Home > Store

Certified Ethical Hacker (CEH) Cert Guide

Register your product to gain access to bonus material or receive a coupon.

Certified Ethical Hacker (CEH) Cert Guide

Best Value Purchase

Book + eBook Bundle

  • Your Price: $64.79
  • List Price: $107.98
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Tests. Click on the "Premium Edition" tab (on the left side of this page) to learn more about this product.

    Your purchase will deliver:

    • Link to download the enhanced Pearson IT Certification Practice Test exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    The eBooks require no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

    eBook Download Instructions

More Purchase Options

Book

  • Your Price: $47.99
  • List Price: $59.99
  • Usually ships in 24 hours.

Premium Edition eBook

  • Your Price: $38.39
  • List Price: $47.99
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Tests. Click on the "Premium Edition" tab (on the left side of this page) to learn more about this product.

    Your purchase will deliver:

    • Link to download the enhanced Pearson IT Certification Practice Test exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    The eBooks require no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

    eBook Download Instructions

Description

  • Copyright 2014
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 704
  • Edition: 1st
  • Book
  • ISBN-10: 0-7897-5127-5
  • ISBN-13: 978-0-7897-5127-0

Learn, prepare, and practice for CEH v8 exam success with Certified Ethical Hacker (CEH) Cert Guide from Pearson IT Certification, a leader in IT certification.

  • Master CEH exam topics
  • Assess your knowledge with chapter-ending quizzes
  • Review key concepts with exam preparation tasks
  • Practice with realistic exam questions on the CD

Certified Ethical Hacker (CEH) Cert Guide is a best-of-breed exam study guide. Leading security consultant and certification expert Michael Gregg shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

You'll get a complete test preparation routine organized around proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion CD contains the powerful Pearson IT Certification Practice Test engine, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most, so you can succeed on the exam the first time.

This study guide helps you master all the topics on the CEH v8 (312-50) exam, including

  • Ethical hacking basics
  • Technical foundations of hacking
  • Footprinting and scanning
  • Enumeration and system hacking
  • Linux distros and automated assessment tools
  • Trojans and backdoors
  • Sniffers, session hijacking, and denial of service
  • Web server hacking, web applications, and database attacks
  • Wireless technologies, mobile security, and mobile attacks
  • IDS, firewalls, and honeypots
  • Buffer overflows, viruses, and worms
  • Cryptographic attacks and defenses
  • Physical security and social engineering

Companion CD

The CD contains two free, complete practice exams, plus memory tables and answers to help you study more efficiently and effectively.

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), Windows 7, or Windows 8; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512MB RAM; 650MB disc space plus 50MB for each downloaded practice exam; access to the Internet to register and download exam databases

Premium Edition

Certified Ethical Hacker (CEH) Cert Guide, Premium Edition eBook and Practice Test

Save 50% - Limited Time, Introductory Offer

The exciting new Certified Ethical Hacker (CEH) Cert Guide, Premium Edition eBook and Practice Testis a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

  • The CEH Premium Edition Practice Test, including four full practice exams and enhanced practice test features
  • PDF and EPUB formats of the Certified Ethical Hacker (CEH) Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package

  • Enables you to focus on individual topic areas or take complete, timed exams
  • Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
  • Provides unique sets of exam-realistic practice questions
  • Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), Windows 7, or Windows 8; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512MB RAM; 650MB disc space plus 50MB for each downloaded practice exam; access to the Internet to register and download exam databases

About the Premium Edition eBook

Learn, prepare, and practice for CEH exam success with this study guide from Pearson IT Certification, a leader in IT certification learning.

  • Master CEH exam topics
  • Assess your knowledge with chapter-ending quizzes
  • Review key concepts with exam preparation tasks
  • Practice with realistic exam questions on the DVD

Certified Ethical Hacker (CEH) Cert Guide is a best-of-breed exam study guide from Pearson IT Certification, a leader in IT certification learning. Leading security consultant and certification expert Michael Gregg shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

Certified Ethical Hacker (CEH) Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The study guide helps you master all the topics on the CEH v8 (312-50) exam, including

  • Ethical hacking basics
  • Technical foundations of hacking
  • Footprinting and scanning
  • Enumeration and system hacking
  • Linux and automated assessment tools
  • Trojans and backdoors
  • Sniffers, session hijacking, and denial of service
  • Web server hacking, web applications, and database attacks
  • Wireless technologies, mobile security, and mobile attacks
  • IDS, firewalls, and honeypots
  • Buffer overflows, viruses, and worms
  • Cryptographic attacks and defenses
  • Physical security and social engineering

Sample Content

Online Sample Chapter

Certified Ethical Hacker Cert Guide: Enumeration and System Hacking

Sample Pages

Download the sample pages (includes Chapter 4)

Table of Contents

Introduction xxiii

Chapter 1 Ethical Hacking Basics 3

“Do I Know This Already?” Quiz 3

Foundation Topics 6

Security Fundamentals 6

    Goals of Security 7

    Risk, Assets, Threats, and Vulnerabilities 8

    Defining an Exploit 10

Security Testing 10

    No-Knowledge Tests (Black Box) 11

    Full-Knowledge Testing (White Box) 11

    Partial-Knowledge Testing (Gray Box) 11

    Types of Security Tests 12

Hacker and Cracker Descriptions 13

    Who Attackers Are 15

    Hacker and Cracker History 16

Ethical Hackers 17

    Required Skills of an Ethical Hacker 18

    Modes of Ethical Hacking 19

Test Plans–Keeping It Legal 21

    Test Phases 23

    Establishing Goals 24

    Getting Approval 25

    Ethical Hacking Report 25

    Vulnerability Research–Keeping Up with Changes 26

Ethics and Legality 27

    Overview of U.S. Federal Laws 28

    Compliance Regulations 30

Chapter Summary 31

Exam Preparation Tasks 32

Review All Key Topics 32

Hands-On Labs 32

    Lab 1-1 Examining Security Policies 32

Review Questions 33

Define Key Terms 36

View Recommended Resources 36

Chapter 2 The Technical Foundations of Hacking 39

“Do I Know This Already?” Quiz 39

Foundation Topics 42

The Attacker’s Process 42

    Performing Reconnaissance and Footprinting 42

    Scanning and Enumeration 43

    Gaining Access 44

    Escalation of Privilege 45

    Maintaining Access 45

    Covering Tracks and Planting Backdoors 45

The Ethical Hacker’s Process 46

    National Institute of Standards and Technology 47

    Operational Critical Threat, Asset, and Vulnerability Evaluation 47

    Open Source Security Testing Methodology Manual 48

Security and the Stack 48

    The OSI Model 48

    Anatomy of TCP/IP Protocols 51

        The Application Layer 53

        The Transport Layer 57

        The Internet Layer 60

        The Network Access Layer 65

Chapter Summary 67

Exam Preparation Tasks 67

Review All Key Topics 67

Define Key Terms 68

Exercises 68

    2.1 Install a Sniffer and Perform Packet Captures 68

    2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack 70

Review Questions 71

Suggested Reading and Resources 75

Chapter 3 Footprinting and Scanning 77

“Do I Know This Already?” Quiz 77

Foundation Topics 80

The Seven-Step Information-Gathering Process 80

    Information Gathering 80

        Documentation 80

        The Organization’s Website 81

        Job Boards 83

        Employee and People Searches 84

        EDGAR Database 87

        Google Hacking 88

        Usenet 92

        Registrar Query 93

        DNS Enumeration 96

    Determine the Network Range 101

        Traceroute 101

Identifying Active Machines 104

Finding Open Ports and Access Points 105

    Nmap 112

    SuperScan 115

    THC-Amap 115

    Scanrand 116

    Hping 116

    Port Knocking 117

    War Dialers 117

    War Driving 118

OS Fingerprinting 118

    Active Fingerprinting Tools 120

    Fingerprinting Services 122

        Default Ports and Services 122

        Finding Open Services 123

Mapping the Network Attack Surface 125

    Manual Mapping 125

    Automated Mapping 125

Chapter Summary 127

Exam Preparation Tasks 127

Review All Key Topics 127

Define Key Terms 128

Command Reference to Check Your Memory 128

Exercises 129

    3.1 Performing Passive Reconnaissance 129

    3.2 Performing Active Reconnaissance 130

Review Questions 131

Suggested Reading and Resources 134

Chapter 4 Enumeration and System Hacking 137

“Do I Know This Already?” Quiz 137

Foundation Topics 140

Enumeration 140

    Windows Enumeration 140

    Windows Security 142

    NetBIOS and LDAP Enumeration 143

        NetBIOS Enumeration Tools 145

    SNMP Enumeration 148

    Linux/UNIX Enumeration 149

    NTP Enumeration 150

    SMTP Enumeration 150

    DNS Enumeration 151

System Hacking 151

    Nontechnical Password Attacks 151

    Technical Password Attacks 152

        Password Guessing 152

        Automated Password Guessing 153

        Password Sniffing 154

        Keystroke Loggers 155

    Privilege Escalation and Exploiting Vulnerabilities 155

    Exploiting an Application 156

    Exploiting a Buffer Overflow 156

    Owning the Box 157

        Authentication Types 158

        Cracking the Passwords 159

    Hiding Files and Covering Tracks 162

        File Hiding 163

Chapter Summary 165

Exam Preparation Tasks 165

Review All Key Topics 165

Define Key Terms 166

Command Reference to Check Your Memory 166

Exercise 166

    4.1 NTFS File Streaming 166

Review Questions 167

Suggested Reading and Resources 171

Chapter 5 Linux and Automated Assessment Tools 173

“Do I Know This Already?” Quiz 173

Foundation Topics 176

Linux 176

    Linux or Windows? Picking the Right Platform 176

    Linux File Structure 177

    Linux Basics 179

        Passwords and the Shadow File 182

        Linux Passwords 183

    Compressing, Installing, and Compiling Linux 185

Hacking Linux 186

    Reconnaissance 186

    Scanning 186

    Enumeration 188

    Gaining Access 188

    Privilege Escalation 190

    Maintaining Access and Covering Tracks 191

Hardening Linux 194

Automated Assessment Tools 196

    Automated Assessment Tools 196

        Source Code Scanners 197

        Application-Level Scanners 197

        System-Level Scanners 198

Automated Exploit Tools 201

Chapter Summary 203

Exam Preparation Tasks 204

Review All Key Topics 204

Define Key Terms 204

Command Reference to Check Your Memory 205

Exercises 205

    5.1 Downloading and Running Backtrack 205

    5.2 Using Backtrack to Perform a Port Scan 206

    5.3 Creating a Virtual Machine 206

    5.4 Cracking Passwords with John the Ripper 207

Review Questions 208

Suggested Reading and Resources 210

Chapter 6 Trojans and Backdoors 213

“Do I Know This Already?” Quiz 213

Foundation Topics 216

Trojans 216

    Trojan Types 216

    Trojan Ports and Communication Methods 217

    Trojan Goals 219

    Trojan Infection Mechanisms 219

    Effects of Trojans 220

    Trojan Tools 221

    Distributing Trojans 225

    Trojan Tool Kits 226

Covert Communication 227

    Covert Communication Tools 231

        Port Redirection 232

        Other Redirection and Covert Tools 234

Keystroke Logging and Spyware 235

    Hardware 236

    Software 236

    Spyware 237

Trojan and Backdoor Countermeasures 238

Chapter Summary 240

Exam Preparation Tasks 241

Review All Key Topics 241

Define Key Terms 242

Command Reference to Check Your Memory 242

Exercises 243

    6.1 Finding Malicious Programs 243

    6.2 Using a Scrap Document to Hide Malicious Code 244

    6.3 Using Process Explorer 244

Review Questions 246

Suggested Reading and Resources 248

Chapter 7 Sniffers, Session Hijacking, and Denial of Service 251

“Do I Know This Already?” Quiz 251

Foundation Topics 254

Sniffers 254

    Passive Sniffing 254

    Active Sniffing 255

        Address Resolution Protocol 255

        ARP Poisoning and Flooding 256

    Tools for Sniffing 260

        Wireshark 260

        Other Sniffing Tools 262

    Sniffing and Spoofing Countermeasures 263

Session Hijacking 264

    Transport Layer Hijacking 264

        Predict the Sequence Number 265

        Take One of the Parties Offline 267

        Take Control of the Session 267

    Application Layer Hijacking 267

        Session Sniffing 267

        Predictable Session Token ID 268

        Man-in-the-Middle Attacks 268

        Man-in-the-Browser Attacks 269

        Client-Side Attacks 269

    Session-Hijacking Tools 271

    Preventing Session Hijacking 273

Denial of Service, Distributed Denial of Service, and Botnets 274

    Types of DoS 275

        Bandwidth Attacks 276

        SYN Flood Attacks 277

        Program and Application Attacks 277

    Distributed Denial of Service 278

        DDoS Tools 280

    Botnets 282

    DoS, DDOS, and Botnet Countermeasures 285

Summary 288

Exam Preparation Tasks 289

Review All Key Topics 289

Define Key Terms 290

Exercises 290

    7.1 Scanning for DDoS Programs 290

    7.2 Using SMAC to Spoof Your MAC Address 291

Review Questions 291

Suggested Reading and Resources 294

Chapter 8 Web Server Hacking, Web Applications, and Database Attacks 297

“Do I Know This Already?” Quiz 297

Foundation Topics 300

Web Server Hacking 300

    Scanning Web Servers 302

        Banner Grabbing and Enumeration 302

    Web Server Vulnerability Identification 306

    Attacks Against Web Servers 307

        IIS Vulnerabilities 308

        Securing IIS and Apache Web Servers 312

Web Application Hacking 314

    Unvalidated Input 315

    Parameter/Form Tampering 315

    Injection Flaws 315

    Cross-Site Scripting and Cross-Site Request Forgery Attacks 316

    Hidden Field Attacks 317

        Other Web Application Attacks 318

    Web-Based Authentication 319

    Web-Based Password Cracking and Authentication Attacks 320

        Cookies 324

        URL Obfuscation 324

    Intercepting Web Traffic 326

Database Hacking 329

    Identifying SQL Servers 330

    SQL Injection Vulnerabilities 331

    SQL Injection Hacking Tools 333

Summary 334

Exam Preparation Tasks 335

Review All Key Topics 335

Define Key Terms 336

Exercise 336

    8.1 Hack the Bank 336

Review Questions 337

Suggested Reading and Resources 339

Chapter 9 Wireless Technologies, Mobile Security, and Attacks 341

“Do I Know This Already?” Quiz 341

Foundation Topics 344

Wireless Technologies 344

    Wireless History 344

    Satellite TV 344

    Cordless Phones 346

    Cell Phones and Mobile Devices 346

    Mobile Devices 348

        Smartphone Vulnerabilities and Attack Vectors 349

        Android 350

        iOS 352

        Windows Phone 8 352

        BlackBerry 353

        Mobile Device Management and Protection 353

    Bluetooth 354

Wireless LANs 355

    Wireless LAN Basics 355

    Wireless LAN Frequencies and Signaling 357

    Wireless LAN Security 358

    Wireless LAN Threats 361

        Eavesdropping 362

        Configured as Open Authentication 363

        Rogue and Unauthorized Access Points 363

        Denial of Service (DoS) 365

    Wireless Hacking Tools 366

        Discover WiFi Networks 366

        Perform GPS Mapping 367

        Wireless Traffic Analysis 367

        Launch Wireless Attacks 368

        Crack and Compromise the WiFi Network 368

    Securing Wireless Networks 369

        Defense in Depth 369

        Site Survey 371

        Robust Wireless Authentication 372

        Misuse Detection 373

Summary 374

Exam Preparation Tasks 374

Review All Key Topics 375

Define Key Terms 375

Review Questions 375

Suggested Reading and Resources 378

Chapter 10 IDS, Firewalls, and Honeypots 381

“Do I Know This Already?” Quiz 381

Intrusion Detection Systems 385

    IDS Types and Components 385

    Pattern Matching and Anomaly Detection 387

    Snort 388

    IDS Evasion 392

        IDS Evasion Tools 394

Firewalls 395

    Firewall Types 395

        Network Address Translation 395

        Packet Filters 396

        Application and Circuit-Level Gateways 398

        Stateful Inspection 399

    Identifying Firewalls 400

    Bypassing Firewalls 402

Honeypots 407

    Types of Honeypots 408

    Detecting Honeypots 409

Summary 410

Exam Preparation Tasks 411

Review All Key Topics 411

Define Key Terms 411

Review Questions 412

Suggested Reading and Resources 414

Chapter 11 Buffer Overflows, Viruses, and Worms 417

“Do I Know This Already?” Quiz 417

Foundation Topics 420

Buffer Overflows 420

    What Is a Buffer Overflow? 420

    Why Are Programs Vulnerable? 421

    Understanding Buffer-Overflow Attacks 423

    Common Buffer-Overflow Attacks 426

    Preventing Buffer Overflows 427

Viruses and Worms 429

    Types and Transmission Methods of Viruses 429

    Virus Payloads 431

    History of Viruses 432

    Well-Known Viruses 434

        The Late 1980s 434

        The 1990s 434

        2000 and Beyond 435

    Virus Tools 438

    Preventing Viruses 439

    Antivirus 440

    Malware Analysis 442

        Static Analysis 442

        Dynamic Analysis 445

Summary 446

Exam Preparation Tasks 447

Review All Key Topics 447

Define Key Terms 447

Exercises 448

    11.1 Locating Known Buffer Overflows 448

    11.2 Review CVEs and Buffer Overflows 449

Review Questions 449

Suggested Reading and Resources 451

Chapter 12 Cryptographic Attacks and Defenses 453

“Do I Know This Already?” Quiz 453

Foundation Topics 456

Functions of Cryptography 456

History of Cryptography 457

Algorithms 459

    Symmetric Encryption 460

        Data Encryption Standard (DES) 461

        Advanced Encryption Standard (AES) 463

        Rivest Cipher (RC) 463

        Asymmetric Encryption (Public Key Encryption) 464

        RSA 465

        Diffie-Hellman 465

        ElGamal 466

        Elliptic Curve Cryptography (ECC) 466

    Hashing 466

        Digital Signature 467

        Steganography 468

        Steganography Operation 469

        Steganographic Tools 470

        Digital Watermark 472

        Digital Certificates 473

Public Key Infrastructure 474

    Trust Models 475

        Single Authority 475

        Hierarchical Trust 476

        Web of Trust 476

Protocols, Standards, and Applications 477

    Encryption Cracking and Tools 479

        Weak Encryption 481

    Encryption-Cracking Tools 482

Summary 483

Exam Preparation Tasks 484

Review All Key Topics 484

Define Key Terms 484

Exercises 485

    12.1 Examining an SSL Certificate 485

    12.2 Using PGP 486

    12.3 Using a Steganographic Tool to Hide a Message 487

Review Questions 487

Suggested Reading and Resources 490

Chapter 13 Physical Security and Social Engineering 493

“Do I Know This Already?” Quiz 493

Foundation Topics 496

Physical Security 496

    Threats to Physical Security 496

    Equipment Controls 499

        Locks 499

        Fax Machines 504

    Area Controls 505

    Location Data and Geotagging 506

    Facility Controls 508

    Personal Safety Controls 510

        Fire Prevention, Detection, and Suppression 510

    Physical Access Controls 511

        Authentication 511

    Defense in Depth 512

Social Engineering 513

    Six Types of Social Engineering 513

    Person-to-Person Social Engineering 514

    Computer-Based Social Engineering 514

    Reverse Social Engineering 515

    Policies and Procedures 515

        Employee Hiring and Termination Policies 516

        Help Desk Procedures and Password Change Policies 516

        Employee Identification 516

        Privacy Policies 517

        Governmental and Commercial Data Classification 518

        User Awareness 519

Summary 519

Exam Preparation Tasks 520

Review All Key Topics 520

Define Key Terms 521

Exercises 521

    13.1 Biometrics and Fingerprint Recognition 521

Review Questions 522

Suggested Reading and Resources 524

Chapter 14 Final Preparation 527

Tools for Final Preparation 527

    Pearson Cert Practice Test Engine and Questions on the CD 527

        Install the Software from the CD 527

        Activate and Download the Practice Exam 528

        Activating Other Exams 529

        Premium Edition 529

    Memory Tables 530

    End-of-Chapter Review Tools 530

Suggested Plan for Final Review and Study 530

Summary 532

Glossary 535

Practice Exam 1 EC-Council CEH 312-50 561

Practice Exam 2 EC-Council CEH 312-50 603

Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions (CD only)

Appendix B Memory Tables (CD only)

Appendix C Memory Table Answer Key (CD only)

9780789751270   TOC   11/4/2013

More Information

ONE MONTH ACCESS!

WITH PURCHASE


Get unlimited 30-day access to thousands of Books & Training Videos about technology, professional development and digital media If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months.