A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
* Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
* Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
* Stateful inspection - A newer method that doesn’t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
DNS Hijacking mean hijacker spoof the ip of any DNS query. Lets example. user send a DNS requset for YAHOO.com and Hijacker hijack this packet & answer on behalf of DNS and give the wrong IP Assres.
Denial of Service attack means server or machine receive so many packets from the single or multiple network sources or spoofed resources so that its all resources will be used to in responce of those packets & after that it will hang or not responding. Then it will start to denial to its services.
Why are you answering these questions people? These are questoins for a ‘job interview’ not for you to show off your clearly impeccable grasp of the english language.
. FireWall is nothing but it is used to avoid the unwanted trafic or unauthorised entry. The Firewall has 2 types 1. Hardware & 2.Software. Now the most familiar used firewall is PIX from the make of cisco. and other firewalls like nokia and so on..
further… as a security measure it also depends on the network designer and implementer that how to use a Firewall mean to say the security measures like how to present the content filtering and Url filtering which type of firewall should be used and where to put it..
20d3
Ans : SSL: Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the internet. SSL works by useing a private key to encrypt data that`s transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, Web pages that require an SSL connection start with https: instead of http .
(1)A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Firewall is a device or a software which restricts the unauthorised accesses to and from the network……….Guys its that simple no need to beat around the bush
Fire-wall -As the naem suggest Fire wall it is a wall between ur network ad the public network .All the data coming from out side is get filtered o by ur firewall divice it can be a hardware or software that restricts the entry of data packets.it governs by the rules and regulation set by ur admin.
let me give u a simple example-: lets Assume a Water tank fitted at the top of ur building the tank get fill by the pipe line cuming from outside the building now once the tank filled the water will suplied to each house of that building if the water that filled on tank is polluted thn it effect the health of all the pple consuming that water
wat i mean here is if the water enters into the tank himself polluted if we put sum filter equipment between that water pipe filling the tank then we will get clean water thts it
A sync- Flood is a attack that consist of TCP packets.The attacker flooded ur machine with TCP packets that causes to reboot the system also and if ur connected to some remote machine thn u will get disconnected.There are various tools available for sync attack u can try to learn more from them some of them are hping ,jwddos, or u can also write ur own tool using socket programming
Firewall?
Firewall is a device/a program which separates trusted network from an untrusted network.There are 4 types of firewall
1>packet filters
2>circuit level firewall–>acts on session layer
3>application level/proxy–>acts on application level
4>state full–>performs all the operations above said.
the above said can be included in an hardware or used like a software
ex:—Hardware–>CISCO PIX,Fortinet,Juniper,netscreen,sonic wall
The client1(like yahoo/gmail) goes to a CA(certificate authority)like satyam in India which is authorised to give certificates.
This certificate usally contains public key(here we use asymetric encryprion for non-repudiation),date of expiry,who has issued this certificate.The client2(like a comp in internet cafe which initiates the connection) when receives this certificate can verify abt the client1 with CA.
to understand the whole process of the SSL
let me put it in this way(in points)
1>comp says hello(random no.+ ciphers+ algorithms)
2>gmails says(random number+chosen cipher+chosen algorithm from comp hello msg)
3>gmail again sends certificate negotiation done packet
4>comp req client key req
(pre master key/public key/or nothing)
5>masterkeys are sent by both(comp and gmail)
6>comp sends change cipher spec(encryption will be done here after)
7>it sends a fineshed msg(hash+MAC)
8>gmail verifies the hash and MAC
9>point 4,5,6,7 will be done now from gmail side
10>hash and mac will be verified by client now
11>ssl has been created now
one more thing what is MAC?
since we are using a ssl v3 now
i will stick to it only data is broken in to parts one is encrypted with MD-5 and other half with SHA-1 and these two are XOR’ed and Resultant is MAC(message authentication code)
DOS attack?
denial of service attack is the last step taken by an hacker when he can not enter the perimeter of a protected n/w.remember a good sys admin will never need a firewall to protect his n/w.
dos attack is done to limit legitimate users from accessing the required data and thus availability is stopped from (AIC triad-availability,integrity,confidentiality).
19 Comments on Security interview questions for network admin
A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
* Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
* Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
* Stateful inspection - A newer method that doesn’t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
DNS Hijacking mean hijacker spoof the ip of any DNS query. Lets example. user send a DNS requset for YAHOO.com and Hijacker hijack this packet & answer on behalf of DNS and give the wrong IP Assres.
SSL is Secure Socket Layer. CA Genrates the certificates.
Denial of Service attack means server or machine receive so many packets from the single or multiple network sources or spoofed resources so that its all resources will be used to in responce of those packets & after that it will hang or not responding. Then it will start to denial to its services.
Why are you answering these questions people? These are questoins for a ‘job interview’ not for you to show off your clearly impeccable grasp of the english language.
. FireWall is nothing but it is used to avoid the unwanted trafic or unauthorised entry. The Firewall has 2 types 1. Hardware & 2.Software. Now the most familiar used firewall is PIX from the make of cisco. and other firewalls like nokia and so on..
further… as a security measure it also depends on the network designer and implementer that how to use a Firewall mean to say the security measures like how to present the content filtering and Url filtering which type of firewall should be used and where to put it..
20d3
9). What is SSL? How do you create certificates?
Ans : SSL: Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the internet. SSL works by useing a private key to encrypt data that`s transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, Web pages that require an SSL connection start with https: instead of http .
(1)A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
What is a firewall?
Firewall is a device or a software which restricts the unauthorised accesses to and from the network……….Guys its that simple no need to beat around the bush
Cheers
Sunil Reddy.M
Security Consultant
ssh=secure shell used for remotely logged in another clint systems through a linux administrator.
SSH is a secure way of connecting to a Server or Remote host. This protocols replaces the Telnet applications.
SSH uses 3 different ways of authentications,
1. Preshared Key authentication
2. Public/Private key authentication
3. Host based authentication
SSHkeygen tool is used to generate Public and Private keys for a host.
Firewall is a program or hardware device
which performs the following operations
1. Packet Filtering (Main Purpose of a F/W)
2. Address Translations and
3. Routing Packets (Leastly)
If you give this answer in any interview interviwer will not ask any more questions
Fire-wall -As the naem suggest Fire wall it is a wall between ur network ad the public network .All the data coming from out side is get filtered o by ur firewall divice it can be a hardware or software that restricts the entry of data packets.it governs by the rules and regulation set by ur admin.
let me give u a simple example-: lets Assume a Water tank fitted at the top of ur building the tank get fill by the pipe line cuming from outside the building now once the tank filled the water will suplied to each house of that building if the water that filled on tank is polluted thn it effect the health of all the pple consuming that water
wat i mean here is if the water enters into the tank himself polluted if we put sum filter equipment between that water pipe filling the tank then we will get clean water thts it
For any straight question everyone expects straight answer not an explanation.
Please ensure you are giving straight answer,
Not stories
what is SYN flood ?
A sync- Flood is a attack that consist of TCP packets.The attacker flooded ur machine with TCP packets that causes to reboot the system also and if ur connected to some remote machine thn u will get disconnected.There are various tools available for sync attack u can try to learn more from them some of them are hping ,jwddos, or u can also write ur own tool using socket programming
Proxy Servers
A proxy server is server tht sits between ur machine and web server with whom ur communicating.
Proxy server is useful in hiding ur machine IP
By using proxy server u can get quick reply and reponse as the request are handle by the proxy.
Firewall?
Firewall is a device/a program which separates trusted network from an untrusted network.There are 4 types of firewall
1>packet filters
2>circuit level firewall–>acts on session layer
3>application level/proxy–>acts on application level
4>state full–>performs all the operations above said.
the above said can be included in an hardware or used like a software
ex:—Hardware–>CISCO PIX,Fortinet,Juniper,netscreen,sonic wall
ex:software—>checkpoint,iptables,
How do we create certificates in SSL?
The client1(like yahoo/gmail) goes to a CA(certificate authority)like satyam in India which is authorised to give certificates.
This certificate usally contains public key(here we use asymetric encryprion for non-repudiation),date of expiry,who has issued this certificate.The client2(like a comp in internet cafe which initiates the connection) when receives this certificate can verify abt the client1 with CA.
to understand the whole process of the SSL
let me put it in this way(in points)
1>comp says hello(random no.+ ciphers+ algorithms)
2>gmails says(random number+chosen cipher+chosen algorithm from comp hello msg)
3>gmail again sends certificate negotiation done packet
4>comp req client key req
(pre master key/public key/or nothing)
5>masterkeys are sent by both(comp and gmail)
6>comp sends change cipher spec(encryption will be done here after)
7>it sends a fineshed msg(hash+MAC)
8>gmail verifies the hash and MAC
9>point 4,5,6,7 will be done now from gmail side
10>hash and mac will be verified by client now
11>ssl has been created now
one more thing what is MAC?
since we are using a ssl v3 now
i will stick to it only data is broken in to parts one is encrypted with MD-5 and other half with SHA-1 and these two are XOR’ed and Resultant is MAC(message authentication code)
DOS attack?
denial of service attack is the last step taken by an hacker when he can not enter the perimeter of a protected n/w.remember a good sys admin will never need a firewall to protect his n/w.
dos attack is done to limit legitimate users from accessing the required data and thus availability is stopped from (AIC triad-availability,integrity,confidentiality).