Network Security may be the practice of preventing and avoiding intrusion to corporate networks. As a doctrine, it illuminates end point security, which is targeted on individual apparatus; network security rather concentrates on just how those apparatus socialize, and in the connective tissues between them.
Software precautionary measures to guard the inherent network infrastructure against unauthorized access, misuse, error, alteration, destruction, or improper disclosure, and thereby creating a safe platform for users, computers, and even programs to successfully execute their own enabled critical purposes within a safe atmosphere.
Network security principles
Definitions Are good as top-level statements of aim. However, how will you put out a policy for executing that vision? Stephen Northcutt composed a primer on the basic principles of network security above ten years before, however we believe that the vision of those 3 stages of network security remains relevant and ought to be the inherent frame work for the strategy. In his notification, community security includes:
- Security : You need to configure your networks and systems as properly as you can.
- Detection: You Have to be able to recognize if the setup has changed or if a network visitors suggests an issue.
- Re Action: After identifying issues fast, you need to react to these and come back to your secure condition as quickly as you can.
This, Simply speaking, is actually a defense in thickness strategy. If there’s a single Defense is harmful, as any sole defensive application can be conquered with a determined adversary. Your system is not a point or a point: it is a land, And even though a person has invaded section of it, then you still have the resources Re-group and eradicate them if you’ve organized your shield precisely.
Network Security Exam Questions And Answers
Q1. What Is A Firewall?
Answer : A Firewall is software that blocks unauthorized users from connecting to your computer. All computers at Bank Street are protected by a firewall which is monitored and updated by CIS.
Q2. What is security association?
Answer : Security association is a single way relationship between a receiver and a sender that provides security services to the traffic on it.
Q3. What is Network Security?
Answer : Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
Q4. How does network security work?
Answer : Network security combines multiple layers of defences at the edge and in the network. Each network security layer implements policies and controls. Authorized users gain access to network resources, but malicious actors are blocked from carrying out exploits and threats.
Q5. What Type Of Traffic Are You Denying At The Firewall?
Answer : There should be a default deny rule on all firewalls to disallow anything that is not explicitly permitted. This is more secure than explicitly denying certain traffic because that can create holes and oversights on some potentially malicious traffic.
Q6. Outline the 2 rules for multi-level security.
Answer: The 2- rules for multi-level security
An issue will solely browse on object of less or equal security level. This can be named as easy security property.
An issue will solely write into AN object of bigger or equal security level. This can be named as ‘*’ property
Q7. What are the different types of network security?
Answer : There are many different types of network security features are available, they are: Access control, Antivirus and antimalware software, Application security, Behavioural analytics, Data loss prevention, Email security, Firewalls, Intrusion prevention systems, Mobile device security, Network segmentation, Security information and event management, VPN, Web security, Wireless security, etc.
Q8. Define protocol
Answer : It is a set of rules that govern all aspects of information communication.
Q9. What is Intrusion prevention systems (IPS)?
Answer : An intrusion prevention system (IPS) scans network traffic to actively block attacks.
Q10. Difference between hub and switch?
Answer : A hub is a networking device that connects multiple computers together, while switch is a control unit that turns the flow of electricity in a circuit.
Q11. What is a VPN?
Answer :A virtual private network encrypts the connection from an endpoint to a network, often over the Internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to authenticate the communication between device and network.
Q12. What are the factors that affect the performance of the network?
Answer : Type of transmission media, Softwares, Number of users, Hardware.
Q13. What is Ransomware?
Answer : Ransomware is a type of malicious software, also known as malware. It encrypts a victim’s data until the attacker is paid a predetermined ransom. Typically, the attacker demands payment in a form of cryptocurrency such as bitcoin. Only then will the attacker send a decryption key to release the victim’s data.
Q14. How does ransomware work?
Answer. Ransomware is typically distributed through a few main avenues. These include email phishing, malvertising (malicious advertising), and exploit kits. After it is distributed, the ransomware encrypts selected files and notifies the victim of the required payment.
Q15. Name some user support layers?
Answer. Application layer
Presentation layer
Session layer
Q16. Can you give me some Ransomware variants?
Answer. Ransomware variants of all types are discovered through the powerful research of Talos, our world-class threat intelligence group. To find out more about recent threats such as CryptoLocker, WannaCry, TeslaCrypt, Nyetya, and more.
Q17. What Resources Are Located On Your Internal Network?
Answer : In addition to internal web, mail, and DNS servers, your internal network could also include databases, application servers, and test and development servers.
Q18. What Is Your Backup Policy?
Answer : VPNs should be used for remote access and other sensitive communication. IPSEC is a great choice for this purpose. Strong encryption protocols such as 3DES and AES should be used whenever possible. Web access to sensitive or proprietary information should
Q19. What Is The Defining Difference Between Computer Security And Information Security?
Answer : Ar 25-2
Q20. What is the use of TCP in the IP packets?
Ans. TCP is an acronym of transmission control protocol. It is used as a communications protocol in a private network.
Q21. Why Does Active Ftp Not Work With Network Firewalls?
Answer : When a user initiates a connection with the FTP server, two TCP connections are established. The second TCP connection (FTP data connection) is initiated and established from the FTP server. When a firewall is between the FTP client and server, the firewall would block the connection initiated from the FTP server since it is a connection initiated from outside. To resolve this, Passive FTP can be used or the firewall rule can be modified to add the FTP server as trusted.
Q22. How Can You Prevent A Brute Force Attack On A Windows Login Page?
Answer : Setup a account lockout for specific number of attempts, so that the user account would be locked up automatically after the specified number.
Q23. Name the types of errors?
Answer . There are two types of errors:
1. Single bit error
2. Burst error
Q24. What do you see as the objective of information security within a business or organization?
Answer : Network security should:
- Ensure uninterrupted network availability to all users
- Prevent unauthorized network access
- Preserve the privacy of all users
- Defend the networks from malware, hackers, and DDoS attacks
- Protect and secure all data from corruption and theft.
Q25. In An Icmp Address Mask Request, What Is The Attacker Looking For?
Answer : The attacker is looking for the subnet/network mask of the victim. This would help the attacker to map the internal network.
Q26. What do you use on your own personal network?
Answer: An interviewer will want to know what sort of security measures you use on your own home devices. After all, if you’re a hotshot network security expert, clearly that must be reflected in the network that means the most to you; your personal system! An employer can tell a lot about your network savviness by analyzing what measures you use for your devices.
Q27. What does VPN stand for?
Answer : VPN stands for virtual private network. It creates a secure network connection over a public network like the internet.
Q28. Which Feature On A Network Switch Can Be Used To Protect Against Cam Flooding Attacks?
Answer : Port-Security feature can be used for the same. In a cam flooding attack, the attacker sends a storm of mac-addresses (frames) with different values. The goal of the attacker is to fill up the cam table. Port-Security can be used to limit the number of mac-addresses allowed on the port.
Q29. How informed do you keep yourself on network security-related news, and how often do you check out these stories? Where do you get your security news from?
Answer :Network security incidents are big news today, and there have been many high-profile news stories about data breaches and hackers in the past few years. An employer is going to want to know how well-informed you are on the latest security news and incidents. HINT: If you don’t make it a practice of keeping abreast of the latest network security-related news, you better start now!
In terms of news sources, your best bets are Team Cymru, Twitter, or Reddit. Make sure to check the sources of accuracy, though.
Q30. What Is Srm (security Reference Monitor)?
Answer : The Security Reference Monitor is the kernel mode component that does the actual access validation, as well as audit generation.
Q31. What are the steps involved in creating the checksum?
Answer.
- Divide the data into sections
- Add the sections together using 1’s complement arithmetic
- Take the complement of the final sum.
Q32. What is ALOHA?
Answer. It is used to solve the channel allocation issue. Two types of aloha:
- Pure aloha
- Slotted aloha
Q33. Explain the difference between symmetric and asymmetric encryption.
Answer :Long story short, symmetric encryption uses the same key for both encryption and decryption, whereas asymmetric encryption employs different keys for the two processes. Symmetric isasymmetric encryption employs different keys for the two processes. Symmetric is faster for obvious reasons but requires sending the key through an unencrypted channel, which is a risk.
Q34. How Did Early Computer Security Work?
Answer : It was pretty simple- just passwords to protect one’s computer. With the innovation of the internet, however, computers have increased security with firewalls and hundreds of anti-virus programs.
Q35. Name the three means of user authentication.
Answer : There is biometrics (e.g. a thumbprint, iris scan), a token, or a password. There is also two-level authentication, which employs two of those methods.
Q36. What Is Another Name For Unsolicited E-mail Messages?
Answer : Spam
Q37. Can Police Track An Ip Address After It Has Been Changed?
Answer : Sometimes-for example, if the user has a dynamic IP address, and their IP address changes within this system as usual, it can generally be tracked. If the user uses a proxy service to make their IP address appear as if it is located in some random other IP.
Q38. You discover an active problem on your organization’s network, but it’s out of your sphere of influence. There’s no doubt that you can fix it, though; so what do you do?
Answer : While the first impulse may be to immediately fix the problem, you need to go through the proper channels. Things may be as they are for a reason. Use e-mail to notify the person in charge of that department, expressing your concerns, and asking for clarification. Make sure your boss is CC’ed into the email chain, and make sure that you save a copy for yourself, in case you need to refer to it later.
Q39. Why are internal threats usually more effective than external threats?
Answer : It all comes down to a question of physical location. A disgruntled soon to be ex-employee, a hacker posing as a deliveryman, even just a careless curious user, all end up having better access to the system due to them being on-site. Being “inside” physically makes it easier to get inside virtually.
Q40. What Is A Sid (security Id)?
Answer : SID stands for Security Identifier and is an internal value used to uniquely identify a user or a group. A SID contain * User and group security descriptors * 48-bit ID authority * Revision level * Variable sub authority values.
Q41. What is CIA?
Answer: CIA stands for Confidentiality, Integrity, and Availability. CIA is a model designed to guide the policies for information security in organizations.
Q42. What is IPS?
Answer: An IPS is a threat prevention technology that investigates all network data flow to identify and prevent malicious activity and to detect vulnerability in the network. IPS is helpful because it can be configured to detect a variety of network attacks and understand vulnerabilities in the network. IPS is usually deployed on the perimeter of the network. There are many types of IPS, some of the approaches to prevent intrusions are signature-based, anomaly-based, protocol-based and policy-based IPS.
Q43. What is Data encryption?
Answer. Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while transmission.
Q44. What are the differences among encoding, encryption and hashing?
Answer: Encoding: Basically encoding is used to protect the integrity of data as it crosses through communication network to keep its original message upon arriving. It is primarily an insecure function because it is easily reversible.
Encryption: Encryption is basically designed for confidentiality and data integrity and reversible only if you have the appropriate key
Hashing: With hashing the operation is one-way i.e. non-reversible. It takes an input (or ,message ) and returns a fixed-size string, which is called the hash value.
Q45 What Type Of Traffic Are You Denying At The Firewall?
Answer : There should be a default deny rule on all firewalls to disallow anything that is not explicitly permitted. This is more secure than explicitly denying certain traffic because that can create holes and oversights on some potentially malicious traffic.
Q46. How Do You Remove Network Security Keys?
Answer : Go to your router options on your computer and it should say remove.
Q47. In An Icmp Address Mask Request, What Is The Attacker Looking For?
Answer : The attacker is looking for the subnet/network mask of the victim. This would help the attacker to map the internal network.
Q48. How Do You Prevent Ddos Attack?
Answer : You do not have much choice, only correctly configured firewall/iptables (which is not a trivial task to do) can help you to prevent it. But there is no 100%
Q49. What is Digital Signatures ?
Answer : Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.
Q50. What Is An Ip Grabber?
Answer : An ip grabber is a program that will find the ip address of another computer. Often used by hackers.
More Network Security Exam Questions And Answers
Which Feature On A Network Switch Can Be Used To Prevent Rogue Dhcp Servers?
Answer : DHCP Snooping
Which Feature On A Cisco Ios Firewall Can Be Used To Block Incoming Traffic On A Ftp Server?
Extended ACL.
Name One Secure Network Protocol Which Can Be Used Instead Of Telnet To Manage A Router?
SSH
Provide A Reason As To Why Https Should Be Used Instead Of Http?
HTTP sends data in clear text whereas HTTPS sends data encrypted.
Why Is Ripv1 Insecure In A Network?
RIPv1 does not use a password for authentication as with RIPv2. This makes it possible to attackers to send rogue RIP packets and corrupt the routing table.
Which Protocol Does Https Uses At The Transport Layer For Sending And Receiving Data?
TCP
What Does Your Network/security Architecture Diagram Look Like?
- The physical topologies
- Logical topologies (Ethernet, ATM, 802.11, VoIP, etc.)
- Types of operating systems
- Perimeter protection measures (firewall and IDS placement, etc.)
- Types of devices used (routers, switches, etc.)
- Location of DMZs
- IP address ranges and subnets
- Use of NAT In addition, you must know where the diagram is stored and that it is regularly updated as changes are made.
What Security Measures Are In Place For In-house Developed Applications?
Any development that is taking place in house should include security from the beginning of the development process. Security needs to be a part of standard requirements and testing procedures. Code reviews should be conducted by a test team to look for vulnerabilities such as buffer overflows and backdoors. For security reasons, it is not a good idea to subcontract development work to third parties.
How Are You Monitoring For Trojans And Back Doors?
In addition to periodic vulnerability scanning, outgoing traffic should be inspected before it leaves the network, looking for potentially compromised systems. Organizations often focus on traffic and attacks coming into the network and forget about monitoring outgoing traffic. Not only will this detect compromised systems with Trojans and backdoors, but it will also detect potentially malicious or inappropriate insider activity.
What are the different layers of OSI?
- Data Link layer
- Transport layer
- Application layer
- Session layer
- Presentation layer
Explain pipelining.
When a task has begun before the previous task has ended is called Pipelining.
Which layers are referred to as network support layers?
- Data Link layer
- Physical layer
- Network layer
Define simplex with an example.
A type of communication in which data is transmitted in one direction is known as simplex. Example: Monitor
What is RIP?
RIP stands for Routing Information Protocol, which is a simple protocol used to exchange information between the routers.
What are the factors that affect the performance of the network?
- Type of transmission media
- Software
- Number of users
- Hardware
What is the difference between a wired LAN and a wireless LAN?
Wired LAN used Ethernet devices like router, hub, and switch, while wireless LAN uses devices like MiFi router and WLAN router.
Which protocols use the application layer?
- SMTP
- DNS
- TELNET
- FTP
What is an intranet?
It is a private network based on TCP/IP protocols accessible only by the company’s members or someone with authorization.
What are the different types of network security tools?
- Access control
- Antivirus and antimalware software
- Application security
- Data Loss Prevention (DLP)
- Email security
- Firewalls
- Intrusion prevention systems
- Mobile device security
- Host-based Intrusion Detection System (HIDS)
- Network Intrusion Detection System (NIDS)
- Behavioral analytics
- Network segmentation
- Virtual Private Network (VPN)
- Web security
- Wireless security
Security Mitigation Techniques
| Mitigation Method | Description |
| AAA | A group of three services (authentication, authorization, and accounting) that are |
| used in conjunction with TACACS or RADIUS to provide a secure network connec- | |
| tion with a record of user activities. | |
| Cisco ACL | An ordered list of permit and deny statements that can be applied on a Cisco |
| device to effectively determine whether a packet will be permitted or denied access | |
| to the network. | |
| SSH | A data transmission protocol that uses strong authentication and an encrypted tun- |
| nel to ensure secure communications between an SSH client and the SSH server. | |
| SSH protects otherwise-vulnerable services such as Telnet, news, and mail. | |
| SNMP | A management protocol that monitors the network and manages configurations by |
| collecting statistics to analyze network performance and ensure network security. | |
| Syslog | Log messages are collected from the Cisco device and are sent to a syslog server |
| to keep records of any network occurrences. | |
| NTP | A protocol that synchronizes clocks on the local network to provide accurate local |
| time on the user system. | |
| IPsec | A set of protocols that were developed to secure the transfer of packets at the |
| Network layer (Layer 3) of the OSI model. | |
| SSL | A protocol that provides a secure channel between two devices at the Application |
| layer (Layer 7) of the OSI model. | |
| Firewall | Either software or hardware that is installed to protect a network from outside |
| networks, such as the Internet. | |
| IPS | An active device that is inline with the traffic path on a network. An IPS listens |
| promiscuously to all incoming traffic to identify attacks, which the system | |
| can then block. | |
| IDS | A passive device that may not be inline with the traffic path on a network. An IDS |
| also listens promiscuously to all incoming traffic to generate alerts and issue TCP | |
| resets if necessary. | |