1. What is a Firewall?
Firewall is a device will acts as security layer for all incoming and outgoing traffic for a network
Firewall is a device will acts as security layer for all incoming and outgoing traffic for a network
2. What is a gateway?
Gateway is entry and exit point for a network.
Gateway is entry and exit point for a network.
3. Will firewall acts as a
gateway?
Yes
Yes
4. What are the basic
configurations you do while configuring a new firewall?
Configure LAN Network in the firewall
Configure WAN Network in the firewall
Write policies to allow internet, mail, etc.
Configure LAN Network in the firewall
Configure WAN Network in the firewall
Write policies to allow internet, mail, etc.
5. What is all the firewall you
handle?
Fortigate, Juniper, Sonicwall
Fortigate, Juniper, Sonicwall
6. Explain few Fortigate firewall
model?
40c, 60c, 110c, 210b
40c, 60c, 110c, 210b
7. Explain few sonic wall firewall
model?
NSA 240, NSA 2400, TZ Series
NSA 240, NSA 2400, TZ Series
8. Explain few juniper firewall
model?
SSG Model, SRX Models
SSG Model, SRX Models
9. What is Firmware version in
Fortigate?
Fortios 4.0 or Fortios 5.0
Fortios 4.0 or Fortios 5.0
10. What is Firmware version in
Sonic Wall?
Sonicos 5.0
Sonicos 5.0
11. What is Firmware version in
Juniper?
Junos 11.0
Junos 11.0
12. How do mange firewall
remotely?
By enabling HTTP or HTTPS access to wan interface
By enabling HTTP or HTTPS access to wan interface
13. What is a difference between
Proxy & Firewall?
Proxy server will never acts a gateway devices but firewall acts as gateway devices
Proxy server will never acts a gateway devices but firewall acts as gateway devices
14. What is NAT?
Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic.is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.
Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic.is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.
15. Explain Different types of
NAT?
Source NAT, Destination NAT, Static NAT
Source NAT, Destination NAT, Static NAT
16. Tell the port no for the
following
HTTP – 80, HTTPS – 443, FTP – 20 & 21, RDP – 3389,SSH - 22,IMAP-143,SMTP – 25,POP3 – 110,MSSQL – 1433,LDAP – 389
HTTP – 80, HTTPS – 443, FTP – 20 & 21, RDP – 3389,SSH - 22,IMAP-143,SMTP – 25,POP3 – 110,MSSQL – 1433,LDAP – 389
17. Describe in general how you
manage a firewall.
Configuring firewall to acts a gateway device
Configure firewall for Load balancing/Failover with two ISP’s
Configure firewall for writing LAN to WAN & WAN to LAN Policies
Configure firewall for UTM Feature
Configure firewall as VPN Server
Monitor Network traffic and log
Configuring firewall to acts a gateway device
Configure firewall for Load balancing/Failover with two ISP’s
Configure firewall for writing LAN to WAN & WAN to LAN Policies
Configure firewall for UTM Feature
Configure firewall as VPN Server
Monitor Network traffic and log
18. What are the different types
of Policy can be configured in firewall?
LAN to LAN Policy, LAN to WAN Policy, WAN to LAN Policy
LAN to LAN Policy, LAN to WAN Policy, WAN to LAN Policy
19. Can we set time based policy
in firewall?
Yes
Yes
20. What is the difference between
router ACLs and Firewall Polices?
21. What is DMZ?
DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data.
DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data.
22. Explain a scenario in which
situation we plan for DMZ?
Server or separate Networks
Server or separate Networks
23. Is it possible to terminate
more than two ISP’s in a firewall?
Yes
Yes
24. What is UTM?
Unified Threat Management indicates you get a security solution with Anti Spam, Anti Virus, Web Filtering, Web Proxy, Mail Proxy, Content Filtering, VPN and Firewall.
Unified Threat Management indicates you get a security solution with Anti Spam, Anti Virus, Web Filtering, Web Proxy, Mail Proxy, Content Filtering, VPN and Firewall.
25. Explain about gateway
antivirus?
A feature of network security appliances that provides integrated antivirus security on the appliance to block potential threats before reaching the network. Gateway antivirus allows corporate and enterprise to check for viruses at the application layer using a web-based scanning service.
A feature of network security appliances that provides integrated antivirus security on the appliance to block potential threats before reaching the network. Gateway antivirus allows corporate and enterprise to check for viruses at the application layer using a web-based scanning service.
26. What is web filter?
Web filter is a feature in firewall to block website based on category (jobs, Politics, Web Based Email, etc…), from database provided by the firewall product vendor.
Web filter is a feature in firewall to block website based on category (jobs, Politics, Web Based Email, etc…), from database provided by the firewall product vendor.
27. How web filter works?
Web Filter works with license provided by firewall, Web filter works if the firewall is able to communicate with web filter database server provided by the firewall vendor.
Web Filter works with license provided by firewall, Web filter works if the firewall is able to communicate with web filter database server provided by the firewall vendor.
28. How Application filter works?
Application filter is same as web filter to block unwanted application getting access using the common service like HTTP, HTTPS, etc…
Application filter is same as web filter to block unwanted application getting access using the common service like HTTP, HTTPS, etc…
29. What is denial of Service
attack?
Denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks.
Denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks.
30. What is vulnerability test and
how to you perform the test?
Vulnerability test is a penetration test to find all the security issues in the Network, based on the test we can take action. Tools to test vulnerability is Nessus, Openvas
Vulnerability test is a penetration test to find all the security issues in the Network, based on the test we can take action. Tools to test vulnerability is Nessus, Openvas
31. What is zero day attack
prevention?
The implications of a Zero-Day attack are that the software vendors can't address the vulnerability and patch the software prior to the vulnerability's exposure. When a Zero-Day attack gets exposed along with a newly-discovered vulnerability, it may take several weeks or months for the software vendors to create a patch. In the meantime, each computer that carries the vulnerable software is exposed to the attack.
The implications of a Zero-Day attack are that the software vendors can't address the vulnerability and patch the software prior to the vulnerability's exposure. When a Zero-Day attack gets exposed along with a newly-discovered vulnerability, it may take several weeks or months for the software vendors to create a patch. In the meantime, each computer that carries the vulnerable software is exposed to the attack.
32. Is it possible to configure
firewall for User Authentication for Internet Access? Explain how
Yes, using Identity based polices
Yes, using Identity based polices
33. Explain IPS / IDS?
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
Intrusionpreventionsystem is used in computer security. It provides policies and rules for network traffic along with an intrusion detection system for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted. Some compare an IPS to a combination of IDS and an application layer firewall for protection.
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
Intrusionpreventionsystem is used in computer security. It provides policies and rules for network traffic along with an intrusion detection system for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted. Some compare an IPS to a combination of IDS and an application layer firewall for protection.
34. Explain the difference between
trusted and untrusted networks?
Trusted network is protected network i.e. LAN where else untrusted network is open network i.e. WAN
Trusted network is protected network i.e. LAN where else untrusted network is open network i.e. WAN
35. What is the difference between
IPsec and SSL VPN?
Traditional VPN's rely on IPsec (Internet Protocol Security) to tunnel between the two endpoints. IPsec works on the Network Layer of the OSI Model- securing all data that travels between the two endpoints without an association to any specific application.
SSL is a common protocol and most web browsers have SSL capabilities built in. Therefore almost every computer in the world is already equipped with the necessary "client software" to connect to an SSL VPN.
Traditional VPN's rely on IPsec (Internet Protocol Security) to tunnel between the two endpoints. IPsec works on the Network Layer of the OSI Model- securing all data that travels between the two endpoints without an association to any specific application.
SSL is a common protocol and most web browsers have SSL capabilities built in. Therefore almost every computer in the world is already equipped with the necessary "client software" to connect to an SSL VPN.
36. What is site to site VPN?
Site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations.
Site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations.
37. What is SSL?
Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
38. How do we create SSL
Certificate?
We can create SSL Certificate using Certificate Server or with service providers like godaddy, etc.
We can create SSL Certificate using Certificate Server or with service providers like godaddy, etc.
39. What is the advantage of
having SSL VPN over IPsec?
SSL VPN's have been gaining in prevalence and popularity; however they are not the right solution for every instance. Likewise, IPsec VPN's are not suited for every instance either.
SSL VPN's have been gaining in prevalence and popularity; however they are not the right solution for every instance. Likewise, IPsec VPN's are not suited for every instance either.
40. What are the different types
of VPN?
IPsec, SSL, PPTP, L2TP
IPsec, SSL, PPTP, L2TP
41. What requirements should a VPN
fulfill?
VPN Devices, VPN Encryption and VPN Components.
VPN Devices, VPN Encryption and VPN Components.
42. How many ways are there to
implement VPN architecture?
43. What are the different ways
authentication mechanisms in VPN?
EAP authentication method, MS Chap Authentication method, unencrypted passwords (PAP), Shiva Password Authentication Protocol (SPAP)
EAP authentication method, MS Chap Authentication method, unencrypted passwords (PAP), Shiva Password Authentication Protocol (SPAP)
44. Explain the basic of
encryption in VPN?
VPN can optionally use encryption. Traditionally it use IPSEC with an encryption method such as AES or 3DES. Encryption takes a plain text and a key and then applies an algorithm to produce a ciphertext. The keys can be static or negotiated.
VPN can optionally use encryption. Traditionally it use IPSEC with an encryption method such as AES or 3DES. Encryption takes a plain text and a key and then applies an algorithm to produce a ciphertext. The keys can be static or negotiated.
45. Explain different components
in PKI?
A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
46. Explain tunneling?
A technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.
A technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.
47. Can you explain static and
dynamic tunnels?
Static Tunnel: The manually created tunnels are called Static Tunnels. Static tunnels creation is the only choice when global discovery of hosts and tunnel partners are disabled by enhancing Xpress tunnels into manually created tunnels. The priority is higher when compared with static tunnel.
Dynamic Tunnel: The tunnels that are auto-discovered are known as dynamic tunnels. Dynamic tunnels are created quickly and automatically after the Packet Shaper is reset. At the time of preventing automatic tunnel, dynamic tunnels are allowed to setup the situation.
Static Tunnel: The manually created tunnels are called Static Tunnels. Static tunnels creation is the only choice when global discovery of hosts and tunnel partners are disabled by enhancing Xpress tunnels into manually created tunnels. The priority is higher when compared with static tunnel.
Dynamic Tunnel: The tunnels that are auto-discovered are known as dynamic tunnels. Dynamic tunnels are created quickly and automatically after the Packet Shaper is reset. At the time of preventing automatic tunnel, dynamic tunnels are allowed to setup the situation.
48. Provide an overview of various
components in IPsec?
IPsec contains the following elements:
Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity.
Authentication Header (AH): Provides authentication and integrity.
Internet Key Exchange (IKE): Provides key management and Security Association (SA) management.
IPsec contains the following elements:
Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity.
Authentication Header (AH): Provides authentication and integrity.
Internet Key Exchange (IKE): Provides key management and Security Association (SA) management.
49. Describe the Authentication
Header (AH) Protocol?
Authentication Header (AH) is a member of the IPsec protocol suite. AH guarantees connectionless integrity and data origin authentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets
Authentication Header (AH) is a member of the IPsec protocol suite. AH guarantees connectionless integrity and data origin authentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets
50. What is ESP (Encapsulating
Security Payload)?
Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity, and confidentiality protection of packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity, and confidentiality protection of packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
51. What is Transport and Tunnel
mode?
IPsec can be run in either tunnel mode or transport mode. Each of these modes has its own particular uses and care should be taken to ensure that the correct one is selected for the solution:
Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.
Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host
IPsec can be run in either tunnel mode or transport mode. Each of these modes has its own particular uses and care should be taken to ensure that the correct one is selected for the solution:
Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.
Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host
52. Explain IKE (Internet Key
Exchange)
Internet Key Exchange (IKE) is an IPsec (Internet Protocol Security) standard protocol used to ensure security for virtual private network (VPN) negotiation and remote host or network access.The IKE protocol ensures security for Security Association (SA) communication without the preconfiguration that would otherwise be required.
Internet Key Exchange (IKE) is an IPsec (Internet Protocol Security) standard protocol used to ensure security for virtual private network (VPN) negotiation and remote host or network access.The IKE protocol ensures security for Security Association (SA) communication without the preconfiguration that would otherwise be required.
53. Explain IKE phases?
IKE phase 1. IKE authenticates IPsec peers and negotiates IKE SAs during this phase, setting up a secure channel for negotiating IPsec SAs in phase 2.
IKE phase 2. IKE negotiates IPsec SA parameters and sets up matching IPsec SAs in the peers.
IKE phase 1. IKE authenticates IPsec peers and negotiates IKE SAs during this phase, setting up a secure channel for negotiating IPsec SAs in phase 2.
IKE phase 2. IKE negotiates IPsec SA parameters and sets up matching IPsec SAs in the peers.
54. Explain IKE modes
Main Mode&Aggressive Mode
Main Mode&Aggressive Mode
55. Explain the features and model
of the firewall in your organization?
56. What is your vision for
organization security?
57. Tell me how firewall is placed
in your organization?
No comments:
Post a Comment