Tuesday, September 20, 2016

SECURITY INTERVIEW QUESTIONS


SECURITY INTERVIEW QUESTIONS








1. What is Firewall?

Firewall is a software or hardware device. It's security boundary.It prevent unwanted traffic into and out of your computer or network.its perform the following operation:

Packet filtering (ACL).
Routing
and Network Address Translation (NAT).



2. What are the types of Firewall?

Packet filtering (Work in Network Layer).

Application level or Proxy (Works in Application Layer)

Circuit level firewall (works in Session Layer)

Stateful Firewall (Perform all the layers).



3. Stateful Firewall?

Stateful firewall is know as dynamic packet filtering. It's monitor the state of the active connection and use this information to determine which network packets to allow through the firewall.

Static packet filtering only the headers of the packets are checked. Attacker can change the headers and enter in to the network. but dynamic packet filter can analyze packets down to application layer.
4. Difference between PIX and ASA?

PIX: 

Dedicated Hardware Firewall.
PIX OS similar to IOS.
GUI Tool PDM that allow secure configuration, Mgmt & Monitoring.
Stateful packet filtering.
Not support web vpn (SSLVPN).
16 MB RAM

ASA: 

ASA New Firewall, Anti-malware Security Appliance.
Its include Firewall, IPS (Intrusion Prevention system), Anti-X & VPN
GUI Tool ASDM that allow secure configuration,Mgmt & Monitoring.
Stateful packet filtering.
support web vpn (SSLVPN).
64 MB RAM



5. What is packet filtering?

 Packet filtering is a process for protecting a local network form untrusted network.

Network Layer process (Set of rules) the packets are allowed or denied based on the source and destination address, port, or protocol.



6. Explain Trusted Network and Untrusted network?

Trusted Network:

Trusted network computers on trusted network transparently access the files, printer and other resources.. Access of this network define by the local network administrator.

Example : LAN


Untrusted Network:

Opposite of the trusted network. computers on untrusted network control by their owners.

Example :Internet.



7. PIX or ASA Security Levels?

security Level to find the traffic whether its trusted or untrusted.
Security level - 100 (highest possible) used by inside interface... this level is consider most trusted.

Security level -0 (lowest possible) used by outside interface...this level is consider untrusted.

Security level 1 - 99 you can you any of the interface...

DMZ security level - 50 normally administrator will configure.

typically Security Level inside-100, outside-0 & DMZ-50.



8. What is DMZ?

DMZ - Demilitarized Zone is a physical or logical subnet that contain a organization external-facing service to untrusted network (Internet).

Additional Layer of Security. External users can have only access to the equipment in the DMZ.

Services such as mail server, web server, FTP server and VOIP server (DMZ subnet).



9. What is ip spoofing or spoofed packets? how to prevented?

IP spoofing is a ip address forgery. Hackers entering from untrusted site to trusted site.

hackers find the trusted network ip address and change the packet header and entering in to the trusted sites, IP address indicating that msg is come from trusted network.

Prevent by : Crypto, IP-Sec, VPN & RSA




10.Denial-of-Service? or Distributed Denial-of-Service?

Typical connection, the user sends a msg asking the server to authenticated it. the server returns the authentication approval to the user. The user acknowledges this approval and then is allowed into the server.

In a Denial of service attack, the attacker sends batch of forged authentication request to the server. server can not find the user authentication approval. the server waits some time, server try to close the forged connections, the attacker sends a new batch of forged authentication request. At that time the machine or network resources not available for intended users.
Target - websites , service hosts.

symptoms:
unusual slow network performance
unavailability of particular websites.



11. what is syn flood?

      A syn flood is a form of denial-of-service attack in which an attacker sends syn requests to a target's system in an attempt to consume enough server resources to make the system not available for intended users.



12.What are the commands are using to Troubleshooting IPSEC VPN on ASA?

To see ISAKMP configuration: show run crypto isakmp
To see IP-Sec configuration:  show run crypto ipsec
To see crypto map configuration: show run crypto map

To see IPsec operational data:  show crypto ipsec sa

To see ISAKMP operational data: show crypto isakmp sa


Debug commands for VPN tunnels:
To debug isakmp:  debug crypto isakmp

To debug ipsec:  debug crypto ipsec

To manually clear an ISAKMP or IPSEC SA:

Clear crypto ipsec

Clear crypto isakmp


To clear isakmp or ipsec sa based on ip address or crypto map:
 To clear IPsec SA counters:  Clear crypto ipsec sa counters

 To clear IPsec SAs by entry: Clear IPsec SAs entry ip address

 To clear IPsec SAs by map:  Clear IPsec SAs map cryptomap _name

 To clear IPsec SA by peer: Clear IPsec SA peer ip address

 To clear ISAKMP SA by ipaddress : clear crypto Isakmp SA ipaddress


13. How to reset all the tunnels?

Clear crypto Isakmp sa

14. How to reset only one tunnel reset?

clear ipsec sa peer <Address of the other end of the tunnel>

clear ipsec sa peer 202.192.168.12



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)