CEH: Official Certified Ethical Hacker Review Guide

Introduction     xvIntroduction to Ethical Hacking, Ethics, and Legality     1Understanding Ethical Hacking Terminology     2Identifying Different Types of Hacking Technologies     3Understanding the Different Phases Involved in Ethical Hacking and Listing the Five Stages of Ethical Hacking     4Passive and Active Reconnaissance     5Scanning     5Gaining Access     5Maintaining Access     6Covering Tracks     6What Is Hacktivism?     6Listing Different Types of Hacker Classes     6Ethical Hackers and Crackers-Who Are They?     7What Do Ethical Hackers Do?     8Goals Attackers Try to Achieve     8Security, Functionality, and Ease of Use Triangle     9Defining the Skills Required to Become an Ethical Hacker     10What Is Vulnerability Research?     10Describing the Ways to Conduct Ethical Hacking     11Creating a Security Evaluation Plan     11Types of Ethical Hacks     12Testing Types     12Ethical Hacking Report     13Understanding the Legal Implications of Hacking     13Understanding 18 U.S.C. [Section]1029 and 1030 U.S. Federal Law     14Exam Essentials     14Review Questions     16Answers to Review Questions     18Footprinting and Social Engineering     19Footprinting     20Define the Term Footprinting     20Describe the Information Gathering Methodology     21Describe Competitive Intelligence     22Understand DNS Enumeration     23Understand Whois and ARIN Lookups     24Identify Different Types of DNS Records     27Understand How Traceroute Is Used in Footprinting     28Understand How E-Mail Tracking Works     29Understand How Web Spiders Work     29Exam Essentials     29Social Engineering     30What Is Social Engineering?     30What Are the Common Types Of Attacks?     32Understand Insider Attacks     33Understand Identity Theft     33Describe Phishing Attacks     34Understand Online Scams     34Understand URL Obfuscation     35Social-Engineering Countermeasures     35Exam Essentials     36Review Questions     37Answers to Review Questions     40Scanning and Enumeration     41Scanning     42Define the Terms Port Scanning, Network Scanning, and Vulnerability Scanning     42Understand the CEH Scanning Methodology     43Understand Ping Sweep Techniques     44Understand Nmap Command Switches     46Understand Syn, Stealth, Xmas, Null, Idle, and Fin Scans     48List TCP Communication Flag Types     49Understand War-Dialing Techniques     51Understand Banner Grabbing and OS Fingerprinting Techniques     52Understand How Proxy Servers Are Used in Launching an Attack     53How Do Anonymizers Work?     53Understand HTTP Tunneling Techniques     54Understand IP Spoofing Techniques     54Exam Essentials     55Enumeration     55What Is Enumeration?     56What Is Meant by Null Sessions?     56What Is SNMP Enumeration?     58Windows 2000 DNS Zone Transfer     59What Are the Steps Involved in Performing Enumeration?     60Exam Essentials     60Review Questions     62Answers to Review Questions     66System Hacking      67Understanding Password-Cracking Techniques     68Understanding the LanManager Hash     69Cracking Windows 2000 Passwords     70Redirecting the SMB Logon to the Attacker     70SMB Redirection     71SMB Relay MITM Attacks and Countermeasures     71NetBIOS DoS Attacks     72Password-Cracking Countermeasures     72Understanding Different Types of Passwords     74Passive Online Attacks     74Active Online Attacks     75Offline Attacks     77Nonelectronic Attacks     78Understanding Keyloggers and Other Spyware Technologies     78Understand Escalating Privileges     79Executing Applications     80Buffer Overflows     80Understanding Rootkits     81Planting Rootkits on Windows 2000 and XP Machines     81Rootkit Embedded TCP/IP Stack     82Rootkit Countermeasures     82Understanding How to Hide Files     83NTFS File Streaming     83NTFS Stream Countermeasures     83Understanding Steganography Technologies     84Understanding How to Cover Your Tracks and Erase Evidence     85Disabling Auditing     85Clearing the Event Log     86Exam Essentials     86Review Questions     87Answers to Review Questions     89Trojans, Backdoors, Viruses, and Worms     91Trojans and Backdoors     92What Is a Trojan?     93What Is Meant by Overt and Covert Channels?     94List the Different Types of Trojans     94How Do Reverse-Connecting Trojans Work?     94Understand How the Netcat Trojan Works     96What Are the Indications of a Trojan Attack?     97What Is Meant by "Wrapping"?     97Trojan Construction Kit and Trojan Makers     97What Are the Countermeasure Techniques in Preventing Trojans?     98Understand Trojan-Evading Techniques     98System File Verification Subobjective to Trojan Countermeasures     99Viruses and Worms     99Understand the Difference between a Virus and a Worm     99Understand the Types of Viruses     100Understand Antivirus Evasion Techniques     101Understand Virus Detection Methods     101Exam Essentials     101Review Questions      103Answers to Review Questions     106Sniffers     107Understand the Protocols Susceptible to Sniffing     108Understand Active and Passive Sniffing     109Understand ARP Poisoning     110Understand Ethereal Capture and Display Filters     110Understand MAC Flooding     111Understand DNS Spoofing Techniques     111Describe Sniffing Countermeasures     113Exam Essentials     114Review Questions     115Answers to Review Questions     117Denial of Service and Session Hijacking     119Denial of Service     120Understand the Types of DoS Attacks     120Understand How DDoS Attacks Work     122Understand How BOTs/BOTNETs Work     123What Is a "Smurf" Attack?     124What Is "SYN" Flooding?     124Describe the DoS/DDoS Countermeasures     124Session Hijacking     125Understand Spoofing vs. Hijacking     125List the Types of Session Hijacking     126Understand Sequence Prediction     126What Are the Steps in Performing Session Hijacking?     128Describe How You Would Prevent Session Hijacking     129Exam Essentials     130Review Questions     131Answers to Review Questions     135Hacking Web Servers, Web Application Vulnerabilities, and Web-Based Password Cracking Techniques     137Hacking Web Servers     138List the Types of Web Server Vulnerabilities     138Understand the Attacks against Web Servers     139Understand IIS Unicode Exploits     139Understand Patch Management Techniques     140Describe Web Server Hardening Methods     140Web Application Vulnerabilities     141Understanding How Web Applications Work     141Objectives of Web Application Hacking     142Anatomy of an Attack     142Web Application Threats     142Understand Google Hacking     143Understand Web Application Countermeasures     143Web-Based Password Cracking Techniques     144List the Authentication Types     144What Is a Password Cracker?     144How Does a Password Cracker Work?     144Understand Password Attacks: Classification     145Understand Password-Cracking Countermeasures     145Exam Essentials     145Review Questions     147Answers to Review Questions     149SQL Injection and Buffer Overflows     151SQL Injection     152What Is SQL Injection?     152Understand the Steps to Conduct SQL Injection     152Understand SQL Server Vulnerabilities     153Describe SQL Injection Countermeasures     153Buffer Overflows     154Identify the Different Types of Buffer Overflows and Methods of Detection     154Overview of Stack-Based Buffer Overflows     154Overview of Buffer Overflow Mutation Techniques     155Exam Essentials     155Review Questions     156Answers to Review Questions     158Wireless Hacking     159Overview of WEP, WPA Authentication Mechanisms, and Cracking Techniques     160Overview of Wireless Sniffers and Locating SSIDs, MAC Spoofing     162Understand Rogue Access Points     163Understand Wireless Hacking Techniques     163Describe the Methods Used to Secure Wireless Networks     164Exam Essentials     164Review Questions     165Answers to Review Questions      167Physical Security     169Physical Security Breach Incidents     170Understanding Physical Security     171What Is the Need for Physical Security?     171Who Is Accountable for Physical Security?     172Factors Affecting Physical Security     172Exam Essentials     172Review Questions     174Answers to Review Questions     176Linux Hacking     177Linux Basics     178Understand How to Compile a Linux Kernel     179Understand GCC Compilation Commands     180Understand How to Install Linux Kernel Modules     180Understand Linux Hardening Methods     181Exam Essentials     182Review Questions     183Answers to Review Questions     185Evading IDSs, Honeypots, and Firewalls     187List the Types of Intrusion Detection Systems and Evasion Techniques     188List the Firewall Types and Honeypot Evasion Techniques     189Exam Essentials     191Review Questions     192Answers to Review Questions     194Cryptography     195Overview of Cryptography and Encryption Techniques      196Describe How Public and Private Keys Are Generated     197Overview of the MD5, SHA, RC4, RC5, and Blowfish Algorithms     197Exam Essentials     198Review Questions     199Answers to Review Questions     201Penetration Testing Methodologies     203Defining Security Assessments     204Overview of Penetration Testing Methodologies     204List the Penetration Testing Steps     205Overview of the Pen-Test Legal Framework     206List the Automated Penetration Testing Tools     207Overview of the Pen-Test Deliverables     208Exam Essentials     208Review Questions     209Answers to Review Questions     211Glossary     213Index     225