Certified Ethical Hacker (CEH) Preparation Guide

Know the basic principles of ethical hacking. This book is designed to provide you with the knowledge, tactics, and tools needed to prepare for the Certified Ethical Hacker(CEH) exam—a qualification that tests the cybersecurity professional’s baseline knowledge of security threats, risks, and countermeasures through lectures and hands-on labs.

You will review the organized certified hacking mechanism along with: stealthy network re-con; passive traffic detection; privilege escalation, vulnerability recognition, remote access, spoofing; impersonation, brute force threats, and cross-site scripting. The book covers policies for penetration testing and requirements for documentation.

This book uses a unique “lesson” format with objectives and instruction to succinctly review each major topic, including: footprinting and reconnaissance and scanning networks, system hacking, sniffers and social engineering, session hijacking, Trojans and backdoor viruses and worms, hacking webservers, SQL injection, buffer overflow, evading IDS, firewalls, and honeypots, and much more.

WHAT YOU WILL LEARN

* Understand the concepts associated with Footprinting
* Perform active and passive reconnaissance
* Identify enumeration countermeasures
* Be familiar with virus types, virus detection methods, and virus countermeasures
* Know the proper order of steps used to conduct a session hijacking attack
* Identify defensive strategies against SQL injection attacks
* Analyze internal and external network traffic using an intrusion detection system

WHO THIS BOOK IS FOR

Security professionals looking to get this credential, including systems administrators, network administrators, security administrators, junior IT auditors/penetration testers, security specialists, security consultants, security engineers, and more

AHMED SHEIKH is a Fulbright alumnus and has earned a master's degree in electrical engineering from Kansas State University, USA. He is a seasoned IT expert with a specialty in network security planning and skills in cloud computing. Currently, he is working as an IT Expert Engineer at a leading IT electrical company.

CHAPTER 1. INTRODUCTION TO ETHICAL HACKING

Identify the five phase of ethical hacking.

Identify the different types of hacker attacks.

CHAPTER 2. FOOTPRINTING AND RECONNAISSANCE & SCANNING NETWORKS

Identify the specific concepts associated with Footprinting.

Describe information gathering tools and methodology.

Explain DNS enumeration.

Perform active and passive reconnaissance.

Recognize the differences between port scanning, network scanning and vulnerability scanning.

Identify TCP flag types.

Identify types of port scans.

Identify scanning countermeasures

CHAPTER 3. ENUMERATION

Explain enumeration techniques.

Recognize how to establish sessions.

Identify enumeration countermeasures.

Perform active and passive enumeration.

CHAPTER 4. SYSTEM HACKING

Identify different types of password attacks.

Use a password cracking tool.

Identify various password cracking countermeasures.

Identify different ways to hide files.

Recognize how to detect a rootkit.

Identify tools that can be used to cover attacker tracks.

CHAPTER 5. TROJANS AND BACKDOOR VIRUSES AND WORMS

Explain how a Trojan infects a system.

Identify ports used by Trojans and Trojan countermeasures.

Identify the symptoms of a virus.

Describe how a virus works.

Identify virus types, virus detection methods, and virus countermeasures.

CHAPTER 6. SNIFFERS AND SOCIAL ENGINEERING

Identify types of sniffing, and protocols vulnerable to sniffing.

Recognize types of sniffing attacks.

Identify methods for detecting sniffing.

Identify countermeasures for sniffing.

Identify different types of social engineering, and social engineering countermeasures.

CHAPTER 7. DENIAL OF SERVICE

Identify characteristics of a DoS attack.

Analyze symptoms of a DoS attack.

Recognize DoS attack techniques.

Identify detection techniques, and countermeasure strategies.

CHAPTER 8. SESSION HIJACKING

Identify the proper order of steps used to conduct a session hijacking attack.

Recognize different types of session hijacking.

Identify TCP/IP hijacking.

Describe countermeasures to protect against session hijacking.

CHAPTER 9. HACKING WEBSERVERS

Define Web Server architecture.

Explain Web server vulnerabilities.

Explore various Web Server attacks.

CHAPTER 10. HACKING WEB APPLICATIONS

Identify Web application components.

Describe Web application attacks.

Identify countermeasures.

CHAPTER 11. SQL INJECTION

Examine SQL Injection Attacks.

Identify defensive strategies against SQL injection attacks.

CHAPTER 12. HACKING WIRELESS NETWORKS

Identify various types of wireless networks.

Identify authentication methods, and types of wireless encryption.

Explain the methodology of wireless hacking.

Apply wireless commands and tools.

Examine plain text wireless traffic, wired equivalent privacy (WEP)

CHAPTER 13. EVADING IDS, FIREWALLS, AND HONEYPOTS

Identify intrusion detection systems, and techniques.

Identify the classes of firewalls.

Define a honeypot.

Analyze internal and external network traffic using an intrusion detection system.

CHAPTER 14. BUFFER OVERFLOW

Define a buffer overflow.

Identify a buffer overflow.

Identify buffer overflow countermeasures.

CHAPTER 15. CRYPTOGRAPHY

Recognize public key cryptography.

Identify a digital signature.

Define a message digest.

Define secure sockets layer (SSL).

Analyze encrypted email.

CHAPTER 16. PENETRATION TESTING

Identify types of security assessments.

Identify steps of penetration testing.

Examine risk management.

Identify various penetration testing tools.