boodera/Network Security Interview Questions

## Network Security Interview Questions
Source from Peerlyst blog - https://www.peerlyst.com/posts/cracking-the-infosec-interview-for-fun-and-profit-how-not-to-suck-and-get-usdusd-hired-usdusd-fabio-baroni?trk=search_page_search_result
**********************************************************************
How do you change your DNS settings in Linux/Windows?

What’s the difference between encoding, encryption, and hashing?
> The purpose of ENCODING is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed
> The purpose of ENCRYPTION is to transform data in order to keep it secret from others. Encryption  transforms data into another format in such a way that only specific individual(s) can reverse the transformation
> HASHING serves the purpose of ensuring integrity, i.e. making it so that if something is changed you can know that it’s changed. Technically, hashing takes arbitrary input and produce a fixed-length string that has the following attributes:
    - The same input will always produce the same output.
    - Multiple disparate inputs should not produce the same output.
    - It should not be possible to go from the output to the input.
    - Any modification of a given input should result in drastic change to the hash.

What’s more secure, SSL or HTTPS?
> SSL stands for Secure Sockets Layer and it's the standard TECHNOLOGY for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. TLS (Transport Layer Security) is just an updated, more secure, version of SSL
> HTTPS (Hyper Text Transfer PROTOCOL Secure) appears in the URL when a website is secured by an SSL certificate

Can you describe rainbow tables?
> Rainbow Tables are huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be

What is salting, and why is it used?
> A salt is simply added to make a password hash output unique even for users adopting common passwords. Its purpose is to make pre-computation based attacks unhelpful

If you had to both encrypt and compress data during transmission, which would you do first, and why?
> First encryption, then compress (save BW)

What’s the difference between symmetric and public-key cryptography?
> In symmetric encryption, you use the same key for both encryption and decryption of your data or message
> Asymmetric encryption is quite the opposite to the symmetric encryption as it uses not one key but a pair of keys: a private one and a public one

In public-key Cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?
> Encryption - Private Key | Signing - Public Key

Why is DNS monitoring important?
> DNS queries can reveal:
    - Botnets/Malware connecting to C&C servers
    - What websites visited by an employee
    - Which malicious and DGA domains were accessed
    - Which dynamic domains (DynDNS) accessed
    - DDOS attack detection like NXDomain, phantom domain. random subdomain

What port does ping work over?
> You can't ping ports, as Ping is using ICMP which doesn't have the concept of ports. Ports belong to the transport layer protocols like TCP and UDP

Do you prefer filtered ports or closed ports on your firewall?
> For small company servers or back-end systems or intranet sites, I will choose to close ports “REJECT”
    - The reason for that is because those server are not usually targeted by DDoS attacks and also because the external apps that requires to consume services hosted in the the servers can quickly report failures instead to hang the connections during minute
> If the server is used as website that can be targeted by a DDoS attacks then I will choose the “DROP” policy
    - because in this way the firewall is not going to consume CPU and bandwidth answering about the state of the port

How exactly does traceroute/tracert work at the protocol level?
> Traceroute sends ICMP echo request to the first hop in the path with the [TTL = 1].
    - The first hop DROPS this packet, because the TTL => 0, and it sends a TTL exceeded message back to the "source"(always the source).
    - The source now learns the first hop device and increments the [TTL = 2] so the packet moves to second hop...till packet reaches the destination
    - The destination sends an "echo reply" to the source....result? - - -> The source now knows the path/route/hop information to the destination and can identify them.
    - ???? So now what if Destination denies the ICMP "echo reply"
    - So UDP traceroute is used...The source using UDP traceroute sends UDP packet to an "invalid port number".
    - The source does not expect the end device to recognize this port and expects the end device to send an ICMP "port unreachable message" back to the source, suggesting it does not recognize the UDP port number it is supposed to look into........however, the "destination has been contacted" and we have the path all along the way.

Cryptographically speaking, what is the main method of building a shared secret over a public medium?
> DH-Key exchange algorithm

What’s the difference between diffie-hellman and RSA?
> DH is used to generate a shared secret in public for later symmetric ("private-key") encryption
> RSA is used to come up with a public/private key pair for asymmetric ("public-key") encryption

What kind of attack is a standard diffie-hellman exchange vulnerable to?
> Logjam attack against the TLS protocol: downgrade vulnerable TLS connections to 512-bit export-grade cryptography
**********************************************************************
	Source from Peerlyst blog - https://www.peerlyst.com/posts/cracking-the-infosec-interview-for-fun-and-profit-how-not-to-suck-and-get-usdusd-hired-usdusd-fabio-baroni?trk=search_page_search_result
	**********************************************************************
	How do you change your DNS settings in Linux/Windows?

	What’s the difference between encoding, encryption, and hashing?
	> The purpose of ENCODING is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed
	> The purpose of ENCRYPTION is to transform data in order to keep it secret from others. Encryption transforms data into another format in such a way that only specific individual(s) can reverse the transformation
	> HASHING serves the purpose of ensuring integrity, i.e. making it so that if something is changed you can know that it’s changed. Technically, hashing takes arbitrary input and produce a fixed-length string that has the following attributes:
	- The same input will always produce the same output.
	- Multiple disparate inputs should not produce the same output.
	- It should not be possible to go from the output to the input.
	- Any modification of a given input should result in drastic change to the hash.

	What’s more secure, SSL or HTTPS?
	> SSL stands for Secure Sockets Layer and it's the standard TECHNOLOGY for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. TLS (Transport Layer Security) is just an updated, more secure, version of SSL
	> HTTPS (Hyper Text Transfer PROTOCOL Secure) appears in the URL when a website is secured by an SSL certificate

	Can you describe rainbow tables?
	> Rainbow Tables are huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be

	What is salting, and why is it used?
	> A salt is simply added to make a password hash output unique even for users adopting common passwords. Its purpose is to make pre-computation based attacks unhelpful

	If you had to both encrypt and compress data during transmission, which would you do first, and why?
	> First encryption, then compress (save BW)

	What’s the difference between symmetric and public-key cryptography?
	> In symmetric encryption, you use the same key for both encryption and decryption of your data or message
	> Asymmetric encryption is quite the opposite to the symmetric encryption as it uses not one key but a pair of keys: a private one and a public one

	In public-key Cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?
	> Encryption - Private Key \| Signing - Public Key

	Why is DNS monitoring important?
	> DNS queries can reveal:
	- Botnets/Malware connecting to C&C servers
	- What websites visited by an employee
	- Which malicious and DGA domains were accessed
	- Which dynamic domains (DynDNS) accessed
	- DDOS attack detection like NXDomain, phantom domain. random subdomain

	What port does ping work over?
	> You can't ping ports, as Ping is using ICMP which doesn't have the concept of ports. Ports belong to the transport layer protocols like TCP and UDP

	Do you prefer filtered ports or closed ports on your firewall?
	> For small company servers or back-end systems or intranet sites, I will choose to close ports “REJECT”
	- The reason for that is because those server are not usually targeted by DDoS attacks and also because the external apps that requires to consume services hosted in the the servers can quickly report failures instead to hang the connections during minute
	> If the server is used as website that can be targeted by a DDoS attacks then I will choose the “DROP” policy
	- because in this way the firewall is not going to consume CPU and bandwidth answering about the state of the port

	How exactly does traceroute/tracert work at the protocol level?
	> Traceroute sends ICMP echo request to the first hop in the path with the [TTL = 1].
	- The first hop DROPS this packet, because the TTL => 0, and it sends a TTL exceeded message back to the "source"(always the source).
	- The source now learns the first hop device and increments the [TTL = 2] so the packet moves to second hop...till packet reaches the destination
	- The destination sends an "echo reply" to the source....result? - - -> The source now knows the path/route/hop information to the destination and can identify them.
	- ???? So now what if Destination denies the ICMP "echo reply"
	- So UDP traceroute is used...The source using UDP traceroute sends UDP packet to an "invalid port number".
	- The source does not expect the end device to recognize this port and expects the end device to send an ICMP "port unreachable message" back to the source, suggesting it does not recognize the UDP port number it is supposed to look into........however, the "destination has been contacted" and we have the path all along the way.

	Cryptographically speaking, what is the main method of building a shared secret over a public medium?
	> DH-Key exchange algorithm

	What’s the difference between diffie-hellman and RSA?
	> DH is used to generate a shared secret in public for later symmetric ("private-key") encryption
	> RSA is used to come up with a public/private key pair for asymmetric ("public-key") encryption

	What kind of attack is a standard diffie-hellman exchange vulnerable to?
	> Logjam attack against the TLS protocol: downgrade vulnerable TLS connections to 512-bit export-grade cryptography
	**********************************************************************