Computer security Question:

Download Job Interview Questions and Answers PDF

What is this (X) IDS signature mean?

Computer security Interview Question
Computer security Interview Question

Answer:

Pull some random URL from a log, or show them an actual snort signature to see if they really understand what the IDS system (if they are going to be a packet head as part of their job). Most good IDS folks will be able to answer this one. My favorite example is one that everyone has seen for years now, Code Red:

GET /default.ida? NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801
%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%
u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

Or my other favorite one is NetBIOS, right, unless you see a lot of winnuke anyone running a NetBIOS IDS signature on their network is looking at a mushroom cloud of activity, because windows works that way. This is a good leading question on when this signature would be used, where it would be used, and can give the interviewer a lot of good information on how the person thinks about IDS and what the IDS system is showing them. The leading part of this is that many of the windows vulnerabilities like MS06-040 should be monitored by a NetBIOS rule, and the trick is getting the interviewer down to the point where they are actually thinking about the ramifications and architectures of the rule. As an interview question this one can not be beat, but the interviewer must understand enough about how it works to keep the conversation going, otherwise the interviewer is going to get stuck really quickly if the interviewee knows what they are talking about.

Download Computer security Interview Questions And Answers PDF

Previous QuestionNext Question
What are privileges (user rights)?What is an ACL (Access Control List)?