Top 10 Network Security Interview Questions

Today there are a lot of small and medium size businesses related to computer, technology and internet lacking IT resources. This should mean that the network security of those companies might not be sufficient to protect them from sophisticated internet threats.

Because of several security related issues occurring time and again, almost all big companies have started recruiting internet and network security professional.

If you are being interviewed for information security jobs, chances are high that you will get simple yet tricky questions from interviewer.

These 10 network security interview questions look very common, but are sure to provide you quick memory brush-up:

1. What port does ping work over?

Answer: Ping doesn’t utilize any port, it works using ICMP protocol( or Internet Control Message Protocol). ICMP utilizes echo request and echo response to implement ping. ICMP is different than TCP and UDP because it actually doesn’t transmit/transfer data but is rather used for testing connections or debug purposes.

ICMP is generally coupled with IP protocol.

2. What is difference between encoding encryption and hashing?

Answer: In short you implement hashing when you don’t want to get back data and encryption when you might want to get the original plain text back.

Hashing is a one way function that produces takes plaintext as input to produce a complex message digest. There’s no way to reverse hashed password provided that hashing algorithm has no flaws.

However encryption is a two way function that utilizes keys to encrypt and decrypt message. Again, Encryption can be symmetric(Same key used to encrypt/decrypt) or asymmetric(Different keys used to encrypt/decrypt).

3. If you had to encode and encrypt data what would you do first?

Answer: I would encode the data and then transform it using encryption techniques.

Encoding is a way of transforming the data so that it can be fed to a different kind of system. Thus encoding isn’t very hard to reverse. It is used for data usability and uses simple algorithms like ASCII, base64 etc.

Encryption is a way of transforming input to output using key, so that no other person without key is able to retrieve the information carried. It is used for data confidentiality and uses relatively complex algorithms like AES, blowfish etc.

4. How would you defend against CSRF?

Answer: You have to generate a random anti Cross-Site-Request-Forgery(CSRF) token for each action taken by user that might be sensitive to application currently being used. This type of token is used to make sure the originating request is from user himself and not the attacker or malicious user.

5. What do you mean by basiton host in a network? What does it do?

Answer: A basiton host is first device that is facing internet after the firewall. It is generally built to face internet to recieve attacks from potential attacker and run least number of services possible.

6. List out some common botnet ports?

Answer:  Most commonly used default IRC port is in range of 6660 to 6669 and 7000.

However, There is no such thing as common botnet ports. Most bot admins use non-standard RFC ports. So, botnet detection is possible only by looking at attempts of outbound connections made.

7. What is difference between DoS and DDoS ?

Answer: Denial of Service attack (DOS) is performed by a single computer that generally tends to exhaust processor of target machine using flaw that was discovered in webserver or database server.

Distributed Denial of Service (DDOS) attack generally uses large number of computers to send legitimate traffic(which is generally large enough) to take down a webserver.

8. What is heartbleed ?

Answer: It is a serious vulnerability discovered in OpenSSL library. Many high profile sites(like yahoo) that used older version of OpenSSL to implement SSL in their site were affected.

It allowed server side sniffing of data, leaked secret keys used by servers etc.

9.What is poodlebleed?

Answer: It is another bug discovered in 2014 in OpenSSL affecting SSL v3,0. It allowed decrypting the information that was sniffed from a secure connection.

10. What is Ghost bug ?

Answer: It is a buffer overflow vulnerability in several Linux distro with potential remote code execution risk. An attacker could execute commands only by trying to resolve garbage( or invalid)  hostname argument to a server that performs DNS resolution.

This post consists of question which tests your basics and familiarity with recent security attacks. These network security questions are must-know for anyone being interviewed for position related to information security.

But always keep in mind that knowing all of these doesn’t mean you are a know-it-all person. Having said that, knowing these basics will help you keep your confidence high.