Certified Ethical Hacker (CEH) - Linux Academy's Prep Course
QUIZ SOLUTION: Overview of Information Security Threats and Attacks - Questions answered and explained
QUIZ SOLUTION: Attacking Web Servers and Web Applications - Questions Answered and Explained
Welcome to the Certified Ethical Hacker Course!
Have you always wanted to learn how to discover weaknesses and vulnerabilities of a system? Have you always wondered how security professionals protect their systems from intruders? Do you wish to master hacking technologies? If so, then this exam is for you.
With the rapid development of information technology, almost every industry in the world has some sort of an information system installed and greatly depends on it. Such systems bring great value to companies. However, every system has its weaknesses and vulnerabilities which, if discovered by someone with bad intentions, can cause a lot of damage. For this reason, it has become an imperative to protect these systems and information they contain.
If you wish to learn how you can improve the security of any system, or even if you have some experience working as a security professional and now wish to advance your skills and knowledge, then CEH certificate will be of great benefit to you and your organization.
This course will help you prepare for the exam. You will learn about the tools, methods, and technologies used. The goal of this course is to help you master the topics required for passing the exam and becoming an ethical hacker.
This module is an introduction to the course and its objective is to introduce students with important security concepts which will be needed later in the course. The module begins with an overview of information security in which students will learn common terminology, information security concepts, and attack vectors. The following chapters discuss concepts of ethical hacking, penetration testing, and finally information security laws and standards.
Footprinting refers to the process of gathering information about a target system. It is the first step of an attack in which the attacker tries to learn as much as possible about the target to find a way to break into the system.
Network scanning refers to the process of obtaining additional information and performing a more detailed reconnaissance based on the collected information in the footprinting phase. In this phase, a number of different procedures are used with the objective to identify hosts, ports, and services in the target network. The whole purpose is to identify vulnerabilities in communication channels and then create an attack plan.
Attackers first collect enough information which can be used to gain access to the system. Usually, it is a low-privileged account which they use to access the system, and then they escalate their privileges to admin level. Once they have the right privileges, their goal is to maintain the access for as long as possible during which time they execute malicious programs, steal information, or simply tamper with the system. After they are done with their attack, attackers hide their tracks by modifying the system logs.
Packet sniffing refers to the process of capturing data packets on a network using a program or a device. Packet sniffing programs are called sniffers and they are designed to capture packets that contain information such as passwords, router configuration, traffic, and so on. With sniffers, attackers can access the network traffic from a single point. Turning the NIC system into promiscuous mode allows sniffers to listen to the data that is being transmitted on that network segment.
Social engineering is a technique which relies on human interaction in order to obtain sensitive information. Attackers use social engineering to extract important information about their targets. This mostly involves interacting with the target’s employees who are in possession of such information.
Firewall is a program or a device that monitors network traffic and allows or blocks traffic in accordance with the defined set of rules. Firewalls act as filters between a network/system and the Internet. Their purpose is to define a set of rules based on which the incoming and outgoing traffic is filtered. These rules ensure that only allowed incoming and outgoing traffic can pass through the firewall, and everything else is blocked.
Web server is a system used for storing, processing, and delivering websites. It is designed to host web applications, allowing clients to access those applications. It implements client-server model architecture, in which it has the server role, and the browser has the client role.
Cryptography refers to the process of hiding information by converting the readable text into unreadable text using some sort of a key or encryption algorithm. Information protected using cryptography includes emails, files, and other sensitive data.
This is a copy of the interactive guide used throughout various parts of the course.