1. What’s the difference between a router, a bridge, a hub and a switch?
Router join multiple networks together
Bridge connects a LAN to another LAN
Hub is a device to connect multiple computer together (single collision domain, broadcast)
Switch join multiple computer together (separate collision domain to each port, not broadcast)
2. Please explain how the SSL protocol works?
TLS/SSL authenticates and secures data transfers by using certificate-based authentication and symmetric encryption keys. A popular implementation of public-key encryption is the Secure Sockets Layer (SSL). SSL has become part of an overall security protocol known as Transport Layer Security (TLS).
3. What is a Syn Flood attack, and how to prevent it?
System floods with a series of TCP SYN packets. Each packets causes system to issue a SYN-ACK responses. Then system waits for ACK that follows the SYN+ACK (3 way handshake). Since attack never sends back ACK again entire system resources get fulled aka backlog queue. Once the queue is full system will ignored incoming request from legitimate users for services (http/mail etc)
How to Prevent it?
with a Firewall
Force SYN packets check
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Force Fragments packets check
iptables -A INPUT -f -j DROP
XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Drop all NULL packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
with a Firewall
Force SYN packets check
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Force Fragments packets check
iptables -A INPUT -f -j DROP
XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Drop all NULL packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
4. Your network has been infected by malware. Please walk me through the process of cleaning up the environment.
Software that is intended to damage or disable computers and computer systems.
Software that is intended to damage or disable computers and computer systems.
4.1. Restart windows and load in safe mode with F8
4.2. delete temporary files
4.3. scan with a malwarebytes
or
4.4. boot with linux and scan
5. What kind of authentication does AD use?
The two types of authentication are Mutual Authentication and NTLM. Mutual Authentication requires both the server and the client to identify them. NTLM only requires the client to be validated by the server.
6. What’s the difference between a Proxy and a Firewall?
Proxy acts as an intermediary for requests from clients seeking resources from other servers.
Firewall designed to permit or deny network transmissions based upon a set of rules
7. What is Cross-Site Scripting and how can it be prevented?
Cross Site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques. Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data.
8. What’s the difference between symmetric and asymmetric encryption?
Symmetric encryption use secret key only
Asymmetric encryption use public key and private key
Symmetric encryption use secret key only
Asymmetric encryption use public key and private key
9. What’s the difference between encryption and hashing?
Encryption provide a 1:1 mapping between an arbitrary length input and and output. And they are always reversible.
Hash provide a mapping between an arbitrary length input, and a (usually) fixed length (or smaller length) output. It's always a many:1 mapping.
10. Why should I use server certificates on my e-commerce website?
it is responsibility to secure the information collected for business transactions.
it is responsibility to secure the information collected for business transactions.
11. What’s port scanning and how does it work?
A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.
12. Please explain how asymmetric encryption works?
asymmetric encryption, in which there are two related keys--a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.
13. Can a server certificate prevent SQL injection attacks against your system? Please explain.
SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.
Enabling a web application to authenticate and access the database requires a Secure Sockets Shell (SSH) client on the web server and a SSH server on the database server. SSH secures the connection by encrypting the data stream including passwords and other sensitive data and eliminating network level attacks.
14. Do you have a home lab? If so, how do you use it to perfect your skills.
15. What is a Man In The Middle attack?
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
16. Take me through the process of pen testing a system.
penetration test evaluates the security of a computer system or network by simulating an attack by a malicious user, commonly known as a hacker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack, the amount of business impact of a successful exploit, if discovered.
17. What is vulnerability test and how do you perform it?
A network vulnerability assessment evaluates all your systems as they are seen remotely from the Internet on a daily, weekly, or monthly basis. From there, potential security vulnerabilities and changes in the network that could be exploited by attackers are revealed before they are taken advantage of.
18. What are the latest threats you foresee for the near future?
19. How would you harden a Windows Server? What about a Linux Server?
20. What do you understand by layered security approach?
21. What’s the better approach setting up a firewall: dropping or rejecting unwanted packets and why?
22. Please detail 802.1x security vs. 802.11 security (don’t confuse the protocols).
The 802.1x standard offers an effective framework for authenticating and controlling user traffic to a protected network. 802.1x allows wireless services to have centralized authentication of wireless users or stations. 802.1x ties a protocol called Extensible Authentication Protocol (EAP) to the wireless local area network (WLAN) media.
23. What is stateful packet inspection?
Stateful Packet Inspection (SPI), every time a packet is sent out of the computer, the firewall keeps track of it. When a packet comes back to the firewall, the firewall can tell whether or not the in-bound packet is a reply to the packet that was sent out.
24. What is NAT and how does it work?
The network address translation (NAT) is a routing protocol component that, when enabled on a server running the Routing and Remote Access service, translates IPv4 addresses and TCP or UDP port numbers of request packets originating from a client on a private network, forwards the translated packets to a destination computer on the Internet (or other public network), and then performs reverse translation for response packets sent by the destination computer back to the client.
25. What is a buffer overflow?
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.
26. What are the most common application security flaws?
27. What is a false positive?
Managerial
1. What is ISO 27001 and why should a company adopt it?
2. Please describe step-by-step how you would prepare and perform an audit of any given system.
3. What is a “RISK”, how can it be measured and what actions can be taken to treat it?
4. Please describe the steps to be taken by a company implementing an ISMS framework
5. Why did you become (CISSP/CISA) certified?
6. During an audit, an interviewee is not disclosing the information being requested. How would you overcome this situation?
7. Within the PCI-DSS sphere, what is a compensating control?
8. Who is the ultimate responsible to classify a company’s information: the Infosec Team or the information owner?
9. Please describe the process of evaluating and analysing risks.
10. What actions would you take to change end user behavior towards InfoSec?
11. How do you ensure a secure software development? What are the best practices to be followed?