Google News
logo
Cyber Security Interview Questions
Advantages of Cryptography
* Some techniques such as hashing, are known to preserve the integrity of the message.
* It is used to guard highly confidential information and data.
* It offers protection from users not intended to have access to a message.
* Digital signatures provide non-repudiation against disputes that arise in situations where the sender denies passing of the message.

Disadvantages of Cryptography
* It can prove to be dangerous if the system design is not properly managed.
* Sometimes, a strongly encrypted message cannot be read by even the intended or legitimate user. This has been known to happen in many cases.
* The whole concept of cryptography relies on the complexity of mathematical algorithms. What if someone breaks through the complex algorithms, the entire * cryptosystem would be vulnerable to threats.
There are two types of cryptography attacks,

* passive attacks
* active attacks
 
Passive Attacks : In a passive attack, the intruder can only see the private data but can hardly make any changes to it or alter it. Passive attacks are more dangerous because the intruder only sees the message without altering it. Then no one will ever know that an attack is taking place, and their hidden messages will no longer be hidden.
 
Snooping : Also known as message content leakage, snooping is a nonaggressive attack where the intruder can only read a message. This jeopardizes the security goal of confidentiality.


Active Attacks : In this type of attack, the intruder can alter the private data.
 
Masquerade : The intruder will try to gain as much access to the computer system as possible. Masquerade is an active attack that threatens the security goal of credibility.

Brute force attack : A brute force attack occurs when hackers use computers to feedback loop over each letter in a character set systematically. A character set can consist of letters, numbers, symbols, or anything else that the hackers may desire. In the most general terms, a brute force attack is a method of trial and error that attempts all possible password combinations. This method works well for short passwords, but it takes a long time to try all possible passwords.

Dictionary attack : It is a quick and easy password attack. Hackers generate thousands of candidate digests and their pre-matched plaintext passwords using a dictionary. These candidate digits are compared to those in a stolen digest file by hackers. If a match is found, they are given the password. Although this method appears to be feasible if done manually, computers are capable of processing millions of words in a matter of hours.
Categorized as system vulnerability, security misconfiguration is a situation when a device/application/network is misconfigured and is prone to exploited by an attacker. A few simple examples of this include leaving systems unattended in public places, sharing passwords of devices and accounts, etc.
CIA is an acronym that stands for Confidentiality, Integrity, and Availability. It is commonly known as the CIA triad. CIA is a model that specifies the guide policies for Information Security. It is one of the most popular models used by organizations.
 
Confidentiality : It specifies that the information should be accessible and readable only to authorized personnel and ensures that unauthorized personnel cannot access it. The information should be strongly encrypted so that if someone uses hacking to access the data, they cannot read or understand it.

Integrity : Integrity is used to ensure that an unauthorized entity has not modified the data. It also ensures that data should not be corrupted. If an authorized individual/system tries to modify the data and the modification should not be successful, the data reversed back and should not be corrupted.

Availability : It ensures that the data is available to the user whenever the user requires it. To achieve this, maintaining hardware, upgrading them regularly, data backups and recovery are necessary.
Traceroute is a network diagnostic tool. It helps track the route taken by a packet that is sent across the IP network. It shows the IP addresses of all the routers it pinged between the source and the destination.
 
Uses : 
* It shows the time taken by the packet for each hop during the transmission. 

* When the packet is lost during the transmission, the traceroute will identify where the point of failure is.
A list of differences between IDS and IPS :
IDS IPS
IDS stands for Intrusion Detection Systems. IPS stands for Intrusion Prevention Systems.
IDS can only detect intrusions, but it is unable to prevent intrusions. IPS can detect as well as prevent intrusions.
IDS is a monitoring system. IPS is a control system.
IDS requires a human or another system to look at the results. IPS only requires a regularly updated database with the latest threat data.
Generally, people think that threat, vulnerability and risk are the same, but there are some crucial differences between them:
 
Threat : A threat can be any form of hazard capable of destroying or stealing data, disrupting operations, or cause harm in general. Some examples of threats are Malware, phishing, data breaches, and even unethical employees etc. Any type of threat may be harmful for the organization, so; it is essential to understand threats for developing effective mitigation and making informed cyber security decisions.


Vulnerability : Vulnerability is a possible problem or a flaw in hardware, software, personnel, or procedures that can harm the organization. Threat actors can use these vulnerabilities to achieve their objectives.
 
Some examples of vulnerabilities are given below :
 
Physical vulnerabilities : Publicly exposed networking equipment is an example of Physical vulnerability.

Software vulnerabilities : buffer overflow vulnerability in a browser.

Human vulnerabilities : an employee vulnerable to phishing assaults.

Zero-day vulnerability : It is a type of vulnerability for which a remedy is not yet available.
To cope up with vulnerabilities, we have a method called Vulnerability management. It is the process of identifying, reporting and repairing vulnerabilities.


Risk : Risk is a combination of threat and vulnerability. When we combine the probability of a threat and the consequence of vulnerability, it is called a risk. Risk is the likelihood of a threat agent successfully exploiting vulnerability.
 
A formula to calculate risk :

Risk = likelihood of a threat * Vulnerability Impact

To control and manage the risk, we use a method called Risk management. It is a process of identifying all potential hazards, analyzing their impact, and determining the best course of action. This is an always running procedure used to examine the new threats and vulnerabilities regularly. By using this method, we can avoid or minimize risks. We can also accept or passed them to a third party according to the response chosen.
Basis of Comparison Symmetric Encryption Asymmetric Encryption
Encryption key Same key for encryption & decryption Different keys for encryption & decryption
Performance Encryption is fast but more vulnerable Encryption is slow due to high computation
Algorithms DES, 3DES, AES and RC4 Diffie-Hellman, RSA
Purpose Used for bulk data transmission Often used for securely exchanging secret keys
Both Encryption and Hashing are used to convert readable data into an unreadable format. The difference is that the encrypted data can be converted back to original data by the process of decryption but the hashed data cannot be converted back to original data.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
 
Firewalls have been a first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. 
 
A firewall can be hardware, software, or both.
 
Types of firewalls : 
 
Proxy firewall : An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support.
 
Stateful inspection firewall : Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.
 
Unified threat management (UTM) firewall : A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.
 
Next-generation firewall (NGFW) : Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.
 
According to Gartner, Inc.’s definition, a next-generation firewall must include :
 
* Standard firewall capabilities like stateful inspection
* Integrated intrusion prevention
* Application awareness and control to see and block risky apps
* Upgrade paths to include future information feeds
* Techniques to address evolving security threats

While these capabilities are increasingly becoming the standard for most companies, NGFWs can do more.
 
Threat-focused NGFW : These firewalls include all the capabilities of a traditional NGFW and also provide advanced threat detection and remediation. With a threat-focused NGFW you can:
 
* Know which assets are most at risk with complete context awareness
* Quickly react to attacks with intelligent security automation that sets policies and hardens your defenses dynamically
* Better detect evasive or suspicious activity with network and endpoint event correlation
* Greatly decrease the time from detection to cleanup with retrospective security that continuously monitors for suspicious activity and behavior even after initial inspection
* Ease administration and reduce complexity with unified policies that protect across the entire attack continuum