Network Security Interview Questions and Answers

In computing, a network is a group of two or more devices that are linked in order to share resources, exchange files, or allow electronic communications. Networks are known as a medium of connections between nodes or computers. The Internet is a global network of networks.

There are several different types of networks. Computer networks can be characterized by their size, capabilities and the geographical distance they cover as well as their purpose.

Personal area network (PAN): A personal area network is a computer network organized around an individual person. Personal area networks typically involve a mobile computer, Personal area networks can be constructed with cables or wirelessly.

Local area network (LAN): This is one of the original categories of network, and one of the simplest.  LAN networks connect computers together over relatively small distances, such as within a single building or within a small group of buildings. This is often used as a computer network with a wired connection. This is perfect for internet

Metropolitan area network (MAN): This is a network which is larger than a LAN but smaller than a WAN and incorporates elements of both. It typically spans a town or city and is owned by a single person or company, such as a local council or a large company.

Wide area network (WAN): A WAN is a geographically-dispersed collection of LANs. A network device called a router connects LANs to a WAN.

Storage area network (SAN): A type of network that specializes in file sharing and other matters in storing various software within a group of computers.

Enterprise private network (EPN): This is a software network that’s often used in businesses so that they can have privacy over files and interactions between computers.

Virtual private network (VPN): A virtual private network (VPN) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet.

UUCP (Unix-to-Unix CoPy): Unix-to-Unix copy (UUCP) is a set of computer programs and protocols that allow for the remote execution of commands and the transfer of email and files between computers. Every system in a UUCP network includes neighbor systems that contain login names, passwords and phone numbers.

Inter Network: Inter Network or Internet is a combination of two or more networks. Inter network can be formed by joining two or more individual networks by means of various devices such as routers, gateways and bridges.

A protocol is a set of rules that governs the communications between computers on a network. In order for two computers to talk to each other, they must be speaking the same language.

A network protocol defines rules and conventions for communication between network devices. Rules of Network Protocol include guidelines that regulate the following characteristics of a network: access method, allowed physical topologies, types of cabling, and speed of data transfer.

The most common network protocols are:

• Ethernet
• Local Talk
• Token Ring
• FDDI
• ATM
• Fiber optic protocol
• Mime protocol
• Bluetooth protocol
• Network time protocol
• PPP Point to Point Protocol

Network topology refers to the physical or logical layout of a network. Network topology is the arrangement of the different networking elements like network links, computers, laptops, switches, nodes, Wi-Fi access points, devices and other network devices in a computer network.

Bus topology: In this, all the nodes are connected to the single backbone or bus with some medium such as twisted pair, coaxial cable etc.

Star topology: In this, all the nodes are connected to a common device known as hub. Nodes are connected with the help of twisted pair, coaxial cable or optical fiber.

Ring topology: In this, the nodes are connected in the form of a ring with the help of twisted pair cable.

Hierarchical topology (Tree topology): It is divided into different levels connected with the help of twisted pair, coaxial cable or fiber optics

Mesh topology: In this each computer is connected to every other computer in point-to-point mode. For example, if we have four computers, we must have six links. If we have n computers, we must have n(n-1)/2 links.

Hybrid topology:  this is the combination of multiple topologies, used for constructing a single large topology. The hybrid topology is created when two different network topologies are interconnected.

The network layer is the third level of the Open Systems Interconnection Model (OSI Model) and the layer that provides data routing paths for network communication. Data is transferred in the form of packets via logical network paths in an ordered format controlled by the network layer.

Physical layer (Layer1): This layer conveys the bit stream through the network at the electrical, optical or radio level. It provides the hardware means of sending and receiving data on a carrier network.

Data-link layer (Layer 2): This layer sets up links across the physical network, putting packets into network frames.

Network layer (Layer 3): This layer handles the addressing and routing of the data). IP is the network layer for the Internet.

Transport layer (Layer 4):  This layer manages packetization of data, then the delivery of the packets, including checking for errors in the data once it arrives.

Session layer (Layer 5): This layer sets up, coordinates and terminates conversations. Services include authentication and reconnection after an interruption.

Presentation layer (Layer 6): This layer is usually part of an operating system (OS) and converts incoming and outgoing data from one presentation format to another.

Application layer (Layer 7): This is the layer at which communication partners are, network capacity is assessed, and that creates a thing to send or opens the thing received.

Network security is protection of the access to files and directories in a computer network against hacking, misuse and unauthorized changes to the system.

Network security is an organization’s strategy and provisions for ensuring the security of its assets and all network traffic. Network security is manifested in an implementation of security both hardware and software technologies.

Types of network security are:

• Application security
• Email security
• Mobile device security
• Web security
• Wireless security
• Security information and event management
• Network segmentation
• Physical Security
• Intrusion prevention systems
• WPA
• Firewalls
• Intrusion prevention systems
• Behavioral analytics
• Antivirus and antimalware software
• Access control

CIA is one of the most important model which is designed to guide policies for information security within an organization. CIA means

Confidentiality: It means that only the authorized individuals/systems can view sensitive or classified information.

Integrity:  It means ensuring the modification of assets is handled in a specified and authorized manner

Availability: a state of the system in which authorized users have continuous access to said assets

Cross-Site Scripting is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser to execute the code provided by the attacker while loading the page.

NIDS (Network Intrusion Detection system) is a system that attempts to detect hacking activities, denial of service attacks or port scans on a computer network or a computer itself. The NIDS monitors network traffic and helps to detect these malicious activities by identifying suspicious patterns in the incoming packets.

The primary function of a firewall is to prevent/control traffic flow from an untrusted network (outside). A firewall is not able to detect an attack in which the data is deviating from its regular pattern, whereas an IPS can detect and reset that connection as it has inbuilt anomaly detection

OSPF (Open Shortest Path First) is a link state routing protocol (LSRP) that uses the Shortest Path First (SPF) network communication algorithm (Dijkstra’s algorithm) to calculate the shortest connection path between known devices.

The main disadvantages of OSPF are   requires more memory to hold the adjacency (list of OSPF neighbors), topology, and routing tables, OSPF requires extra CPU processing to run the SPF algorithm and OSPF  is a complex routing protocol.

Discretionary access control (DAC) is a type of security access control that grants or restricts object access via an access policy determined by an object’s owner group and/or subjects.

A Network Attached Storage (NAS) device is a storage device connected to a network that allows storage and retrieval of data from a centralized location for authorized network users and heterogeneous clients.

In computer security, Mandatory access control (MAC) is a system-enforced method of restricting access to objects based on the sensitivity of the object and the clearance of the user. B

Domain controller (DC) is a server that responds to security authentication requests within a Windows Server domain. Domain controller is a system where Active Directory is installed in which every object is stored & having roll is to provide the access of services to client who are request to access the services over domain.

A cookie is text file stored on your hard drive (more precisely in your browser folder) when you visit a website.

Session cookies: In this cookie mainly used by online shops and allow you to keep items in your basket when shopping online. These cookies expire when the browser is closed

Permanent cookies: these remain in operation, even when you have closed the browser. They remember your login details and password so you don’t have to type them in every time you use the site. The law concerning permanent cookies stipulates that they need to be deleted after a period of six months

Third-party cookies: In this cookie are installed by third parties with the aim of collecting certain information to carry out various research into behavior, demographics etc.

In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot

Data encryption translates data into another form, or code, so that only people with access to a secret key (decryption key) or password can read it. Or Data encryption ensures data safety and very important for confidential or critical data. It protects data from being read, altered or forged while transmission.

Public-key encryption is a cryptographic system that uses two keys — a public key known to everyone and a private or secret key known only to the recipient of the message. Public key encryption use public and private key for encryption and decryption.

In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know recipient’s public key.

IPS (Intrusion Prevention System) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. An Intrusion Prevention System can play a good role to protect against various network security attacks such as brute force attacks, Denial of Service (DoS) attacks, and vulnerability detection. Moreover, an IPS also ensures prevention against protocol exploits.

Tracert is a Windows utility program that can used to trace the route taken by data from the router to the destination network. It also shows the number of hops taken during the entire transmission route.

An IP address is a virtual number assigned to a computer. It’s the address used by the TCP/IP protocol to identify a machine on the network. A computer must have a unique IP address or a conflicting IP error will occur.

A rogue DHCP server can redirect IP address assignments to allow the hacker to identify and redirect the client computer to another network segment. The hacker can then sniff network traffic from the target machine

The Authentication Header (AH) protocol provides connectionless integrity, data origin authentication, and an optional anti-replay service.

ESP and AH uses IP protocol 50 and 51 respectively.

Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. Kerberos is built in to all major operating systems, including Microsoft Windows, Apple OS X, FreeBSD and Linux.

ARP (Address Resolution Protocol) is a protocol used for mapping an IP address to a computer connected to a local network LAN. Since each computer has a unique physical address called a MAC address, the ARP converts the IP address to the MAC address. This ensures each computer has a unique network identification.

GRE (Generic Routing Encapsulation) is a protocol that encapsulates packets in order to route other protocols over IP networks.

AAA (Authentication, Authorization and Accounting) used to control user’s rights to access network resources and to keep track of the activity of users over a network. The current standard by which devices or applications communicate with an AAA server is the Remote Authentication Dial-In User Service (RADIUS).

TKIP (Temporal Key Integrity Protocol) is used by WPA, Wi-Fi protected access to provide encryption services on a wireless network.

 Crypto ACL identifies the traffic that should be encrypted. A crypto ACL is not a classification in terms of standard or extended ACL. 

The priority value in the STP header is crafted lower than the actual root bridge value, which would make the STP topology change, as lower priority value packet would be elected as the root bridge.

IP spoofing attack enables an attacker to replace its identity as trusted for attacking host.

NAT means Network Address Translation, NAT helps the Private IP to route over the public Internet, its translate private IP to a public IP by one to one or many to one, PAT means Port Address Translation, its translate based on source port

Digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.

A firewall is a device or service that acts as a gate keeper, deciding what enters and exits the network. It analyzes the traffic it sees passing through it by checking the packet headers and data. Based on its configuration, the firewall then decides accordingly whether to deny or allow traffic to pass through.

SSL (Secure Sockets Layer) is the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.

TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over the Internet. TLS protocol aims primarily to provide privacy and data integrity between two communicating computer applications.

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. TLS and SSL are most widely recognized as the protocols that provide secure HTTP (HTTPS) for Internet transactions between Web browsers and Web servers.

HTTPS uses TCP at the transport layer. SSL is used for data encryption.

Here some common attacks of HTTP Attacks:

• URL interpretation
• SQL injection
• Input Validation
• Impersonation
• Buffer overflow
• Session Hijacking
• Cross-Site Scripting

Here the list of follows are:

• Update/Patch the web server software
• Update Permissions/Ownership of files
• Delete default data/scripts
• Remove or protect hidden files and directories
• Web Application and Web Server Security
• Minimize the server functionality disable extra modules
• Increase logging verboseness
• Configured to display generic error messages
• Make sure Input Validation is enforced within the code: Security QA testing
• Implement a software security policy

There are following seven attributes of Security Testing:

• Availability
• Authentication
• Authorization
• Confidentiality
• Integrity
• Non-repudiation
• Resilience

DHCP Snooping