Networks Security Interview Preparation Guide Download PDF
Networks and Security guideline for job interview preparation. Explore list of Network Security frequently asked questions(FAQs) asked in number of Networks and Security interviews. Post your comments as your suggestions, questions and answers on any Network Security Interview Question or answer. Ask Network Security Question, your question will be answered by our fellow friends.
17 Networks and Security Questions and Answers:
1 :: What is an ARP and how does it work?
ARP(ADDRESS RESOLUTION PROTOCOL) is a network layer protocol which associates the physical hardware address of a network node(commonly known as a MAC ADDRESS) to its ip address. now an ARP creates a table known as ARP CACHE/TABLE that maps ip addresses to the hardware addressess of nodes on the local network.
if based on the ip address it sees that it has the node's mac address in its ARP TABLE then transmitting to that ip address is done quicker because the destination is known and voila network traffic is reduced.
if based on the ip address it sees that it has the node's mac address in its ARP TABLE then transmitting to that ip address is done quicker because the destination is known and voila network traffic is reduced.
2 :: Explain What are digital signatures and smart cards?
Digital signature : Information that is encrypted with an entity private key and is appended to a message to assure the recipient of the authenticity and integrity of the message. The digital signature proves that the message was signed by the entity that owns, or has access to, the private key or shared secret symmetric key.
smart cards : Smart cards help businesses evolve and expand their products and services in a rapidly changing global market. In addition to the well known commercial applications (banking, payments, access control, identification, ticketing and parking or toll collection), in recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications (secure logon and authentication of users to PC and networks, storage of digital certificates, passwords and credentials, encryption of sensitive data, wireless communication subscriber authentication, etc.)
smart cards : Smart cards help businesses evolve and expand their products and services in a rapidly changing global market. In addition to the well known commercial applications (banking, payments, access control, identification, ticketing and parking or toll collection), in recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications (secure logon and authentication of users to PC and networks, storage of digital certificates, passwords and credentials, encryption of sensitive data, wireless communication subscriber authentication, etc.)
3 :: Explain Difference between broadcast domain and collision domain?
Broadcast Domain
send the packet to all the Present Network
IT may be send by the person
it may broadcast by the switch when the address not found in the Network.
For breaking broadcast domain We can Use Router
Collision Domain:
Switch has no collision as compare to hun (layer on Device
Broadcast Domain is the area where when one device in the network sends the data or packet it will received by all the devices present over the network.
send the packet to all the Present Network
IT may be send by the person
it may broadcast by the switch when the address not found in the Network.
For breaking broadcast domain We can Use Router
Collision Domain:
Switch has no collision as compare to hun (layer on Device
Broadcast Domain is the area where when one device in the network sends the data or packet it will received by all the devices present over the network.
4 :: What is Kerberos Protocol?
Kerberos is an authentication protocol,it is named after a dog who is according to the Greek mythology,- is said to stand at the gates of Hades.In the terms of computer networking it is a collection of softwares used in large networks to authenticate and establish a user's claimed identity.It is developed by MIT and using a combination of encryption as well as distributed databases so that the user can log in start a session.
It has some disadvanteges though.As I said Kereberos had been developed by MIT under the project Athena,- Kerberos is designed to authenticate the end users on the servers.
Kerberos is not a peer to peer system ,nor was it meant to do for one computer system's daemons to contact another computer.
There are many issues concerning to Kerberos.Namely,on most of the computer system there is no a secure area to save the keys.
It is known that a keys must be stored in plain text format in order to obtain a "ticket granting ticket" this area where the tickets are resides obviously supposed be a secured area.
However this is not the case therefore most of the time this is actually a potential security risk.
In case if the plain text key could be obtained by a hacker the Kerberos authentication server in that specific realm can be comprimised fairly easily.
It is also noteable that the other issue is the actual mechanism how the Kerberos handling the keys on a multisuser computer.The keys are cached and can be obtained by other user as well who are logged into the computer network..On a single user workstation only the actual user has access to system resources however if the workstation support multiple users then it is possible for another user on the system to obtain the keys.
Some other weaknesses are also exist in the Kerberos protocol, however those vulnerabilities are too complicated to discuss without the deep understanding of the protocol and the way as it had been implemented.
It has some disadvanteges though.As I said Kereberos had been developed by MIT under the project Athena,- Kerberos is designed to authenticate the end users on the servers.
Kerberos is not a peer to peer system ,nor was it meant to do for one computer system's daemons to contact another computer.
There are many issues concerning to Kerberos.Namely,on most of the computer system there is no a secure area to save the keys.
It is known that a keys must be stored in plain text format in order to obtain a "ticket granting ticket" this area where the tickets are resides obviously supposed be a secured area.
However this is not the case therefore most of the time this is actually a potential security risk.
In case if the plain text key could be obtained by a hacker the Kerberos authentication server in that specific realm can be comprimised fairly easily.
It is also noteable that the other issue is the actual mechanism how the Kerberos handling the keys on a multisuser computer.The keys are cached and can be obtained by other user as well who are logged into the computer network..On a single user workstation only the actual user has access to system resources however if the workstation support multiple users then it is possible for another user on the system to obtain the keys.
Some other weaknesses are also exist in the Kerberos protocol, however those vulnerabilities are too complicated to discuss without the deep understanding of the protocol and the way as it had been implemented.
5 :: Explain How does traceroute work? Now how does traceroute make sure that the packet follows the same path that a previous (with ttl - 1) probe packet went in?
First of all see traceroute works using ICMP packets. First source sends an ICMP packet with Time to Live (TTL) field as 1 to the destination address. Now intermediate router receives the packet and sees that TTL field has expired, so it sends a ICMP TTL expired reply. Now the source machine again sends the ICMP packet with TTL field as 2. This time second intermediate router replies. This process is repeated till destination is reached. That way the source can get the entire route upto destination.
6 :: Explain What are all the technical steps involved when the data transmission from server via router?
When a packet is sent out of a server, It has source and Destination IP, sorcce and destination Port no and sorce and destination Mac ID, first it is sent to the switch, The switch checks the packet whether the MAC ID is in the MAC-Address-Table if not it broad casts the message if the destination IP is not in the same segment Then it forwards the packet to the gateway (normally the router or firewall). then the router/firewall checks its routing table and access lists if it has the information about the destination IP and if it has access to the destination IP it forwards it to the next hop, and if any one of the condition fails it just drops the packet.
7 :: Explain For a small lan which class of addressing is used?
For small lan we use class-c address
Explanation:In class C ip address the first three bytes out of four are for network address while the last byte is for host address which can range from 1-254 which is smallest lan possible whereas class B has two bytes and class A has three bytes reserved for host address which increases number of hosts in those classes
Explanation:In class C ip address the first three bytes out of four are for network address while the last byte is for host address which can range from 1-254 which is smallest lan possible whereas class B has two bytes and class A has three bytes reserved for host address which increases number of hosts in those classes
8 :: Explain What does CIA stand for in security management?
Found from cisco.com,
Confidentiality, Integrity and Availability
CIA means Certified Internal Auditor.
globally accepted and recognized certificate in the field of internal audits.
Confidentiality, Integrity and Availability
CIA means Certified Internal Auditor.
globally accepted and recognized certificate in the field of internal audits.
9 :: Explain In mobile and computer and home is it possible that we see and listen person voice and activity carefully for destroying their privacy?
Yes, it can be possible by third party software in computer and 3g in mobile.In computer third software like skype can be better media of communication method.
10 :: Explain What is the role of Single Sign On in authentication technologies?
Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error, a major component of systems failure and is therefore highly desirable but difficult to implement.
single sign on is an authentication mechanism with session or cookie preservation, where in user is prompted only only once in a particular session with a computer s/he uses, and the same credentials are used across multiple platform for accessing different applications. it is like loging into your computer by authenticating to the domain controller and be able to access multiple intranet site. second example could to login to a singled wesite, and have same authentication used for different applications like forums, image gallery and email etc.
single sign on is an authentication mechanism with session or cookie preservation, where in user is prompted only only once in a particular session with a computer s/he uses, and the same credentials are used across multiple platform for accessing different applications. it is like loging into your computer by authenticating to the domain controller and be able to access multiple intranet site. second example could to login to a singled wesite, and have same authentication used for different applications like forums, image gallery and email etc.