Certified Ethical Hacker (CEH) 31 Success Secrets
Copyright by Jacqueline Whitney
Notice of rights
All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher.
Notice of Liability
The information in this book is distributed on an As Is basis without warranty. While every precaution has been taken in the preparation of he book, neither the author nor the publisher shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the products described in it.
Trademarks
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other affiliation with this book.
Contents
What is the Foundation of Security? - Certified Ethical Hacker (CEH)
Security speaks to the well-being of information and infrastructure.Security looks to mitigate or prevent undetected theft, tampering, and disruption to information and services.Confidentiality protects information or resources from unauthorized access.Authentication is the identification and control of access to computer systems.Integrity ensures the trustworthiness of data or resources through the management and control of changes.Availability refers to continual accessibility of information and resources.Hacking events will affect one or more of these security elements.
Common types of trojans you should protect against - Certified Ethical Hacker (CEH)
Trojans are created and used to perform different types of attacks.Common types of Trojans include: Remote Access Trojans (RATs) - obtains remote access to system Data-Sending Trojans - find data and delivers to the hacker Destructive Trojans - used to delete or corrupt files Denial of Service Trojans - causes services to be attacked or denied Proxy Trojans - tunnels traffic or launches attacks though another system FTP Trojans - creates a FTP server to copy files on the system Security Software Disabler Trojans - used to stop antivirus softwareSoftware packages used to deliver Trojans.The legitimate file and Trojan file are binded into s single executable file.Games and animated installations are common wrappers.The Trojans are installed without the users knowledge, only the legitimate file.
How to protect from DoS attacks - Certified Ethical Hacker (CEH)
A DoS attack is an attempt to flood the system of a user or organization.Types of DoS attacks include: DoS sent by a single system to a single target DDoS - sent by multiple systems to a single targetSome common security features used to detect, halt, or prevent DoS attacks include: net-ingress filtering - stops downstream networks from injecting packets with faked or spoofed addresses rate-limiting network traffic - allows traffic shaping or limitation of the bandwidth some types of traffic can consume intrusion detection systems - can detect attackers who are communicating with slave, master, or agent machines host-auditing tools - file-scanning tools used to identify known DDoS tool client and server binaries network-auditing tools - network scanning tools used to detect DDoS agents running on hosts in the network automated network-tracing tools - Traces streams of packets with spoofed addresses through the network.
How do viruses infect your computer system? - Certified Ethical Hacker (CEH)
Different infection techniques include: Polymorphic viruses - encrypt code differently with each infection Stealth viruses - will hide normal virus characteristics to prevent detection Fast and slow infectors - prevents detection by infecting either very quickly or very slowly Sparse infectors - will infect only a few systems or applications Armored viruses - encrypted to prevent detection Multipartite viruses - create multiple infections Cavity viruses - attach themselves to empty parts of a file Tunneling viruses - sent through a different protocol or encrypted to prevent detection through a firewall Camouflage viruses - appear as another program NTFS virus - specifically attacks the NT file system Active Directory viruses - specifically attacks the Windows systems Active Directory
Hacking is a criminal offence, according to the crimes and Criminal Procedure section 1029 - Certified Ethical Hacker (CEH)
Subsection (a)Whoever - Knowingly and with intent to defraud produces, uses, or traffics in one or more counterfeit access devices Knowingly and with intent to defraud traffic in or uses one or more unauthorized access devices during any one-year period, and by such conduct obtains anything of value aggregating $1,000 or more during that period Knowingly and with intent to defraud possesses fifteen or more devices which are counterfeit or unauthorized access devices Knowingly, and intent to defraud, produces, traffics in, has control or custody of, or possesses device-making equipment Knowingly and with intent to defraud effects transactions, with 1 or more access devices issued to another person or persons, to receive payment of any other thing of value during any 1-year period the aggregate value of which is equal to or greater than $1,000 Without the authorization of the issuer or the access device, knowingly and with intent to defraud solicits a person for the purpose of - Offering an access device or Selling information regarding or an application to obtain an access device Knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a telecommunications instrument that has been modified or altered to obtain unauthorized use of telecommunications services Knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a scanning receiver Knowingly uses, produces, traffics in, has control or custody of, or possesses hardware or software, knowing it has been configured to insert or modify telecommunication identifying information associated with or contained in a telecommunications instrument so that such instrument may be used to obtain telecommunications service without authorization or Without the authorization of the credit card system member or its agent, knowingly and with intent to defraud causes or arranges for another person to present to the member or its agent, for payment, one or more evidences or records of transactions made by an access device.Penalties: In the case of an offense that does not occur after a conviction for another offense under this section - If the offense is under paragraph (1), (2), (3), (6), (7), or (10) of subsection (a), a fine under this title or imprisonment for not more than 10 years, or both and If the offense is under paragraph (4), (5), (8), or (9) of subsection (a), a fine under this title or imprisonment for not more than 15 years, or both In the case of an offense that occurs after a conviction for another offense under this section, a fine under this title or imprisonment for not more than 20 years, or both and In either case, forfeiture to the United States of any personal property used or intended to be used to commit the offense.
Three different types of hackers - Certified Ethical Hacker (CEH)
Black Hats Also known as crackers Highly competent computer skills Resorts to malicious or destructive activitiesWhite Hats Also known as Security Analysts Knowledge of hacking and hacking toolsets Skills are used for defensive purposes to identify weaknesses and implement countermeasuresGray Hats Will work offensively and defensively depending on the situation