Wednesday, April 1, 2015

Security Administrator - BASICS


1. What is a Firewall?
    Firewall is a device will acts as security layer for all incoming and outgoing traffic for a network
2. What is a gateway?
    Gateway is entry and exit point for a network.
3. Will firewall acts as a gateway?
     Yes
4. What are the basic configurations you do while configuring a new firewall?
    Configure LAN Network in the firewall
    Configure WAN Network in the firewall
    Write policies to allow internet, mail, etc.
5. What is all the firewall you handle?
    Fortigate, Juniper, Sonicwall
6. Explain few Fortigate firewall model?
    40c, 60c, 110c, 210b
7. Explain few sonic wall firewall model?
    NSA 240, NSA 2400, TZ Series
8. Explain few juniper firewall model?
    SSG Model, SRX Models
9. What is Firmware version in Fortigate?
     Fortios 4.0 or Fortios 5.0
10. What is Firmware version in Sonic Wall?
       Sonicos 5.0
11. What is Firmware version in Juniper?
       Junos 11.0
12. How do mange firewall remotely?
       By enabling HTTP or HTTPS access to wan interface
13. What is a difference between Proxy & Firewall?
       Proxy server will never acts a gateway devices but firewall acts as gateway devices
14. What is NAT?
      Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic.is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.
15. Explain Different types of NAT?
       Source NAT, Destination NAT, Static NAT
16. Tell the port no for the following
       HTTP – 80, HTTPS – 443, FTP – 20 & 21, RDP – 3389,SSH - 22,IMAP-143,SMTP – 25,POP3 – 110,MSSQL – 1433,LDAP – 389
17. Describe in general how you manage a firewall.
       Configuring firewall to acts a gateway device
       Configure firewall for Load balancing/Failover with two ISP’s
       Configure firewall for writing LAN to WAN & WAN to LAN Policies
       Configure firewall for UTM Feature
       Configure firewall as VPN Server
       Monitor Network traffic and log
18. What are the different types of Policy can be configured in firewall?
       LAN to LAN Policy, LAN to WAN Policy, WAN to LAN Policy
19. Can we set time based policy in firewall?
       Yes
20. What is the difference between router ACLs and Firewall Polices?
21. What is DMZ?
      DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data.
22. Explain a scenario in which situation we plan for DMZ?
       Server or separate Networks
23. Is it possible to terminate more than two ISP’s in a firewall?
       Yes
24. What is UTM?
      Unified Threat Management indicates you get a security solution with Anti Spam, Anti Virus, Web Filtering, Web Proxy, Mail Proxy, Content Filtering, VPN and Firewall.
25. Explain about gateway antivirus?
      A feature of network security appliances that provides integrated antivirus security on the appliance to block potential threats before reaching the network. Gateway antivirus allows corporate and enterprise to check for viruses at the application layer using a web-based scanning service.
26. What is web filter?
     Web filter is a feature in firewall to block website based on category (jobs, Politics, Web Based Email, etc…), from database provided by the firewall product vendor.
27. How web filter works?
      Web Filter works with license provided by firewall, Web filter works if the firewall is able to communicate with web filter database server provided by the firewall vendor.
28. How Application filter works?
      Application filter is same as web filter to block unwanted application getting access using the common service like HTTP, HTTPS, etc…
29. What is denial of Service attack?
      Denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks.
30. What is vulnerability test and how to you perform the test?
      Vulnerability test is a penetration test to find all the security issues in the Network, based on the test we can take action. Tools to test vulnerability is Nessus, Openvas
31. What is zero day attack prevention?
    The implications of a Zero-Day attack are that the software vendors can't address the vulnerability and patch the software prior to the vulnerability's exposure. When a Zero-Day attack gets exposed along with a newly-discovered vulnerability, it may take several weeks or months for the software vendors to create a patch. In the meantime, each computer that carries the vulnerable software is exposed to the attack.
32. Is it possible to configure firewall for User Authentication for Internet Access? Explain how
       Yes, using Identity based polices
33. Explain IPS / IDS?
      An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

Intrusionpreventionsystem is used in computer security. It provides policies and rules for network traffic along with an intrusion detection system for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted. Some compare an IPS to a combination of IDS and an application layer firewall for protection.
34. Explain the difference between trusted and untrusted networks?
     Trusted network is protected network i.e. LAN where else untrusted network is open network i.e. WAN
35. What is the difference between IPsec and SSL VPN?
    Traditional VPN's rely on IPsec (Internet Protocol Security) to tunnel between the two endpoints. IPsec works on the Network Layer of the OSI Model- securing all data that travels between the two endpoints without an association to any specific application.

SSL is a common protocol and most web browsers have SSL capabilities built in. Therefore almost every computer in the world is already equipped with the necessary "client software" to connect to an SSL VPN.
36. What is site to site VPN?
      Site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations.
37. What is SSL?
    Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
38. How do we create SSL Certificate?
      We can create SSL Certificate using Certificate Server or with service providers like godaddy, etc.
39. What is the advantage of having SSL VPN over IPsec?
      SSL VPN's have been gaining in prevalence and popularity; however they are not the right solution for every instance. Likewise, IPsec VPN's are not suited for every instance either.
40. What are the different types of VPN?
       IPsec, SSL, PPTP, L2TP
41. What requirements should a VPN fulfill?
       VPN Devices, VPN Encryption and VPN Components.
42. How many ways are there to implement VPN architecture?
43. What are the different ways authentication mechanisms in VPN?
      EAP authentication method, MS Chap Authentication method, unencrypted passwords (PAP), Shiva Password Authentication Protocol (SPAP)
44. Explain the basic of encryption in VPN?
      VPN can optionally use encryption. Traditionally it use IPSEC with an encryption method such as AES or 3DES. Encryption takes a plain text and a key and then applies an algorithm to produce a ciphertext. The keys can be static or negotiated.
45. Explain different components in PKI?
      A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
46. Explain tunneling?
      A technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.
47. Can you explain static and dynamic tunnels?
       Static Tunnel: The manually created tunnels are called Static Tunnels. Static tunnels creation is the only choice when global discovery of hosts and tunnel partners are disabled by enhancing Xpress tunnels into manually created tunnels. The priority is higher when compared with static tunnel.

Dynamic Tunnel: The tunnels that are auto-discovered are known as dynamic tunnels. Dynamic tunnels are created quickly and automatically after the Packet Shaper is reset. At the time of preventing automatic tunnel, dynamic tunnels are allowed to setup the situation.  
48. Provide an overview of various components in IPsec?
       IPsec contains the following elements:

Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity.

Authentication Header (AH): Provides authentication and integrity.

Internet Key Exchange (IKE): Provides key management and Security Association (SA) management.
49. Describe the Authentication Header (AH) Protocol?
    Authentication Header (AH) is a member of the IPsec protocol suite. AH guarantees connectionless integrity and data origin authentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets
50. What is ESP (Encapsulating Security Payload)?
     Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity, and confidentiality protection of packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
51. What is Transport and Tunnel mode?
      IPsec can be run in either tunnel mode or transport mode. Each of these modes has its own particular uses and care should be taken to ensure that the correct one is selected for the solution:

Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.

Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host
52. Explain IKE (Internet Key Exchange)
      Internet Key Exchange (IKE) is an IPsec (Internet Protocol Security) standard protocol used to ensure security for virtual private network (VPN) negotiation and remote host or network access.The IKE protocol ensures security for Security Association (SA) communication without the preconfiguration that would otherwise be required.
53. Explain IKE phases?
     IKE phase 1. IKE authenticates IPsec peers and negotiates IKE SAs during this phase, setting up a secure channel for negotiating IPsec SAs in phase 2.

IKE phase 2. IKE negotiates IPsec SA parameters and sets up matching IPsec SAs in the peers.
54. Explain IKE modes
       Main Mode&Aggressive Mode
55. Explain the features and model of the firewall in your organization?
56. What is your vision for organization security?
57. Tell me how firewall is placed in your organization?


No comments:

Post a Comment