 Cloud Services 578 Shared Responsibility Model 583 Public vs. Private Cloud 585 Cloud Architectures and Deployment 586 Responsive Design 588 Cloud-Native Design 589 Deployment 590 Dealing with REST 593 Common Cloud Threats 598 Access Management 598 Data Breach 600 Web Application Compromise 600 Credential Compromise 602 Insider Threat 604 Internet of Things 604 Operational Technology 610 Summary 612 Review Questions 614 Appendix Answers to Review Questions 617 Chapter 2: Networking Foundations 618 Chapter 3: Security Foundations 619 Chapter 4: Footprinting and Reconnaissance 622 Chapter 5: Scanning Networks 624 Chapter 6: Enumeration 627 Chapter 7: System Hacking 629 Chapter 8: Malware 632 Chapter 9: Sniffing 635 Chapter 10: Social Engineering 636 Chapter 11: Wireless Security 638 Chapter 12: Attack and Defense 641 Chapter 13: Cryptography 643 Chapter 14: Security Architecture and Design 645 Chapter 15: Cloud Computing and the Internet of Things 646 Index 649