Security interview questions for network admin

  1. What is a firewall?
  2. Describe, genrally, how to manage a firewall
  3. What is a Denial of Service attack?
  4. What is a “spoofed” packet?
  5. What is a SYN Flood?
  6. What do you do if you are a victim of a DoS?
  7. What is GPG/PGP?
  8. What is SSH?
  9. What is SSL? How do you create certificates?
  10. What would you do if you discovered a UNIX or Network device on your network has been compromised?
  11. What would you do if you discovered a Windows system on your network has been comrpromised?
  12. What is DNS Hijacking?
  13. What is a log host?
  14. What is IDS or IDP, and can you give me an example of one?
  15. Why are proxy servers useful?
  16. What is web-caching?
This entry was posted in Networking. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

19 Comments on Security interview questions for network admin

  1. anju
    Posted 2/28/2006 at 4:14 pm | Permalink

    A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

    Firewalls use one or more of three methods to control traffic flowing in and out of the network:

    * Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
    * Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
    * Stateful inspection - A newer method that doesn’t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

  2. Ranjha Singh
    Posted 11/3/2006 at 10:43 am | Permalink

    DNS Hijacking mean hijacker spoof the ip of any DNS query. Lets example. user send a DNS requset for and Hijacker hijack this packet & answer on behalf of DNS and give the wrong IP Assres.

  3. Ranjha Singh
    Posted 11/3/2006 at 10:52 am | Permalink

    SSL is Secure Socket Layer. CA Genrates the certificates.

    Posted 11/3/2006 at 11:02 am | Permalink

    Denial of Service attack means server or machine receive so many packets from the single or multiple network sources or spoofed resources so that its all resources will be used to in responce of those packets & after that it will hang or not responding. Then it will start to denial to its services.

  5. Posted 12/8/2006 at 2:29 pm | Permalink

    Why are you answering these questions people? These are questoins for a ‘job interview’ not for you to show off your clearly impeccable grasp of the english language.

  6. virendra yadav
    Posted 5/8/2007 at 6:37 am | Permalink

    . FireWall is nothing but it is used to avoid the unwanted trafic or unauthorised entry. The Firewall has 2 types 1. Hardware & 2.Software. Now the most familiar used firewall is PIX from the make of cisco. and other firewalls like nokia and so on..
    further… as a security measure it also depends on the network designer and implementer that how to use a Firewall mean to say the security measures like how to present the content filtering and Url filtering which type of firewall should be used and where to put it..

  7. Harish P
    Posted 6/5/2007 at 7:32 pm | Permalink

    9). What is SSL? How do you create certificates?

    Ans : SSL: Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the internet. SSL works by useing a private key to encrypt data that`s transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, Web pages that require an SSL connection start with https: instead of http .

  8. Naveen
    Posted 7/2/2007 at 6:35 am | Permalink

    (1)A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

  9. Sunil Reddy
    Posted 7/26/2007 at 12:53 pm | Permalink

    What is a firewall?

    Firewall is a device or a software which restricts the unauthorised accesses to and from the network……….Guys its that simple no need to beat around the bush

    Sunil Reddy.M
    Security Consultant

  10. deepak kajla
    Posted 9/3/2007 at 1:24 am | Permalink

    ssh=secure shell used for remotely logged in another clint systems through a linux administrator.

  11. DPK
    Posted 11/27/2007 at 2:50 am | Permalink

    SSH is a secure way of connecting to a Server or Remote host. This protocols replaces the Telnet applications.

    SSH uses 3 different ways of authentications,

    1. Preshared Key authentication
    2. Public/Private key authentication
    3. Host based authentication

    SSHkeygen tool is used to generate Public and Private keys for a host.

  12. Venkat
    Posted 5/13/2008 at 2:07 am | Permalink

    Firewall is a program or hardware device

    which performs the following operations

    1. Packet Filtering (Main Purpose of a F/W)
    2. Address Translations and
    3. Routing Packets (Leastly)

    If you give this answer in any interview interviwer will not ask any more questions

  13. Ashish Mishra
    Posted 5/18/2008 at 2:49 pm | Permalink

    Fire-wall -As the naem suggest Fire wall it is a wall between ur network ad the public network .All the data coming from out side is get filtered o by ur firewall divice it can be a hardware or software that restricts the entry of data governs by the rules and regulation set by ur admin.

    let me give u a simple example-: lets Assume a Water tank fitted at the top of ur building the tank get fill by the pipe line cuming from outside the building now once the tank filled the water will suplied to each house of that building if the water that filled on tank is polluted thn it effect the health of all the pple consuming that water

    wat i mean here is if the water enters into the tank himself polluted if we put sum filter equipment between that water pipe filling the tank then we will get clean water thts it

  14. Venkat
    Posted 5/19/2008 at 6:05 am | Permalink

    For any straight question everyone expects straight answer not an explanation.
    Please ensure you are giving straight answer,
    Not stories

  15. Ashish Mishra
    Posted 5/20/2008 at 1:19 am | Permalink

    what is SYN flood ?

    A sync- Flood is a attack that consist of TCP packets.The attacker flooded ur machine with TCP packets that causes to reboot the system also and if ur connected to some remote machine thn u will get disconnected.There are various tools available for sync attack u can try to learn more from them some of them are hping ,jwddos, or u can also write ur own tool using socket programming

  16. Ashish Mishra
    Posted 5/23/2008 at 9:20 am | Permalink

    Proxy Servers

    A proxy server is server tht sits between ur machine and web server with whom ur communicating.

    Proxy server is useful in hiding ur machine IP
    By using proxy server u can get quick reply and reponse as the request are handle by the proxy.

  17. Ravindra
    Posted 12/15/2008 at 12:32 am | Permalink

    Firewall is a device/a program which separates trusted network from an untrusted network.There are 4 types of firewall
    1>packet filters
    2>circuit level firewall–>acts on session layer
    3>application level/proxy–>acts on application level
    4>state full–>performs all the operations above said.

    the above said can be included in an hardware or used like a software
    ex:—Hardware–>CISCO PIX,Fortinet,Juniper,netscreen,sonic wall


  18. Ravindra
    Posted 12/15/2008 at 12:49 am | Permalink

    How do we create certificates in SSL?

    The client1(like yahoo/gmail) goes to a CA(certificate authority)like satyam in India which is authorised to give certificates.
    This certificate usally contains public key(here we use asymetric encryprion for non-repudiation),date of expiry,who has issued this certificate.The client2(like a comp in internet cafe which initiates the connection) when receives this certificate can verify abt the client1 with CA.

    to understand the whole process of the SSL
    let me put it in this way(in points)
    1>comp says hello(random no.+ ciphers+ algorithms)
    2>gmails says(random number+chosen cipher+chosen algorithm from comp hello msg)
    3>gmail again sends certificate negotiation done packet
    4>comp req client key req
    (pre master key/public key/or nothing)
    5>masterkeys are sent by both(comp and gmail)
    6>comp sends change cipher spec(encryption will be done here after)
    7>it sends a fineshed msg(hash+MAC)
    8>gmail verifies the hash and MAC
    9>point 4,5,6,7 will be done now from gmail side
    10>hash and mac will be verified by client now
    11>ssl has been created now
    one more thing what is MAC?
    since we are using a ssl v3 now
    i will stick to it only data is broken in to parts one is encrypted with MD-5 and other half with SHA-1 and these two are XOR’ed and Resultant is MAC(message authentication code)

  19. Ravindra
    Posted 12/15/2008 at 12:54 am | Permalink

    DOS attack?
    denial of service attack is the last step taken by an hacker when he can not enter the perimeter of a protected n/w.remember a good sys admin will never need a firewall to protect his n/w.
    dos attack is done to limit legitimate users from accessing the required data and thus availability is stopped from (AIC triad-availability,integrity,confidentiality).

Post a Comment

Your email is never published nor shared. Required fields are marked *