CEHv10_Ultimate_Study_Guide

Ultimate Study Guide for the CEH v10

Essential Knowledge

The OSI Reference Model

Layer Description Technologies Data Unit
1 Physical USB, Bluetooth Bit
2 Data Link ARP, PPP Frame
3 Network IP Packet
4 Transport TCP Segment
5 Session X255, SCP Data
6 Presentation AFP, MIME Data
7 Application FTP, HTTP, SMTP Data

TCP/IP Model

Layer Description OSI Layer Equivalent
1 Network Access 1, 2
2 Internet 3
3 Transport 4
4 Application 5-7

TCP Handshake

SYN -> SYN-ACK -> ACK

ARP

Network Security Zones

Vulnerabilities

Vulnerability Categories

Vulnerability Management Tools

Terms to Know

Threat Modeling

Risk Management

Types of Security Controls

Description Examples
Physical Guards, lights, cameras
Technical Encryption, smart cards, access control lists
Administrative Training awareness, policies
Description Examples
Preventative authentication, alarm bells
Detective audits, backups
Corrective restore operations

Business Analysis

User Behavior Analysis (UBA) - tracking users and extrapolating data in light of malicious activity

CIA Triad

Bit flipping is an example of an integrity attack. The outcome is not to gain information - it is to obscure the data from the actual user.

Confidentiality != authentication - MAC address spoofing is an authentication attack

Common Criterial for Information Technology Security Evaluation

Access Control Types

Security Policies

Policy Categorizations

Standards - mandatory rules to achieve consistency

Baselines - provide the minimum security necessary

Guidelines - flexible or recommended actions

Procedures - step by step instructions

Script Kiddie - uneducated in security methods, but uses tools that are freely available to perform malicious activities

Phreaker - manipulates telephone systems

The Hats

Hacktivist - someone who hacks for a cause

Suicide Hackers - do not case about any impunity to themselves; hack to get the job done

Cyberterrorist - motivated by religious or political beliefs to create fear or disruption

State-Sponsored Hacker - hacker that is hired by a government

Attack Types

Infowar - the use of offensive and defensive techniques to create an advantage

Hacking Phases

  1. Reconnaissance - gathering evidence about targets
  2. Scanning & Enumeration - obtaining more in-depth information about targets
  3. Gaining Access - attacks are leveled in order to gain access to a system
  4. Maintaining Access - items put in place to ensure future access
  5. Covering Tracks - steps taken to conceal success and intrusion

Types of Reconnaissance

Security Incident and Event Management (SIEM)

Ethical hacker - employs tools that hackers use with a customer’s permission; always obtains an agreement from the client with specific objectives before any testing is done

Cracker - uses tools for personal gain or destructive purposes

Penetration Test

Law Categories

Laws and Standards

Controls

Table Of Contents