Book Image

Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

By : Dale Meredith
Book Image

Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

By: Dale Meredith

Overview of this book

With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of this cybersecurity book. This study guide takes a step-by-step approach to helping you cover all the exam objectives using plenty of examples and hands-on activities. You'll start by gaining insights into the different elements of InfoSec and a thorough understanding of ethical hacking terms and concepts. You'll then learn about various vectors, including network-based vectors, software-based vectors, mobile devices, wireless networks, and IoT devices. The book also explores attacks on emerging technologies such as the cloud, IoT, web apps, and servers and examines prominent tools and techniques used by hackers. Finally, you'll be ready to take mock tests, which will help you test your understanding of all the topics covered in the book. By the end of this book, you'll have obtained the information necessary to take the 312-50 exam and become a CEH v11 certified ethical hacker.

Related Content you might be interested in

Current Title:

Small book image
Certified Ethical Hacker (CEH) v12 312-50 Exam Guide
Dale Meredith
Jul, 2022 | 664 pages
Small book image
Hands-On Penetration Testing with Kali NetHunter
SeanPhilip Oriyano | Glen D Singh
Feb, 2019 | 302 pages
Small book image
Applied Network Security
Michael McLafferty | Warun Levesque | Arthur Salmon
Apr, 2017 | 350 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Where Every Hacker Starts
Section 1: Where Every Hacker Starts
Free Chapter
2
Chapter 1: Understanding Ethical Hacking
Chapter 1: Understanding Ethical Hacking
The benefits of the CEH certification
Ethical hacking
What is information security?
Information security controls
Information security laws and standards
Summary
Questions
3
Chapter 2: Introduction to Reconnaissance
Chapter 2: Introduction to Reconnaissance
Overview of reconnaissance
Search engines
Google hacking
Using WHOIS
Using ping and DNS
Summary
Questions
4
Chapter 3: Reconnaissance – A Deeper Dive
Chapter 3: Reconnaissance – A Deeper Dive
Investigating the target's website
The Wayback Machine
What organizations give away for free
Employees – the weakest link
Reconnaissance countermeasures
Summary
Questions
5
Chapter 4: Scanning Networks
Chapter 4: Scanning Networks
Grasping scanning
Understanding the three-way handshake
Checking for live systems and their ports
Scanning by thinking outside the box
Banner grabbing and OS fingerprinting
Vulnerability scanning and drawing out the network
Preparing proxies and other anonymizing techniques
Summary
Questions
6
Chapter 5: Enumeration
Chapter 5: Enumeration
What is enumeration?
Ports and services to know about
Enumerating via defaults
NetBIOS enumeration
Enumerating using SNMP
Enumerating via LDAP
Network Time Protocol
Enumerating using SMTP
The golden ticket – DNS
Oh wait, there's more!
The countermeasures
Summary
Questions
7
Chapter 6: Vulnerability Analysis
Chapter 6: Vulnerability Analysis
Vulnerability analysis – where to start
Vulnerability classifications
The vulnerability life cycle
Ongoing scanning and monitoring
Summary
Questions
8
Chapter 7: System Hacking
Chapter 7: System Hacking
Understanding our objectives
Phase 1 – Gaining access and cracking passwords
Phase 2 – Escalating privileges
Phase 3 – Maintaining access and executing applications
Phase 4 – Maintaining access and hiding your tools
Phase 5 – Covering your tracks – Clearing logs and evidence
Summary
Questions
9
Chapter 8: Social Engineering
Chapter 8: Social Engineering
Understanding social engineering
Attack-vulnerable behaviors
What makes social engineering work?
Social engineering's attack phases
Social engineering methods
Threats from within
Threats to corporate networks from social media
Identity theft
Countermeasures
Summary
Questions
Further reading
10
Section 2: A Plethora of Attack Vectors
Section 2: A Plethora of Attack Vectors
11
Chapter 9: Malware and Other Digital Attacks
Chapter 9: Malware and Other Digital Attacks
So, what is malware?
What is a Trojan?
Viruses and worms
DoS threats
Session-hijacking threats
Master list of countermeasures
Summary
Questions
12
Chapter 10: Sniffing and Evading IDS, Firewalls, and Honeypots
Chapter 10: Sniffing and Evading IDS, Firewalls, and Honeypots
What is sniffing?
Types of sniffing
Hardware versus software sniffing
DHCP assaults
MAC attacks
ARP poisoning
DNS poisoning
Detecting sniffing methods
Evading IDS
Moving around firewalls
Honeypots
Summary
Questions
13
Chapter 11: Hacking Wireless Networks
Chapter 11: Hacking Wireless Networks
The wireless network and its types
The right encryption can help
A plethora of attack vectors
Methodology of wireless hacking
Hacking Bluetooth
The six layers of wire security
Countermeasures
Summary
Questions
14
Chapter 12: Hacking Mobile Platforms
Chapter 12: Hacking Mobile Platforms
Vulnerabilities in mobile environments
OWASP's Top 10 risks for mobile devices
Hacking Android
Hacking iOS
Mobile device management
Summary
Questions
15
Section 3: Cloud, Apps, and IoT Attacks
Section 3: Cloud, Apps, and IoT Attacks
16
Chapter 13: Hacking Web Servers and Web Apps
Chapter 13: Hacking Web Servers and Web Apps
Why web servers create security issues
Types of architecture
Threats to both servers and applications
The vulnerabilities of web APIs, web shells, and webhooks
Detecting web server hacking attempts
Summary
Questions
17
Chapter 14: Hacking IoT and OT
Chapter 14: Hacking IoT and OT
Understanding IoT
IoT hacking
Methods used for IoT
OT and methods used to hack it
Summary
Questions
18
Chapter 15: Cloud Computing
Chapter 15: Cloud Computing
Living on Cloud 9
Attacking the cloud
Tools and techniques of the attackers
Best practices for securing the cloud
Summary
Questions
19
Chapter 16: Using Cryptography
Chapter 16: Using Cryptography
Understanding cryptography
Standards and protocols
Countermeasures for cryptography
Summary
Questions
20
Chapter 17: CEH Exam Practice Questions
Chapter 17: CEH Exam Practice Questions
Exam questions
Answer key
21
Assessments
Assessments
Chapter 1 – Understanding Ethical Hacking
Chapter 2 – Introduction to Reconnaissance
Chapter 3 – Reconnaissance – a Deeper Dive
Chapter 4 – Scanning Networks
Chapter 5 – Enumeration
Chapter 6 – Vulnerability Analysis
Chapter 7 – System Hacking
Chapter 8 – Social Engineering
Chapter 9 – Malware and Other Digital Attacks
Chapter 10 – Sniffing and Evading IDS, Firewalls, and Honeypots
Chapter 11 – Hacking Wireless Networks
Chapter 12 – Hacking Mobile Platforms
Chapter 13 – Hacking Web Servers and Web Apps
Chapter 14 – Hacking IoT and OT
Chapter 15 – Cloud Computing
Chapter 16 – Using Cryptography
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Information security laws and standards

There's a difference between a law and a standard or guideline. A standard is a document created through consensus and approved by a body that governs a particular industry. It is a foundation upon which common rules, guidelines, and activities for that particular environment stand.

Let's start with the basics.

Payment Card Industry Data Security Standard

Almost everybody that is involved with the credit card-processing process, including processors, merchants, issuers, and others, have to adhere to these standards in order to accept credit cards. These standards include the following:

  • Payment Card Industry Data Security Standard (PCI DSS) audits – to ensure they have built and are maintaining a secure network. They confirm you have your firewall configurations in place.
  • Protecting the cardholder data – to ensure that you're not using defaults for system passwords, and so on. It also includes protecting the cardholder data itself – meaning you need to encrypt it while it's in motion or in storage.
  • A Vulnerability Management Program (VMP) – this shows that you are able to maintain a VMP – that you use and regularly update your antivirus or anti-malware software solutions, as well as the programs involved in every system that is used in the credit card process.
  • Strong access controls – to ensure that we restrict access to cardholder information so that the business doesn't get everything; they only get what they need at any given time and it's on a need-to-know basis. This ensures that only the data that's needed is transmitted or received by that business.
  • Going through and assigning unique IDs to each person with computer access.
  • Restricting physical access to any of the cardholder information that the company is storing.
  • We also have to prove that we regularly monitor and test our networks, and of course, we're going to update those in time.
  • Information security policy – you have to prove you have a policy in place and that you're going to maintain it and update it for anybody that's involved in the process of handling any type of credit card information.

ISO, IEC 2701 2013

This standard specifies the requirements for implementing, maintaining, establishing, and continually improving information security management systems within an organization. So, we're going to make sure that we establish security requirements and goals for the organization as far as security is concerned, and then we're going to make sure that we do so in a cost-effective manner. We are going to make sure that it also helps us with any type of compliance – whether it's regulations or laws – and we're going to make sure that we define a new information security management process as we evolve.

It also helps us to check the status of information security activities within the organization. It's also used by organizations to help us provide information security information to customers if need be.

Health Insurance Portability and Accountability Act

If you are based in the US, you have probably had interaction with the Health Insurance Portability and Accountability Act (HIPAA). When you go to the doctor, or any type of medical professional, they always have a signed HIPAA form.

HIPAA provides federal protections for any individual's health information that's maintained or stored by any type of health company, medical professional, or hospital.

They have also laid out several rules for administrative, physical, and technical safeguards. This includes things such as electronic transactions and code set standards. Any transaction, including health claims, payment, remittance, claim status, authorizations, and payments, has to be secured – whether it's in motion, in storage, or at rest.

Privacy rules

This establishes another standard to protect people's medical records and other personal health information, including who the health care provider is, what the health plan is, and so on – all this information has to be secure. It also gives us (the patients) the right to control our health information, including the right to look at, and actually get, a copy of our health records.

Security rule

This rule requires appropriate physical, technical, and administrative safeguards to make sure that we have CIA of electronically protected health information.

National identifier

This is basically ensuring that each employer has a national number that identifies them on all of the different transactions that may take place.

Enforcement rule

This contains provisions related to any type of compliance and investigation, as well as the possibility of imposing penalties for violations of any HIPAA rules.

The Sarbanes-Oxley (SOX) Act

This was created in 2002 to help protect the public and investors by adding additional accuracy and reliability when it comes to corporate disclosures. Now, unfortunately, this act actually doesn't go through and tell the organization how they must store their records. Instead, it describes the records that the organization must store and how long they must store them for.

The key requirements for SOX are organized into several titles, including the following:

  • Public Company Accounting Oversight Board: This creates a central oversight board tasked with going through and making sure that audits are performed, as well as helping to handle quality control.
  • The auditor independence: This helps to specify that new auditors are required to be rotated. It also restricts auditing companies from providing consulting services to their clients.
  • Corporate responsibility: This looks at the interaction between auditors that may be external, as well as corporate auditors, or committees, and their responsibilities. It also goes through and helps to specify the behaviors of corporate officers, and issues penalties for noncompliance.
  • Reporting requirements: This covers all applicable laws, rules and regulations, orders, directives, and other requirements of a supervisory body that mandates retention of financial transactions or similar information.
  • The analyst's conflict of interest: This one provides a code of conduct for security analysts and makes sure they disclose any knowledgeable conflicts of interest that they may have.
  • Commission resources and authority: This goes through and helps to define the Security Exchange Commission's (SEC's) authority to censor or bar security professionals from working if they've violated any of these other titles.
  • The studies and reports: This goes through and specifies the different types of studies that the SEC can conduct and how they report their findings.
  • The corporate and criminal fraud accountability: This was created in 2002 and it has seven sections, describing the different criminal penalties for going through and altering financial records or manipulating them – fudging the numbers or interfering with investigations.
  • The white-collar crime penalty enhancement: This sounds pretty serious, doesn't it? This actually goes through and increases the criminal penalties associated with white-collar crimes, whereby it recommends stronger sentencing guidelines.
  • The corporate tax returns: This basically tells us that the CEO should sign the company tax return… which is almost a given, right?
  • Corporate fraud accountability: This goes through and identifies any type of tampering or fraud as criminal offenses and then connects those offenses to specific penalties.

The Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) incorporates two different treaties that were signed back in 1996 by the World Intellectual Property Organization. It helps to define the legal prohibition against circumventing any technical protection measures that are out there for copyright holders. You are not supposed to be able to rip a DVD because a given film company has rights to it. That's where the DMCA comes into play. It guards against copyright infringement.

Federal Information Security Management Act

The Federal Information Security Management Act (FISMA) was passed in 2002 and creates several different standards and guidelines that are required by congressional legislation. FISMA is a framework that's effective for information security controls that are out there. It includes things such as standards for categorizing information and information systems by the impact that that system or information would have on the business if it were breached. There's also a standard for minimizing security requirements for information and information systems, as well as some suggestions for us, because selecting security controls and assessing those security controls also gives us some suggestions for security authorization systems.

General Data Protection Regulation

General Data Protection Regulation (GDPR) is at a global level and went into effect in 2018. It's very stringent when it comes to privacy and security laws globally and carries some very hefty fines for anybody who violates it. While it is an EU-specific law, it has implications for services based all over the world that service geographies in the EU.

GDPR includes various protections and accountability principles:

  • Lawfulness transparency and fairness: This means that the processing of data has to be lawful, transparent, and fair to the data subject.
  • The purpose limitation: This basically tells you, "You better have a reason for handling this type of data!".
  • Storage limitation: Normally, this identifies that you can only store personal information for a specific period of time and for a specific purpose.
  • Data minimization: This ensures that we're only collecting and processing the information that's necessary for the particular purpose of getting that information.
  • Accuracy: This states that you have to keep personal data accurate and up to date.
  • Accountability: In this case here, the data controller is responsible for making sure that they adhere to GDPR compliance with all these different principles.
  • Integrity and confidentiality: This means that when it comes to this data, we're typically going to make sure that it's encrypted with good encryption, not something that's outdated just because our app only works with this particular type of encryption. So yeah, you've got to keep up to date.

The Data Protection Act 2018

The Data Protection Act (DPA) 2018 is a framework for data protection that came out of the UK, and it's designed to protect individuals when it comes to personal data – making sure that personal data is processed lawfully. It also talks about the rights that an organization may or may not have to different personal information. It also sets out different protection rules for law enforcement and how to handle data protection when it comes to other areas, such as national security or even defense.

Important Note

With this said, every country has its own laws and standards. Find out which laws and acts apply to you based on your location.

Previous Section
End of Section 6
Next Section