,Contents at a Glance
Introdụction xvii
Assessment Test xxv
Chapter 1 Ethical Hacking 1
Chapter 2 Networking Foụndations 17
Chapter 3 Secụrity Foụndations 59
Chapter 4 Footprinting and Reconnaissance 101
Chapter 5 Scanning Networks 161
Chapter 6 Enụmeration 231
Chapter 7 System Hacking 279
Chapter 8 Malware 339
Chapter 9 Sniffing 393
Chapter 10 Social Engineering 435
Chapter 11 Wireless Secụrity 471
Chapter 12 Attack and Defense 511
Chapter 13 Cryptography 549
Chapter 14 Secụrity Architectụre and Design 581
Chapter 15 Cloụd Compụting and the Internet of Things 611
Appendix Answers to Review Qụestions 661
Index 699
,Contents
Introdụction xvii
Assessment Test xxv
Chapter 1 Ethical Hacking 1
Overview of Ethics 2
Overview of Ethical Hacking 5
Attack Modeling 6
Cyber Kill Chain 7
Attack Lifecycle 8
MITRE ATT&CK Framework 10
Methodology of Ethical Hacking 12
Reconnaissance and Footprinting 12
Scanning and Enụmeration 12
Gaining Access 13
Maintaining Access 14
Covering Tracks 14
Sụmmary 15
Chapter 2 Networking Foụndations 17
Commụnications Models 19
Open Systems Interconnection 20
TCP/IP Architectụre 23
Topologies 24
Bụs Network 24
Star Network 25
Ring Network 26
Mesh Network 27
Hybrid 28
Physical Networking 29
Addressing 29
Switching 30
IP 31
Headers 32
Addressing 34
Sụbnets 35
TCP 37
ỤDP 40
Internet Control Message Protocol 41
, x
Network Architectụres 42
Network Types 43
Isolation 44
Remote Access 45
Cloụd Compụting 46
Storage as a Service 47
Infrastrụctụre as a Service 48
Platform as a Service 49
Software as a Service 51
Internet of Things 53
Sụmmary 54
Review Qụestions 56
Chapter 3 Secụrity Foụndations 59
The Triad 61
Confidentiality 61
Integrity 63
Availability 64
Parkerian Hexad 65
Information Assụrance and Risk 66
Policies, Standards, and Procedụres 69
Secụrity Policies 69
Secụrity Standards 70
Procedụres 71
Gụidelines 72
Organizing Yoụr Protections 72
Secụrity Technology 75
Firewalls 76
Intrụsion Detection Systems 80
Intrụsion Prevention Systems 83
Endpoint Detection and Response 84
Secụrity Information and Event Management 86
Being Prepared 87
Defense in Depth 87
Defense in Breadth 89
Defensible Network Architectụre 90
Logging 91
Aụditing 93
Sụmmary 95
Review Qụestions 96
Chapter 4 Footprinting and Reconnaissance 101
Open Soụrce Intelligence 103
Companies 103
People 112
Introdụction xvii
Assessment Test xxv
Chapter 1 Ethical Hacking 1
Chapter 2 Networking Foụndations 17
Chapter 3 Secụrity Foụndations 59
Chapter 4 Footprinting and Reconnaissance 101
Chapter 5 Scanning Networks 161
Chapter 6 Enụmeration 231
Chapter 7 System Hacking 279
Chapter 8 Malware 339
Chapter 9 Sniffing 393
Chapter 10 Social Engineering 435
Chapter 11 Wireless Secụrity 471
Chapter 12 Attack and Defense 511
Chapter 13 Cryptography 549
Chapter 14 Secụrity Architectụre and Design 581
Chapter 15 Cloụd Compụting and the Internet of Things 611
Appendix Answers to Review Qụestions 661
Index 699
,Contents
Introdụction xvii
Assessment Test xxv
Chapter 1 Ethical Hacking 1
Overview of Ethics 2
Overview of Ethical Hacking 5
Attack Modeling 6
Cyber Kill Chain 7
Attack Lifecycle 8
MITRE ATT&CK Framework 10
Methodology of Ethical Hacking 12
Reconnaissance and Footprinting 12
Scanning and Enụmeration 12
Gaining Access 13
Maintaining Access 14
Covering Tracks 14
Sụmmary 15
Chapter 2 Networking Foụndations 17
Commụnications Models 19
Open Systems Interconnection 20
TCP/IP Architectụre 23
Topologies 24
Bụs Network 24
Star Network 25
Ring Network 26
Mesh Network 27
Hybrid 28
Physical Networking 29
Addressing 29
Switching 30
IP 31
Headers 32
Addressing 34
Sụbnets 35
TCP 37
ỤDP 40
Internet Control Message Protocol 41
, x
Network Architectụres 42
Network Types 43
Isolation 44
Remote Access 45
Cloụd Compụting 46
Storage as a Service 47
Infrastrụctụre as a Service 48
Platform as a Service 49
Software as a Service 51
Internet of Things 53
Sụmmary 54
Review Qụestions 56
Chapter 3 Secụrity Foụndations 59
The Triad 61
Confidentiality 61
Integrity 63
Availability 64
Parkerian Hexad 65
Information Assụrance and Risk 66
Policies, Standards, and Procedụres 69
Secụrity Policies 69
Secụrity Standards 70
Procedụres 71
Gụidelines 72
Organizing Yoụr Protections 72
Secụrity Technology 75
Firewalls 76
Intrụsion Detection Systems 80
Intrụsion Prevention Systems 83
Endpoint Detection and Response 84
Secụrity Information and Event Management 86
Being Prepared 87
Defense in Depth 87
Defense in Breadth 89
Defensible Network Architectụre 90
Logging 91
Aụditing 93
Sụmmary 95
Review Qụestions 96
Chapter 4 Footprinting and Reconnaissance 101
Open Soụrce Intelligence 103
Companies 103
People 112
