Networks Security Interview Preparation Guide

Download PDF

ARP(ADDRESS RESOLUTION PROTOCOL) is a network layer protocol which associates the physical hardware address of a network node(commonly known as a MAC ADDRESS) to its ip address. now an ARP creates a table known as ARP CACHE/TABLE that maps ip addresses to the hardware addressess of nodes on the local network.

if based on the ip address it sees that it has the node's mac address in its ARP TABLE then transmitting to that ip address is done quicker because the destination is known and voila network traffic is reduced.

Digital signature : Information that is encrypted with an entity private key and is appended to a message to assure the recipient of the authenticity and integrity of the message. The digital signature proves that the message was signed by the entity that owns, or has access to, the private key or shared secret symmetric key.
smart cards : Smart cards help businesses evolve and expand their products and services in a rapidly changing global market. In addition to the well known commercial applications (banking, payments, access control, identification, ticketing and parking or toll collection), in recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications (secure logon and authentication of users to PC and networks, storage of digital certificates, passwords and credentials, encryption of sensitive data, wireless communication subscriber authentication, etc.)

Broadcast Domain

send the packet to all the Present Network

IT may be send by the person

it may broadcast by the switch when the address not found in the Network.

For breaking broadcast domain We can Use Router

Collision Domain:

Switch has no collision as compare to hun (layer on Device

Broadcast Domain is the area where when one device in the network sends the data or packet it will received by all the devices present over the network.

Kerberos is an authentication protocol,it is named after a dog who is according to the Greek mythology,- is said to stand at the gates of Hades.In the terms of computer networking it is a collection of softwares used in large networks to authenticate and establish a user's claimed identity.It is developed by MIT and using a combination of encryption as well as distributed databases so that the user can log in start a session.

It has some disadvanteges though.As I said Kereberos had been developed by MIT under the project Athena,- Kerberos is designed to authenticate the end users on the servers.

Kerberos is not a peer to peer system ,nor was it meant to do for one computer system's daemons to contact another computer.

There are many issues concerning to Kerberos.Namely,on most of the computer system there is no a secure area to save the keys.

It is known that a keys must be stored in plain text format in order to obtain a "ticket granting ticket" this area where the tickets are resides obviously supposed be a secured area.

However this is not the case therefore most of the time this is actually a potential security risk.

In case if the plain text key could be obtained by a hacker the Kerberos authentication server in that specific realm can be comprimised fairly easily.

It is also noteable that the other issue is the actual mechanism how the Kerberos handling the keys on a multisuser computer.The keys are cached and can be obtained by other user as well who are logged into the computer network..On a single user workstation only the actual user has access to system resources however if the workstation support multiple users then it is possible for another user on the system to obtain the keys.

Some other weaknesses are also exist in the Kerberos protocol, however those vulnerabilities are too complicated to discuss without the deep understanding of the protocol and the way as it had been implemented.

First of all see traceroute works using ICMP packets. First source sends an ICMP packet with Time to Live (TTL) field as 1 to the destination address. Now intermediate router receives the packet and sees that TTL field has expired, so it sends a ICMP TTL expired reply. Now the source machine again sends the ICMP packet with TTL field as 2. This time second intermediate router replies. This process is repeated till destination is reached. That way the source can get the entire route upto destination.

When a packet is sent out of a server, It has source and Destination IP, sorcce and destination Port no and sorce and destination Mac ID, first it is sent to the switch, The switch checks the packet whether the MAC ID is in the MAC-Address-Table if not it broad casts the message if the destination IP is not in the same segment Then it forwards the packet to the gateway (normally the router or firewall). then the router/firewall checks its routing table and access lists if it has the information about the destination IP and if it has access to the destination IP it forwards it to the next hop, and if any one of the condition fails it just drops the packet.

For small lan we use class-c address

Explanation:In class C ip address the first three bytes out of four are for network address while the last byte is for host address which can range from 1-254 which is smallest lan possible whereas class B has two bytes and class A has three bytes reserved for host address which increases number of hosts in those classes

Found from cisco.com,
Confidentiality, Integrity and Availability

CIA means Certified Internal Auditor.
globally accepted and recognized certificate in the field of internal audits.

Yes, it can be possible by third party software in computer and 3g in mobile.In computer third software like skype can be better media of communication method.

Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error, a major component of systems failure and is therefore highly desirable but difficult to implement.

single sign on is an authentication mechanism with session or cookie preservation, where in user is prompted only only once in a particular session with a computer s/he uses, and the same credentials are used across multiple platform for accessing different applications. it is like loging into your computer by authenticating to the domain controller and be able to access multiple intranet site. second example could to login to a singled wesite, and have same authentication used for different applications like forums, image gallery and email etc.

RSA is based upon public key/private key concept. For authentication one can encrypt the hash (MD5/SHA) of the data with his private key. This is known as digital signature. And secrecy is achieved by encrypting the data with the public key of the target user. Generally we dont use RSA for encryption because of key size (1024 bits). Rather a symmetric session key (128/256 bit) is established between communicating parties and is used for encryption.

RSA -- Authentication can be achieved by using nonce value (prime number).
Eg: A wanna communicate with B
The val An1 is encrypted with private key of A and then with pub key of B. so B can decrypt it and then B should send back the An1 to A stating it none other than B

Secrecy is also maintained because they use their own private keys for decryption

DAS (discretionary access control) is used by itself according to it it is access and comtrolled while mas it has to be compulsory give the access controll.

MAC is designed and enforced in the initial stages and can not be changed by entity; from a laymen angle: OS writing to BIOS is not allowed.
DAC is designed in such a way that access shall be granted based on the discretion; ex. database table access.

Classfull routing protocol is a routing protocol that strictly. follows the classfull IP like IGRP,RIP

Classless Routing A scheme which allocates blocks of Internet addresses in a way that allows summarisation into a smaller number of routing table entries.

classful routing:in this routing only ip addresses are used..subnet mask is not used.due to which it does not support subnetting and vlsm

classless uses subnet mask alos...due to which subnetting and vlsm is possible in this case

Rip v1 is classfull routing protcol
Rip v2 is classless routing protocol

multicasting is sending data(packets) to more than one computers but not all on that network

ARP -Meaning of ARP "Address Resolution Protocol", is used to map ip Network addresses to the hardware (Media Access Control sub layer) addresses used by the data link protocol. The ARP protocol operates between the network layer and the data link layer in the Open System Interconnection (osi) model.


RARP-RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol (ARP) table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use. RARP is available for Ethernet, Fiber Distributed-Data Interface, and token ring LANs.

Restricting the users from accessing a set of services within the local area network is called port blocking.

we,ll give you the fine example its nothing but we have to block the switch port with particular maC address..for example we have 8-port switch ,in that first port we connected a machine that belongs to this mac address {4e5a.23bf.34ae.9a4c} and we block the switch port with this mac address for instance you unplug the original host and plug the other one now your new machine will be prevented from accessing switch port thats the idea.... so if u enabling port blocking command in a switch only particular machine or intented machine allow to use access ,other machine will be restricted... port blocking is used for security purpose...otherwise some intruders enter into your company and destroy your lan with single laptop thats it

The unique number will be generated by MD5, if it is tamped with someone, the value will be changed so you know you are tampered

(a) OSPF has two primary characteristics. The first is that the protocol is open, which means that its specification is in the public domain. The OSPF specification is published as Request For Comments (RFC) 1247.

The second principal characteristic is that OSPF is based on the SPF algorithm, which sometimes is referred to as the Dijkstra algorithm, named for the person credited with its creation.

(b)OSPF is a link-state routing protocol that calls for the sending of link-state advertisements (LSAs) to all other routers within the same hierarchical area. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm to calculate the shortest path to each node.

Ospf: Open Shortest Path First.
It Uses SPF(Dijkstra) algorithm and selects the Loopfree path. It is a purely classless Routing protocol(ie sends mask along with the ip address)
It supports SLSM, VLSM, Discontinuous Networks. and the hope count is Unlimited. It is Having Complex Configuration Including Area, Process id, Wild card mask. The metric used is bandwidth(10raise to8/Bandwidth). Administrative Distance is 110