Top 50 Network Security Interview Questions You Must Prepare 19.Mar.2024

Kerberos is an authentication protocol, it is named after a dog who is according to the Greek mythology, - is said to stand at the gates of Hades.In the terms of computer networking it is a collection of software used in large networks to authenticate and establish a user's claimed identity. It is developed by MIT and using a combination of encryption as well as distributed databases so that the user can log in start a session.

It has some disadvantages though. As I said Kereberos had been developed by MIT under the project Athena, - Kerberos is designed to authenticate the end users on the servers.

When a user initiates a connection with the FTP server, two TCP connections are established. The second TCP connection (FTP data connection) is initiated and established from the FTP server. When a firewall is between the FTP client and server, the firewall would block the connection initiated from the FTP server since it is a connection initiated from outside. To resolve this, Passive FTP can be used or the firewall rule can be modified to add the FTP server as trusted.

Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, etc. Not reviewing the logs is one of the biggest mistakes an organization can make. Events of interest should be investigated daily. It can be a very tedious task for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team.

An ip grabber is a program that will find the ip address of another computer. Often used by hackers.

There should be an overall policy that establishes the direction of the organization and its security mission as well as roles and responsibilities. There can also be system-specific policies to address for individual systems. Most importantly, the policies should address the appropriate use of computing resources. In addition, policies can address a number of security controls from passwords and backups to proprietary information. There should be clear procedures and processes to follow for each policy. These policies should be included in the employee handbook and posted on a readily accessible intranet site.

Symmetric encryption requires that both parties (sender and receiver) know and have the exact same encryption key. This key is used both for encrypting and decrypting the data. Using the same encryption algorithm me that only those individuals that know or have the same key will be able to read any messages encrypted by the symmetric key.

Cryptography is the deliberate attempt to obscure or scramble the information so that only an authorized receiver can see the message. Network security may employ cryptography, but has many other tools to secure a network, including firewalls, auditing, Intrusion Detection Systems, and so forth. Cryptography would be used only when trying to keep messages secret when sending them across a network or keeping information secret in a file.

A password policy should require that a password:

  • Be at least 8 characters long
  • Contain both alphanumeric and special characters
  • Change every 60 days
  • Cannot be reused after every five cycles
  • Is locked out after 3 failed attempts In addition, you should be performing regular password auditing to check the strength of passwords; this should also be documented in the password policy.

An organization must understand how an outage could impact the ability to continue operations. For example, you must determine how long systems can be down, the impact on cash flow, the impact on service level agreements, and the key resources that must be kept running.

Your organization’s security policy should specify applications, services, and activities that are prohibited. These can include, among others:

  • Viewing inappropriate material
  • Spam
  • Peer-to-peer file sharing
  • Instant messaging
  • Unauthorized wireless devices
  • Use of unencrypted remote connections such as Telnet and FTP

It was pretty simple- just passwords to protect one's computer. With the innovation of the internet, however, computers have increased security with firewalls and hundreds of anti-virus programs.

Subnets improve network security and performance by arranging hosts into different logical groups. Subnetting is required when one network address needs to be distributed across multiple network segments. Subnetting is required when a company uses two or more types of network technologies like Ethernet and Token Ring.

Network security concentrates on the packets of information flowing between computer systems. Operating System security controls access to resources on the server itself. Therefore, the two are looking at different things in terms of security.

Yes, it can be possible by third party software in computer and 3g in mobile.In computer third software like skype can be better media of communication method.

One of the key objectives of computer security is confidentiality - information is only available to those who are supposed to have access to it. Encryption helps protect confidentiality of information trmitted over a network by (if it works as intended) making it difficult or impossible for someone who is not authorized to have the information to make sense of it if they intercept the information in trit. In cases of data stored on a network, if it is stored in encrypted form, it can make it difficult or impossible for an attacker to get anything useful from the encrypted file.

A vulnerability is a weak point in a system. This implies a risk, especially to confidential information. An exploit is a me of taking advantage of the vulnerability and using it to take advantage of a system or network. Just because something has been identified as a vulnerability doesn't mean that it has been used to compromise a system. The presence of the exploit me someone has successfully used that weakness and taken advantage of it.

The first thing you need to know to protect your network and systems is what you are protecting. You must know:

  • The physical topologies
  • Logical topologies (Ethernet, ATM, 802.11, VoIP, etc.)
  • Types of operating systems
  • Perimeter protection measures (firewall and IDS placement, etc.)
  • Types of devices used (routers, switches, etc.)
  • Location of DMZs
  • IP address ranges and subnets
  • Use of NAT In addition, you must know where the diagram is stored and that it is regularly updated as changes are made.

Only systems that are semi-public should be kept on the DMZ. This includes external web servers, external mail servers, and external DNS. A split-architecture may be used where internal web, mail, and DNS are also located on the internal network.

The three main tenets of security overall area: Confidentiality Availability Integrity.

The Security Reference Monitor is the kernel mode component that does the actual access validation, as well as audit generation

SAM stands for Security Account Manager and is the one who maintains the security database, stored in the registry under HKLMSAM. It serves the Local Security Authority (LSA) with SIDs. The SAM maintains the user account database.

Wireless access must at least use WEP with 128-bit encryption. Although this provides some security, it is not very robust, which is why your wireless network should not be used for sensitive data. Consider moving to the 802.11i standard with AES encryption when it is finalized

First of all see traceroute works using ICMP packets. First source sends an ICMP packet with Time to Live (TTL) field as 1 to the destination address. Now intermediate router receives the packet and sees that TTL field has expired, so it sends a ICMP TTL expired reply. Now the source machine again sends the ICMP packet with TTL field as @This time second intermediate router replies. This process is repeated till destination is reached. That way the source can get the entire route upto destination.

You do not have much choice, only correctly configured firewall/iptables (which is not a trivial task to do) can help you to prevent it. But there is no 100%

In addition to the content level inspection performed by the IDS, specific content inspections should also be performed on web server traffic and other application traffic. Some attacks evade detection by containing themselves in the payload of packets, or by altering the packet in some way, such as fragmentation. Content level inspection at the web server or application server will protect against attacks such as those that are tunneled in legitimate communications, attacks with malicious data, and unauthorized application usage.

Your disaster recovery plan (DRP) should include recovery of data centers and recovery of business operations. It should also include recovery of the accrual physical business location and recovery of the business processes necessary to resume normal operations. In addition, the DRP should address alternate operating sites.

The plan is no good unless it is tested at least once a year. These tests will iron out problems in the plan and make it more efficient and successful if/when it is needed. Testing can include walkthroughs, simulation, or a full out implementation.