Pages

Thursday, December 31, 2015

Security Interview Questions

Interview questions on Firewall
1. Which feature on a firewall can be used for mitigating IP spoofing attacks
Access control list can be used for the purpose.

2. What type of firewall can be used to block a web security threat
A web application firewall or a layer 7 firewall can be used for the purpose.

3. Which fields in a packet does a network layer firewall look into for making decisions?
IP and transport layer headers for information related to source and destination IP addresses, port numbers etc.

4. Which feature on a Cisco firewall can be used for protection against TCP Syn flood attacks
TCP intercept feature.

5. Which feature on a firewall can be used to block a specific URL or a website.
URL Filtering.

6. Which is the main field in an IP header, which is modified by a NAT firewall.
The source IP address in the IP header.

7. What type of firewall can be configured for providing user-based authentication to users on the LAN network.
Proxy firewall.

Network Security Interview questions
1. How can a brute force attack on a router be prevented
A limit for the maximum number of login attempts can be setup on the router. On exceeding the limit, the account can be locked. Logs can be setup on the router to observe the IP address from which the login attempts is generated and an access list set up to block the IP.

2. Name two radius servers which are used in network environment
IAS Server and FreeRadius.

3. A switch is configured to authenticate users with a radius server. Which port on the server would be used for radius authentication
UDP port 1812 would be used for the same.

4. A user needs to access a Windows PC, which is behind a NAT router in office. What method can be used to access the desktop of the PC from home
To access the desktop of a remote PC, windows remote desktop protocol can be used.Since the PC is behind a NAT router, port forwarding can be setup on the router to forward packets to the internal PC. The user at home would initiate remote desktop connection to the internet IP address of the NAT router, which would forward
the request to the internal PC.

5. A VPN server is to be deployed in an organization. The VPN server would be used by remote users for gaining access to the organization network. The organization has a NAT router, which is used by users inside the organization for internet sharing and has one public IP address. Can the VPN server use the same IP address, which can then be used by remote users?
The VPN server can be setup behind the NAT router and port forwarding configured to allow incoming traffic to the VPN server. The remote users would connect to the public IP address of the NAT router, which would then forward the request to the VPN server.

6. Which feature on a wireless access point can be used for blocking unauthorized access based on the mac-address
Mac-filtering feature on an access point can be used. The list of allowed mac-addresses can be configured using the feature.

7. Which field in a STP packet is manipulated in a STP BPDU attack?
The priority value in the STP header is crafted lower than the actual root bridge value, which would make the STP topology change, as lower priority value packet would be elected as the root bridge.

8. Which is a common feature used by stateless firewalls
Access control lists

9. What is TKIP and why is it used.
TKIP stands for temporal key integrity protocol. It is used by WPA, wifi protected access to provide encryption services on a wireless network.

IPSEC Interview questions
1. In which IPSEC Phase is the keys used for data encryption derived.


The keys are derived in IPSEC phase 2. The derived keys are used by IPSEC
 protocol ESP for encrypting the data.

2. How the IPSEC do protocols, ESP and AH provide replay protection.
ESP and AH include the sequence number fields in the respective headers. The
 values are used by the IPSEC peers to track duplicate packets. If a packet with an
 already received sequence number arrives, it would be rejected, thus providing 
replay protection.

3. In IPSEC, If ESP provides both encryption and authentication, why is AH 
required.
ESP does not provide authentication to the outer IP header, which AH does.

4. Explain two methods by which two IPSEC routers can authenticate with each other.
IPSEC routers can be authenticated using pre-shared keys or using digital 
certificates.

5. Which UDP ports should be open on a firewall to allow traffic from a L2TP/IPSEC based VPN clients to a PPTP VPN server on the inside
UDP port 500 for IKE traffic, UDP port 1701 for L2TP communication between client and server and UDP port 4500 for NAT-T communication.



6. Which IP protocol does AH and ESP headers use in IPSEC.
ESP and AH use IP protocol 50 and 51 respectively.

6. Which type of VPN would you use if data has to be encrypted at the network 
layer
IPSEC VPN encrypts data at the network layer whereas SSL encrypts data at the 
application layer.

Interview questions on network address translation
1. Name one instance where static NAT is used in a real-world deployment
It is used for mapping a public IP address for a Server with a private IP address.

2. Why does Active FTP not work with NAT in an Internet environment?
In Active FTP, the data connection is established to a port on the FTP client by the FTP server. The port number along with the IP address to which the server needs to initiate the connection is provided by the FTP client after the control connection is successful. When the client is behind the NAT router, the FTP server cannot initiate the connection to the provided IP address, as typically it would be a private IP address not routable on the internet.

3. How does NAT work in situations where transport layer protocols are not used. For ex: Ping
Ping does not use transport layer protocols. It uses ICMP at the network layer. NAT uses the sequence number field in the ICMP header to identify packets on which NAT is applied.

4. Two computers are behind a NAT router. The computers use the routers public IP address for sharing internet connection.If a user on the internet pings the public IP address of the router, which device would respond
The router would respond as it is configured for the public ip address.

5. How many times can NAT be applied to a packet before it reaches the destination
Any number of times.

6. Give a good reason as to why a NAT router is preferred over a Proxy for sharing internet connection
NAT works at the network layer. This means that irrespective of the application, all packets can be sent out on the internet. Proxy is application specific. So if a HTTP proxy is deployed, it can send out only HTTP based traffic on to the internet. Other traffic like ping, FTP etc would be blocked.

7. Does TCP checksum change after NAT is applied
TCP checksums are calculated based on a pseudo header which also includes source IP address of the IP header. Since the source IP header address is modified when NAT is applied, the checksum would be affected.

Security Testing Interview Questions and Answers
What is Security Testing?
Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended.
Security testing is the most important type of testing for any application. In this type of testing, tester plays an important role of an attacker and play around the system to find security-related bugs.

Q#1. What is Security Testing?

Ans. Security testing can be considered most important in all type of software testing. Its main objective is to find vulnerabilities in any software (web or networking) based application and protect their data from possible attacks or intruders.
As many applications contain confidential data and needs to be protected being leaked. Software testing needs to be done periodically on such applications to identify threats and to take immediate action on them.

Q#2. What is “Vulnerability”?

Ans. The Vulnerability can be defined as a weakness of any system through which intruders or bugs can attack on the system.
If security testing has not been performed rigorously on the system then chances of vulnerabilities get an increase. Time to time patches or fixes requires preventing a system from the vulnerabilities.

Q#3. What is the Intrusion Detection?

Ans. Intrusion detection is a system which helps in determining possible attacks and deal with it. Intrusion detection includes collecting information from many systems and sources, analysis of the information and find out the possible ways of attack on the system.
Intrusion detection check following:
    1.    Possible attacks
    2.    Any abnormal activity
    3.    Auditing the system data
    4.    Analysis of different collected data etc.

Q#4. What is “SQL injection”?

Ans. SQL Injection is one of the common attacking techniques used by hackers to get the critical data.
Hackers check for any loophole in the system through which they can pass SQL queries which bypassed the security checks and return back the critical data. This is known as SQL injection. It can allow hackers to steal the critical data or even crash a system.
SQL injections are very critical and need to be avoided. Periodic security testing can prevent these kinds of attacks. SQL database security needs to be defined correctly and input boxes and special characters should be handled properly.

Q#5. List the attributes of Security Testing? 

Ans. There are following seven attributes of Security Testing:
    1.    Authentication
    2.    Authorization
    3.    Confidentiality
    4.    Availability
    5.    Integrity
    6.    Non-repudiation
    7.    Resilience

Q#6. What is XSS or Cross Site Scripting?

Ans. XSS or cross-site scripting is a type of vulnerability that hackers used to attack web applications.
It allows hackers to inject HTML or JAVASCRIPT code into a web page which can steal the confidential information from the cookies and returns to the hackers. It is one of the most critical and common techniques which needs to be prevented.

Q#7. What is SSL connection and an SSL session?

Ans. SSL or secured socket layer connection is a transient peer-to-peer communications link where each connection is associated with one SSL Session.
SSL session can be defined as an association between client and server generally created by handshake protocol. There are set of parameters are defined and it may be shared by multiple SSL connections.

Q#8. What is “Penetration Testing”?

Ans. Penetration testing is on the security testing which helps in identifying vulnerabilities in a system. A penetration test is an attempt to evaluate the security of a system by manual or automated techniques and if any vulnerability found testers use that vulnerability to get deeper access to the system and found more vulnerabilities. The main purpose of this testing to prevent a system from any possible attacks.
Penetration testing can be done in two ways –White Box testing and Black box testing.
In white box testing, all the information is available with the testers whereas in black box testing testers don’t have any information and they test the system in real-world scenario to find out the vulnerabilities.

Q#9. Why “Penetration Testing” is important?

Ans. Penetration testing is important because-
    1.    Security breaches and loopholes in the systems can be very costly as threat of attack is always possible and hackers can steal the important data or even crash the system.
    2.    It is impossible
    3.    Penetration testing identifies and protects a system by above mentioned attacks and helps organizations to keep their data safe.
Q#10.  Name the two common techniques used to protect a password file?
Ans. Two common techniques to protect a password file are- hashed passwords and a salt value or password file access control.

Q#11. List the full names of abbreviations related to Software security?

Ans. Abbreviations related to software security are:
    1.    IPsec – Internet Protocol Security is a suite of protocols for securing Internet
    2.    OSI – Open Systems Interconnection
    3.    ISDN Integrated Services Digital Network
    4.    GOSIP- Government Open Systems Interconnection Profile
    5.    FTP – File Transfer Protocol
    6.    DBA – Dynamic Bandwidth Allocation
    7.    DDS – Digital Data System
    8.    DES – Data -Encryption Standard
    9.    CHAP – Challenge Handshake Authentication Protocol
    10.    BONDING – Bandwidth On Demand Interoperability Group
    11.    SSH – The Secure Shell
    12.    COPS Common Open Policy Service
    13.    ISAKMP – Internet Security Association and Key Management Protocol
    14.    USM – User-based Security Model
    15.    TLS – The Transport Layer Security

Q#12. What is ISO 17799?

Ans. ISO/IEC 17799 is originally published in UK and defines best practices for Information Security Management. It has guidelines for all organizations small or big for Information security.

Q#13. List down some factors that can cause vulnerabilities?

Ans. Factors causing vulnerabilities are:
    1.    Design flaws – If there are loopholes in the system that can allow hackers to attack the system easily.
    2.    Passwords – If passwords are known to hackers they can get the information very easily. Password policy should be followed rigorously to minimize the risk of password steal.
    3.    Complexity – Complex software can open the doors on vulnerabilities.
    4.    Human Error – Human error is a significant source of security vulnerabilities.
    5.    Management – Poor management of the data can lead to the vulnerabilities in the system.

Q#14. List the various methodologies in Security testing?

Ans. Methodologies in Security testing are:
    1.    White Box- All the information are provided to the testers.
    2.    Black Box- No information is provided to the testers and they can test the system in real-world scenario.
    3.    Grey Box- Partial information is with the testers and rest they have to test on their own.

Q#15. List down the seven main types of security testing as per Open Source Security Testing methodology manual?

Ans. The seven main types of security testing as per Open Source Security Testing methodology manual are:
    1.    Vulnerability Scanning: Automated software scans a system against known vulnerabilities.
    2.    Security Scanning :Manual or automated technique to identify network and system weaknesses.
    3.    Penetration testing: Penetration testing is on the security testing which helps in identifying vulnerabilities in a system.
    4.    Risk Assessment: It involves analysis of possible risk in the system. Risks are classified as Low, Medium and High.
    5.    Security Auditing :Complete inspection of systems and applications to detect vulnerabilities.
    6.    Ethical hacking :Hacking done on a system to detect flaws in it rather than personal benefits.
    7.    Posture Assessment :This combines Security scanning, Ethical Hacking and Risk Assessments to show an overall security posture of an organization.

Q#16. What is SOAP and WSDL?
Ans. SOAP or Simple Object Access Protocol  is a XML-based protocol through which applications exchange information over HTTP. XML requests are send by web services in SOAP format then a SOAP client sends a SOAP message to the server. The server responds back again with a SOAP message along with the requested service.

Q#17. List the parameters that define an SSL session connection?

Ans. The parameters that define an SSL session connection are:
    1.    Server and client random
    2.    Server write MACsecret
    3.    Client write MACsecret
    4.    Server write key
    5.    Client write key
    6.    Initialization vectors
    7.    Sequence numbers

Q#18. What is file enumeration?

Ans. This kind of attack uses the forceful browsing with the URL manipulation attack. Hackers can manipulate the parameters in URL string and can get the critical data which generally not open for public such as achieved data, old version or data which in under development.

Q#19. List the benefits that can be provided by an intrusion detection system?

Ans. There are three benefits of an intrusion detection system.
    1.    NIDS or Network Intrusion Detection
    2.    NNIDS or Network Node Intrusion detection system
    3.    HIDS or Host Intrusion Detection System

Q#20. What is HIDS?

Ans. HIDS or Host Intrusion Detection system is a system in which snapshot of the existing system is taken and compares with the previous snap shot. It checks if critical files were modified or deleted then a alert is generated and send to the administrator.

Q#21. List down the principal categories of SET participants?

Ans. Following are the participants:
    1.    Cardholder
    2.    Merchant
    3.    Issuer
    4.    Acquirer
    5.    Payment gateway
    6.    Certification authority

Q#22. Explain “URL manipulation”?

Ans. URL manipulation is a type of attack in which hackers manipulate the website URL to get the critical information. The information is passed in the parameters in the query string via HTTP GET method between client and server. Hackers can alter the information between these parameters and get the authentication on the servers and steal the critical data.
In order to avoid this kind of attacks security testing of URL manipulation should be done. Testers themselves can try to manipulate the URL and check for possible attacks and if found they can prevent these kinds of attacks.

Q#23. What are the three classes of intruders?

Ans. Following are the three classes of intruders:
    1.    Masquerader: It can be defined as an individual who is not authorized on the computer but hack the system’s access control and get the access of authenticated user’s account.
    2.    Misfeasor: In this case user is authenticated to use the system resources but he miss uses his access on the system.
    3.    Clandestine user It can be defined as an individual who hacks the control system of the system and bypasses the system security system.

Q#24. List the component used in SSL?

Ans. Secure Sockets Layer protocol or SSL is used to make secure connection between client and computers. Below are the component used in SSL:
    1.    SSL Recorded protocol
    2.    Handshake protocol
    3.    Change Cipher Spec
    4.    Encryption algorithms

Q#25. What is port scanning?

Ans. Ports are the point from where information goes in and out of any system. Scanning of the ports to find out any loop holes in the system are known as Port Scanning. There can be some weak points in the system to which hackers can attack and get the critical information. These points should be identified and prevented from any misuse.
Following are the types of port scans:
    1.    Strobe: Scanning of known services.
    2.    UDP: Scanning of open UDP ports
    3.    Vanilla: In this scanning the scanner attempts to connect to all 65,535 ports.
    4.    Sweep: The scanner connects to the same port on more than one machine.
    5.    Fragmented packets: The scanner sends packet fragments that get through simple packet filters in a firewall
    6.    Stealth scan: The scanner blocks the scanned computer from recording the port scan activities.
    7.    FTP bounce: The scanner goes through an FTP server in order to disguise the source of the scan.

Q#26. What is a Cookie?

Ans. Cookie is a piece of information received from web server and stored in a web browser which can be read anytime later. Cookie can contain password information, some auto-fill information and if any hackers get these details it can be dangerous. Learn here how to test website cookies.

Q#27. What are the types of Cookies?

Ans. Types of Cookies are:
    •    Session Cookies – These cookies are temporary and last in that session only.
    •    Persistent cookies – These cookies stored on the hard disk drive and last till its expiry or manually removal of it.

Q#28. What is a honeypot?

Ans. Honeypot is fake computer system which behaves like a real system and attracts hackers to attack on it. Honeypot is used to find out loop holes in the system and to provide solution for these kinds of attacks.

Q#29. List the parameters that define an SSL session state?

Ans. The parameters that define an SSL session state are:
    1.    Session identifier
    2.    Peer certificate
    3.    Compression method
    4.    Cipher spec
    5.    Master secret
    6.    Is resumable

Q#30. Describe Network Intrusion Detection system?

Ans. Network Intrusion Detection system generally known as NIDS. It is used for analysis of the passing traffic on the entire sub-net and to match with the known attacks. If any loop hole identified then administrator receives an alert.


https://intellipaat.com/blog/interview-question/cyber-security-interview-questions/





2 comments: