Commencez à lire sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.
CEH Certified Ethical Hacker All-in-One Exam Guide, Second Edition
 
Agrandissez cette image
 

CEH Certified Ethical Hacker All-in-One Exam Guide, Second Edition [Format Kindle]

Matt Walker
5.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)

Prix éditeur - format imprimé : EUR 38,94
Prix Kindle : EUR 24,15 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 14,79 (38%)

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 24,15  
Broché EUR 39,47  

Auteurs, publiez directement sur Kindle !

KDP
Via notre service de Publication Directe sur Kindle, publiez vous-même vos livres dans la boutique Kindle d'Amazon. C'est rapide, simple et totalement gratuit.



Le Pack de la Rentrée : 24 applis offertes, plus de 50 euros d'économies, jusqu'au 4 septembre sur l'App-Shop pour Android. Profitez-en et partagez la nouvelle. En savoir plus.


Les clients ayant acheté cet article ont également acheté


Descriptions du produit

Présentation de l'éditeur

Thoroughly revised for the latest release of the Certified Ethical Hacker (CEH) v8 certification exam

Fully updated for the CEH v8 exam objectives, this comprehensive guide offers complete coverage of the EC-Council's Certified Ethical Hacker exam. In this new edition, IT security expert Matt Walker discusses the latest tools, techniques, and exploits relevant to the CEH exam. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this authoritative resource also serves as an essential on-the-job reference.

Covers all exam topics, including:

  • Introduction to ethical hacking
  • Reconnaissance and footprinting
  • Scanning and enumeration
  • Sniffing and evasion
  • Attacking a system
  • Hacking web servers and applications
  • Wireless network hacking
  • Trojans and other attacks
  • Cryptography
  • Social engineering and physical security
  • Penetration testing

Electronic content includes:

  • Hundreds of practice questions
  • Test engine that provides customized exams by chapter
  • PDF copy of the book

Détails sur le produit


Commentaires en ligne 

4 étoiles
0
3 étoiles
0
2 étoiles
0
1 étoiles
0
5.0 étoiles sur 5
5.0 étoiles sur 5
Commentaires client les plus utiles
5.0 étoiles sur 5 Tres bon livre sur la certification CEH 22 juillet 2014
Format:Broché
Permet de passer la certification. Le decoupage des chapitres est judicieux.
Recu rapidement.
Je n'ai pas encore regarde le CD fourni avec le livre
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.1 étoiles sur 5  11 commentaires
15 internautes sur 18 ont trouvé ce commentaire utile 
1.0 étoiles sur 5 Author is clueless, has "paper" certs 13 juillet 2014
Par Bob - Publié sur Amazon.com
Format:Broché
From the first edition (not changed in this edition)...

I know this book got a lot of positive reviews, but the readers that are NEW to this subject and networking in general, have nothing to compare it to (the truth). Readers that KNEW the stuff before (See the first 3 star review) can see that the authors and TE have no clue about networking, security, or hacking. Furthermore, they have not kept up with anything and have tons of outdated and obsolete info.

I started reading, and had to stop around Chapter 5, since it was clear the authors and TE have pulled the wool over the eyes of newbies with their complete lack of truth and relevancy. This is like a scam, how so many people fell for this miserably incorrect book.

p2 - "Although authentication (using passwords, for example) is by far the most common method used to enforce confidentiality, numerous other options are available to ensure confidentiality, including options such as encryption, biometrics, and smart cards."

What doesn't make sense: Authentication can be done with something you know (password), something you have (smart card), and something you are (biometrics). Saying that Authentication is a different method than biometrics and smart cards is illogical. I know the parenthesis references passwords, but that's as you say, just an example of authentication. Biometrics IS authentication with something you are. Smart Cards are used for AUTHENTICATION, as something you have.

p15 - There were 4 original nodes on Oct 29, 1969, not 3, as the book states.
[...]
[...]

p40 - CAs do NOT create public/private key pairs, as the book claims. Here's Verisign's official policy:
[...]
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. You will have to request a new SSL Certificate and may be charged.

p43 - Digital certificates from CAs are NOT encrypted, as the book claims! The way the CA is verified is through a digital signature hash, which is part of the actual certificate. If digital certificates were encrypted, there would be NO need for a digital signature. Furthermore, "digital signature could be not be verified" or "the certificate is not trusted" messages are seen in browsers. No one has ever seen a "cannot decrypt digital certificate." That's just illogical! Furthermore, you fail to mention that the browsers have the root CA certificates, which are used to verify the CA's signature. The certificate ITSELF is NOT encrypted, but rather the public key + digital signature hash on the certificate itself helps encrypt data.

p43 - student's heads should be students' heads (plural possessive)

p45 - PPTP is "widely used by VPNs"??? PPTP has been OBSOLETE for many years now due to L2TP and nowadays IPsec!

The SSL diagram on p45 is pitiful, at best. You fail to stress that the session key is encrypted with the server's public key, and then decrypted by the server's private key. From that point forward, symmetric encryption is used. Now, the client and server are using symmetric encryption, which is (literally) one million times quicker than asymmetric encryption, and the key was transmitted securely. That's the best of both worlds! SSL/TLS uses asymmetric encryption JUST for the exchange of the symmetric session key. The data going back and forth between client and server is encrypted and decrypted with the symmetric session key. Instead of that you chose to focus on finished messages with hashes??? Furthermore - They're encrypted, not hashed. Not the same thing!!

p46 - "...chosen cipher attack, where the same process is followed (statistical analysis without a plaintext version for comparisons), but it's only for portions of gained ciphertext."
Wrong!!!!
[...]
A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst gathers information, at least in part, by choosing a ciphertext and obtaining its decryption under an unknown key. In the attack, an adversary has a chance to enter one or more known ciphertexts into the system and obtain the resulting plaintexts. From these pieces of information the adversary can attempt to recover the hidden secret key used for decryption.

It seems you missed what the word "chosen" implies (You wrote that a chosen cipher attack is "without a plaintext version," when in reality, not only is there a plaintext version, it's a function of the ciphertext CHOSEN by the attacker!"

p47 - It's "John the Ripper," not "John and Ripper."

p47-48 - "Non-repudiation is the means by which a recipient can ensure the identity of the sender and that neither party can deny having sent or received the message." NR has NOTHING to do with denying a message was received, just sent.

Here's something encrypted with my private key. I want you to decrypt it with my public key. Wait you didn't receive it???? You must have, since I sent it, haha.

p48 - It's SHA-2, not SHA2. You have it correct earlier in the book, and you even wrote SHA-1 (with the dash in the same paragraph).

Oh yeah, in the Acknowledgements, you call Technical Editor Brad Horton "one of the best." Based on the above, that's clearly a mistake too.

Should I even continue to Chapter 3?

EDITED:
Out of morbid curiosity, I kept reading. More of the same illogical, incorrect, and mistaken information:

p62 - DNS stands for Domain Name System, NOT Domain Name Service

p66 - "..a choice between regular and unleaded gas" Huh? regular gas is unleaded gas!

p69 - output messed up

****************
First read this from p87. By itself, there's nothing wrong with it:

p87 - "As a matter of fact, many administrators will disable ping responses on many network systems and devices, and will configure firewalls to block them."

But now read this from p88:
p88 - "Pay particular attention to Type 3 messages and the associated code, especially Code 13, which lets you know a poorly configured firewall is preventing the delivery of ICMP packets."

So on p87, it's a good thing that administrators do, and on p88, it's a stupid thing that administrators do.
********************

p91 - If UDP is used, the layer 4 PDU is called datagram, not segment. Segment is specifically a term for TCP.

p91 - FTP datagram - Wrong. FTP uses TCP, so it would be a segment.

p93 - No netstat????

p94 - "...the sender can simple fire as many segments as it wants..." No! If UDP is the protocol, it's NOT called a segment. That's just TCP.

p95 - "UDP, as you can tell from the segment structure...." For someone who stressed networking fundamentals at the beginning of this book, continuously calling UDP a segment is really embarrassing.

p104 - "If you'd like to try a different protocol number, it follows the -pT switch." Wrong. Port numbers go after the -pT switch, NOT protocol numbers (TCP = 6, for example).

p109 - "The SAM database holds (in encrypted format, of course) all the local passwords" Wrong! It holds a hash of the passwords, which is not the same as encrypted, since hashes are one-way. p116 has this mistake too. Encryption is NOT the same as hashing.

p110 - TCP packets should be TCP segments. It's IP packets. Packets are the Layer 3 PDU.

p125 - In 1998 the TOS field in an IP packet was renamed DSCP and completely changed!!! Way to keep up!

p126 - "...if the IP address of the packet being sent is not inside the same subnet, the router will usually respond with its MAC address. Why? Because the router knows it will be the one to forward the packet along the way."

WRONG WRONG WRONG WRONG WRONG. This shows a real lack of any networking knowledge!!!!

The router will respond because the ARP Request is asking "Will the person will this IP address (the router's in this case) please send me your MAC address. That's why! The host knows to ask that IP address for its corresponding MAC address because the host routing table tells it so. The router has no idea what the destination network is when the ARP request comes in! The ARP just says "I need the MAC address that corresponds to this IP address."

p128 - Most NICs have, or will accept, drivers that support promiscuous mode.... WinPcap is an example.... and is used by a lot of sniffers on Windows machine NICs." OH MY GOSH. WHAT PLANET ARE YOU ON? Most NICs can NOT do promiscuous sniffing through Windows. Wireshark has tons and tons of info on this on their website! There are drivers close to $1000 that you can buy to allow this, but it's much easier to just run Backtrack and put your NIC into Monitor Mode.

p129 - CSMA/CD is disabled when the switch and host NIC run in full duplex mode, since collisions are completely eliminated. Or did you miss that too?

p130 - "turn off promiscuous mode - you'll catch more frames this way...." First of all, most of the time when you put a check in that box it DOESN'T do anything (see above). Secondly, you think that if you're sniffing everything and anything you'll get LESS results than if you're sniffing just your traffic???? Whoa.

p145 - The RFC 1918 private class C range is 192.168.0-255.0, Mr Editor. You did correctly identify Class B's range as 172.16-31.0.0, so why not Class C as well?

P177 - Randomly skimming ahead (lots more mistakes between p145 and p177), I came across this gem:
"Red Hat is one of the better known and most prevalent Linux distros."

Guess you "experts" missed this:
[...]
Red Hat Linux, assembled by the company Red Hat, was a popular Linux based operating system until its discontinuation in 2004.

Red Hat is a COMPANY. Red Hat Linux (which was referenced by the book) was discontinued in 2004. Red Hat discontinued the Red Hat Linux line in favor of Red Hat Enterprise Linux (RHEL) for enterprise environments. Red Hat ENTERPRISE Linux is a non-free version, which hardly qualifies as a "better known and prevalent distros," in the context of what the author was talking about (Ubuntu and other free ones).

That's it, I can't read anymore....
1 internautes sur 1 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 this is an excellent resource, coupled with DeFino 21 juillet 2014
Par ashlajaz - Publié sur Amazon.com
Format:Broché|Achat vérifié
I'll give 5 stars to the first edition for CEHv7 but 4 stars for CEHv8 on 2nd Edition, only because the exam changed gears.
I've taken both, and both editions are "on target" for v7. In v8, however, I passed again, having one of the "several timed sections on one topic" version of the exam, rather than all questions in one sitting version of exam. You do still need to know the major tools listed: how to use, expected results and how to interpret results.
The reason I drop the 2nd edition to 4 stars (I wish I could give 4.5) is because:
- I did not expect and got blindsided by almost 20% of the exam hitting on PKI/digital certificates/identity management. I will suggest an expansion on PKI, et al to a full chapter. In the meantime, please find a supplemental source to study these before you take your exam.
- There were also a few (<5) questions on a specific "free" testing methodology that self-promotes 6 of its own certifications and related training programs (which of course cost money), and which article Wikipedia yanked in 2011 for spammy self-promotion. I do hope that this addition to v8 gets reconsidered and removed from future versions of the CEH by the EC|Council. I've only seen 2 pages or so on this in two recent books, hardly drawing your attention to it, and not in depth.
- Web security questions require more actual knowledge of securing a web page, as one would obtain from the OWASP project pages, and "hands-on" practice doing so. Please also do supplemental study with OWASP materials.
- There was also one chapter area that was surprising completely missing on my v8 exam.
- Finally, there were no PowerPoint pictures on the exam (a distractor in v7 exam), and more "soft" questions without code samples.

Matt Walker's 2nd edition could be revised to cover these areas, or an addendum posted on a forum such as www.cccure.org. Still, this is an excellent resource, coupled with DeFino. The Gregg book is also a good supplement. Do download the extra online McGraw-Hill LearnKey exam as referenced in the book, and/or the Practice Tests book. Do the same for the online exams mentioned in the other two book sources. With those, plus a PKI study source, and OWASP / hands-on web security, you'll do fine on the exam -- whichever version you receive.
2 internautes sur 2 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Took the CEHv8 course, learned the material mostly from this book 14 août 2014
Par MSDOS - Publié sur Amazon.com
Format:Broché|Achat vérifié
Great book, read it cover to cover and did all the practice problems. Very easy reading because Matt makes everything clear and concise. I like how he also talks about real world stuff vs. what to know for the exam.
1 internautes sur 1 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Not perfect but it's still better reading than the official courseware 23 juillet 2014
Par trueshrew - Publié sur Amazon.com
Format:Broché|Achat vérifié
This book is more succinct and more useful than the official EC-Council courseware books for CEH v8. I read this book before attending a CEH boot camp and felt like a CEH prodigy compared to my classmates. Without the book I probably wouldn't have passed the CEH exam.

Although I lack reviewer Bob's experience, I think the publisher needs to add an errata page for the book on the McGraw Hill web site. There were some errors in the end of chapter practice questions.
5.0 étoiles sur 5 This a book you will want to keep and not recylce 4 juillet 2014
Par Consumer - Publié sur Amazon.com
Format:Broché|Achat vérifié
The computer books stack up and I need to get rid of them to make room. This is a book you will want to keep. I'm in the process of getting ready for this test. There's a lot hoops to jump through to be able to take the test. The good thing about it is that not everyone will have this certification. It's not cheap and the training is expensive, but hopefully it will be worth it. If nothing else I'll get bragging rights when I pass this test.
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique