Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN, author, title, or keyword for materials in your areas of interest. Important notice: Media content referenced within the product description or the product text may not be available in the eBook version. Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 Want to turn C’s into A’s? Obviously, right? But the right way to go about it isn’t always so obvious. Go digital to get the grades. MindTap’s customizable study tools and eTextbook give you everything you need all in one place. Engage with your course content, enjoy the flexibility of studying anytime and anywhere, stay connected to assignment due dates and instructor notifications with the MindTap Mobile app... and most of all…EARN BETTER GRADES. TO GET STARTED VISIT WWW.CENGAGE.COM/STUDENTS/MINDTAP Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 Secure Network Operating Systems and Infrastructures EC-Council | Press Book 4 of 4 | C E H Certified Ethical Hacker Certification Australia Brazil Mexico Singapore UnitedKingdom UnitedStates Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 EthicalHackingandCountermeasures: ©2017,2010EC-Council SecureNetworkOperatingSystemsand ALLRIGHTSRESERVED.Nopartofthisworkcoveredbythe Infrastructures(CEH) copyrighthereinmaybereproducedordistributedinanyformor EC-CouncilPress byanymeans,exceptaspermittedbyU.S.copyrightlaw,without SVP,GMSkills&GlobalProduct thepriorwrittenpermissionofthecopyrightowner. Management:DawnGerrain SOURCEFORILLUSTRATIONS:Copyright©EC-Council.Allrights ProductDirector:KathleenMcMahon reserved.Reproductionstrictlyprohibited. ProductTeamManager:KristinMcNary Forproductinformationandtechnologyassistance,contactusat AssociateProductManager:AmySavino CengageLearningCustomer&SalesSupport,1-800-354-9706 SeniorDirector,Development: Forpermissiontousematerialfromthistextorproduct, MarahBellegarde submitallrequestsonlineatwww.cengage.com/permissions. ProductDevelopmentManager: Furtherpermissionsquestionscanbee-mailedto LeighHefferon [email protected]. ManagingContentDeveloper: EmmaNewsom LibraryofCongressControlNumber:2016930623 SeniorContentDeveloper: ISBN:978-1-305-88346-8 NataliePashoukos ProductAssistant:AbigailPufpaff CengageLearning VicePresident,MarketingServices: 20ChannelCenterStreet JenniferAnnBaker Boston,MA02210 MarketingCoordinator:CassieCloutier USA SeniorProductionDirector: WendyTroeger CengageLearningisaleadingproviderofcustomizedlearning ProductionDirector:PattyStephan solutionswithemployeesresidinginnearly40differentcountries SeniorContentProjectManager: andsalesinmorethan125countriesaroundtheworld.Findyour BrookeGreenhouse localrepresentativeatwww.cengage.com. ManagingArtDirector:JackPendleton SoftwareDevelopmentManager: CengageLearningproductsarerepresentedinCanadabyNelson PavanEthakota Education,Ltd. CoverImage(s):Istockphoto.com/ gonghangxuandIstockphoto.com/ Turnervisual TolearnmoreaboutCengageLearning,visitwww.cengage.com. EC-Council: Purchaseanyofourproductsatyourlocalcollegestoreoratour preferredonlinestorewww.cengagebrain.com. President|EC-Council:JayBavisi VicePresident,NorthAmerica| EC-Council:StevenGraham NoticetotheReader CengageLearningandEC-Councildonotwarrantorguaranteeanyoftheproductsdescribedhereinorperformanyindependentanalysisin connectionwithanyoftheproductinformationcontainedherein.CengageLearningandEC-Councildonotassume,andexpresslydisclaim, anyobligationtoobtainandincludeinformationotherthanthatprovidedtothembythemanufacturer.Thereaderisexpresslywarnedto considerandadoptallsafetyprecautionsthatmightbeindicatedbytheactivitiesdescribedhereinandtoavoidallpotentialhazards.Byfol- lowingtheinstructionscontainedherein,thereaderwillinglyassumesallrisksinconnectionwithsuchinstructions.CengageLearningand EC-Councilmakenorepresentationsorwarrantiesofanykind,includingbutnotlimitedto,thewarrantiesoffitnessforparticularpurposeor merchantability,norareanysuchrepresentationsimpliedwithrespecttothematerialsetforthherein,andCengageLearningandEC-Council takenoresponsibilitywithrespecttosuchmaterial.CengageLearningandEC-Councilshallnotbeliableforanyspecial,consequential,or exemplarydamagesresulting,inwholeorpart,fromthereaders useof,orrelianceupon,thismaterial. Printed in the United States of America Print Number: 01 Print Year: 2016 Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 Brief Table of Contents PREFACE...................................................................... xiii CHAPTER 1 HackingWirelessNetworks ......................................................... 1 CHAPTER 2 PhysicalSecurity................................................................. 43 CHAPTER 3 EvadingIDS,FirewallsandDetectingHoneypots........................................ 77 CHAPTER 4 HackingRoutersandCableModems ................................................ 135 CHAPTER 5 LinuxHacking.................................................................. 153 CHAPTER 6 MacOSXHacking .............................................................. 201 CHAPTER 7 HackingMobilePhones,PDAs,andHandheldDevices................................... 217 CHAPTER 8 HackingPortableDevices......................................................... 237 CHAPTER 9 Cryptography.................................................................. 261 GLOSSARY .................................................................... 293 INDEX........................................................................ 295 iii Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 Table of Contents PREFACE....................................................................... xiii CHAPTER 1 HackingWirelessNetworks ......................................................... 1 WhatIf? ........................................................................... 2 IntroductiontoHackingWirelessNetworks.................................................. 2 WirelessNetworking .................................................................. 2 WiredNetworkVersusWirelessNetwork ................................................ 2 EffectsofWirelessAttacksonBusinesses................................................. 3 TypesofWirelessNetworks .......................................................... 3 AdvantagesandDisadvantagesofaWirelessNetwork ....................................... 4 WirelessStandards.................................................................... 4 WirelessStandard:802.11a........................................................... 5 WirelessStandard:802.11b........................................................... 5 WirelessStandard:802.11g........................................................... 5 WirelessStandard:802.11i........................................................... 6 WirelessStandard:802.11n........................................................... 6 WirelessStandard:802.15.1(Bluetooth).................................................. 6 WirelessStandard:802.16(WiMAX).................................................... 6 WirelessConcepts .................................................................... 7 RelatedTechnologiesandCarrierNetworks............................................... 7 ServiceSetIdentifier(SSID)........................................................... 8 AuthenticationandAssociation........................................................ 8 Authenticationand(Dis)AssociationAttacks............................................. 10 MACSniffingandAPSpoofing....................................................... 10 WirelessDevices..................................................................... 11 Antennas....................................................................... 11 WirelessAccessPoints ............................................................. 11 BeaconFrames................................................................... 12 PhoneJammers .................................................................. 12 WiredEquivalentPrivacy(WEP)......................................................... 13 RoleofWEPinWirelessCommunication................................................ 13 KeyPoints...................................................................... 13 WEPIssues ..................................................................... 13 WEPAuthenticationPhase .......................................................... 14 WEPAssociationPhase............................................................. 15 WEPFlaws ..................................................................... 15 WPA............................................................................. 16 WPAVulnerabilities............................................................... 16 WEP,WPA,andWPA2 ............................................................ 16 WPA2......................................................................... 16 AttackingWPA-EncryptedNetworks................................................... 16 TKIPandLEAP..................................................................... 17 TemporalKeyIntegrityProtocol(TKIP)................................................. 17 LEAP:TheLightweightExtensibleAuthenticationProtocol................................... 18 HackingMethods.................................................................... 20 TechniquestoDetectOpenWirelessNetworks............................................ 20 StepsforHackingWirelessNetworks .................................................. 21 SuperBluetoothHack.............................................................. 21 Man-in-the-MiddleAttack(MITM).................................................... 22 Denial-of-ServiceAttacks ........................................................... 22 HijackingandModifyingaWirelessNetwork ............................................ 23 v Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 vi TableofContents CrackingWEP...................................................................... 24 AutomatedWEPCrackers........................................................... 24 PadCollectionAttacks............................................................. 24 XOREncryption ................................................................. 25 StreamCipher ................................................................... 25 WEPCrackingTools .............................................................. 25 RogueAccessPoints.................................................................. 28 RequestingaBeacon .............................................................. 28 SniffingtheAir .................................................................. 28 ToolstoGenerateRogueAccessPoints ................................................. 29 CloakedAccessPoint.............................................................. 30 ScanningTools ..................................................................... 30 Prismstumbler ................................................................... 30 MacStumbler.................................................................... 30 Mognet........................................................................ 30 WaveStumbler................................................................... 31 NetChaser...................................................................... 31 Wavemon ...................................................................... 31 WirelessSecurityAuditor(WSA)...................................................... 31 AirTraf........................................................................ 32 WifiScanner..................................................................... 32 eEyeRetinaNetworkSecurityScanner.................................................. 32 WirelessLanScanner.............................................................. 32 SniffingTools ...................................................................... 32 OmniPeek...................................................................... 32 Wireshark...................................................................... 33 vxSniffer....................................................................... 34 EtherPEG ...................................................................... 34 AirMagnet...................................................................... 35 driftnet ........................................................................ 35 WinDump...................................................................... 35 THC-RUT...................................................................... 35 MicrosoftNetworkMonitor......................................................... 35 WirelessSecurityTools................................................................ 36 CommViewforWiFiPPC........................................................... 36 AirMagnetHandheldAnalyzer ....................................................... 36 AirDefenseGuard................................................................. 37 GoogleSecureAccess.............................................................. 38 RogueScanner ................................................................... 38 ChapterSummary ................................................................... 38 KeyTerms......................................................................... 38 ReviewQuestions.................................................................... 39 Hands-OnProjects................................................................... 40 CHAPTER 2 PhysicalSecurity................................................................. 43 WhatIf? .......................................................................... 44 IntroductiontoPhysicalSecurity......................................................... 44 WhatIstheNeedforPhysicalSecurity?................................................. 44 PhysicalSecurity..................................................................... 45 PhysicalMeasures ................................................................ 45 TechnicalMeasures ............................................................... 47 OperationalMeasures.............................................................. 53 PhysicalSecurityPersonnel.......................................................... 54 PhysicalSecurityChallenges ............................................................ 54 CopyrigPhht 2y0s1ic7a CleSnegcaugrei tLyeaTrnhinrgea. Atsll. R.ig.h.ts. R.e.s.er.v.ed.. .M.a.y .no.t. b.e .co.p.ie.d., s.c.a.nn.e.d., o.r. d.up.l.ic.at.ed.,. in. w.h.o.le. o.r. in. p.a.rt.. .W.C.N. 0.2.-2.00.-.20.3. 54 TableofContents vii PersonnelChallenges .............................................................. 56 SecurityCountermeasures........................................................... 56 PhysicalSecurityChecklists.......................................................... 61 Tools ......................................................................... 67 EncryptionTools................................................................. 72 ChapterSummary ................................................................... 73 KeyTerms......................................................................... 74 ReviewQuestions.................................................................... 74 Hands-OnProjects................................................................... 76 CHAPTER 3 EvadingIDS,FirewallsandDetectingHoneypots........................................ 77 WhatIf? .......................................................................... 78 IntroductiontoEvadingIDS,Firewalls,andDetectingHoneypots ................................. 78 IntroductiontoIntrusionDetectionSystems................................................. 78 IntrusionDetectionSystem(IDS)...................................................... 79 TypesofIntrusionDetectionSystems................................................... 82 IndicationsofIntrusion............................................................. 85 StepstoPerformafteranIDSDetectsanAttack........................................... 86 EvadingIDS..................................................................... 86 IntrusionPreventionSystems(IPS)..................................................... 89 Firewalls....................................................................... 93 FirewallCountermeasures........................................................... 99 Honeypots..................................................................... 104 SecurityResponsestoHackingAttacks ................................................... 108 Tools ........................................................................... 109 LoggingTools .................................................................. 109 Host-BasedIDSTools ............................................................ 109 IntrusionDetectionTools.......................................................... 110 ToolstoEvadeIDS .............................................................. 114 PacketGenerators ............................................................... 115 ToolstoBreachFirewalls.......................................................... 119 CommonToolsforTestingFirewallsandIDS ........................................... 121 HoneypotTools................................................................. 128 ToolstoDetectHoneypots......................................................... 130 ChapterSummary .................................................................. 130 KeyTerms........................................................................ 130 ReviewQuestions................................................................... 131 Hands-OnProjects.................................................................. 132 CHAPTER 4 HackingRoutersandCableModems ................................................ 135 WhatIf? ......................................................................... 136 IntroductiontoHackingRoutersandCableModems ......................................... 136 Routers.......................................................................... 137 AccessingRouters ............................................................... 137 VulnerabilityScanning ............................................................ 141 RouterAttacks ................................................................. 142 CableModems .................................................................... 144 CableModemHacking ........................................................... 144 Tools ........................................................................... 144 Brute-ForcingTools .............................................................. 144 RouterIdentificationTools......................................................... 145 RouterAnalysisTools ............................................................ 146 Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203