Cyber security Interview questions
How do you change your DNS settings in Linux/Windows?
In Linux you would change the netplan and in windows you would change it in the IPV4 settings.
Who are the biggest direct competitors to Splunk?
logstash, Loggly, Loglogic, sumo logic etc.
How do you prevent data loss and server interruptions.
1. I would backup the data regularly with a full back up on Monday and differential backups everyday 2. I would make sure it is in a file format suitable for data such as NFTS 3. I would make sure that all patches to the systems are applied 4. I would make sure to install UPS's for powr failure situations 5. I would make sure that the systems are in a dry cool place 6. I would try to load balance sytems I could to make sure that it isn't over taxed 7. I also would practice disk maintenance if I notice a harddrive malfunctioning Ill go through the steps to replace it.
Describe the process of a TLS session being set up when someone visits a secure website.
1. The sends a "client hello" message requesting a connection and presents a list of supported cipher suites (a set of encryption algorithms used to establish a secure connection) and a random string of bytes (known as the "client random"). 2. The server responds with a "server hello" message containing the chosen TLS protocol version (1.0, 1.2, etc.), the chosen cipher suite, and a random string of bytes (known as the "server random"). 3. The server sends its SSL certificate to the client for authentication. The client authenticates the server by verifying the SSL certificate, and can also send a certificate for authentication if requested by the server. 4. The client sends a second string of random bytes, the "premaster secret." The client uses asymmetric cryptography to generate a public key from the server's security certificate, which is then used to encrypt the premaster secret. The premaster secret can only be decrypted with the private key by the server. 5. The server decrypts the premaster secret with the private key. 6. Both client and server generate session keys from the client random, the server random, and the premaster secret. 7. The client sends a "finished" message that has been encrypted with a session key. 8. The server responds with a "finished" message that has been encrypted with a session key. 9. The client and server have successfully achieved secure symmetric encryption, meaning the handshake is complete and communication can continue with the established session keys.
What are your first three steps when securing a Linux server?
1. Update the server 2. Disable the root access via SSH 3. Change your SSH Port 4. If it is public facing I would Use SSH Key-based Logins 5. Enable your firewall 6. Check for open ports 7. Install Fail2Ban 8. Disable responding's to pings 9. Read your logs
Give some examples of web server vulnerabilities and how to prevent them.
1. You can prevent most web server vulnerabilities by keeping up with updates and security patches. SQL injection attacks occurs when attacker inserts malicious SQL statements into form fields and other injection points, with the intention of gathering information from and controlling the database. · To prevent it you must use Prepared statements with parameterized queries can mitigate SQL-related web application vulnerabilities. A prepared statement helps to sanitize the input and ensures that it is considered as a string literal in SQL rather than as part of the SQL query. · Migrating to Object Relational Mapping Tools (ORMs) is another option. · Use LIMIT and other SQL controls within your queries so that even if an SQL injection attack does occur, it can prevent the mass disclosure of records. Cross-site scripting or XSS is one of the most popular web application vulnerabilities that could put your users' security at risk. These attacks inject malicious code into the running application and executes it on the client-side. They are used in order to send this malicious code to other users, sometimes infecting their devices with malware or stealing sensitive information. · Use frameworks such as AngularJS, React JS, and Ruby on Rails are some of the latest, most effective frameworks to prevent these web application vulnerabilities. These frameworks can automatically escape user input and help mitigate XSS attacks by design, although they do have limitations. · Implement a whitelist instead of a blacklist because a attacker can bypass blacklist. · Implement output encoding. This involves converting untrusted user input into a safe form so the input is displayed to the user as data without being executed as code in the browser. This means that special characters will be translated into an equivalent form that the browser will no longer find significant. · apply context-sensitive encoding · Enable a Content Security Policy (CSP), which can be very effective to help mitigate Cross-Site Scripting vulnerabilities. Authentication failure due improper implementation of adequate user authentication controls. · Allow enough time for developers to test the code before it gets deployed to production. · Avoid deploying with default credentials, especially for admins. · Implement multi-factor authentication to make your system less vulnerable to the attacks · Avoid unnecessarily restricting input size. If you allow more characters, there are fewer chances for attackers to guess the right password. · Put a limitation or delay on failed login attempts. Make sure you log all failures and notify administrators when there's an attack attempt. · Have some form of lockout in place to prevent brute force attacks and minimize these web application vulnerabilities. Security misconfigurations provide attackers with an easy way into your website, making it one of the most critical web application vulnerabilities that you need to prevent. · Make sure you use encrypted (HTTPS) connections to transfer data and information between the users and the application. · Perform all remote admin tasks through secured channels to minimize these web application vulnerabilities. Even if you do have to use protocols that don't support strong encryption, make sure you activate them over a secondary encryption channel such as IPSEC, or TLS · Implement a monitoring tool · Keep your platform minimal and avoid adding unnecessary features, samples, documentation, and components. Broken Access Control (Authorization Failure) · Maintain a security-first policy when developing and configuring software. · Except for public resources, deny access by default. · Instead of letting users freely create, read, modify, or delete any record, use model access controls to enforce record ownership. Remove their ability to read or modify data from other users. · Apply protection for all data and across all levels of access privileges · Disable webserver directory listing and also prevent web roots from storing backup files and file metadata.
1.What is the difference between IDS and IPS?
1.IDS stands for Intrusion Detection System. It is used to detect intrusions, and it warns administrators to be careful while preventing the intrusion. IPS stands for Intrusion Prevention System, and it facilitates the system to find the intrusion and prevent it.
What is a Firewall? What is the usage of it?
A Firewall can be defined as a network security system set on the boundaries of the system/network and is used to monitor and control the network traffic. The main usage of Firewalls is to protect the system/network from viruses, worms, malware, threats etc. Firewalls can also be used to prevent remote access and content filtering. A firewall serves as a barrier between a LAN and the Internet. It allows private resources to remain private while reducing security threats. It manages both inbound and outbound network traffic.
What do you understand by a botnet?
A botnet can be defined as a collection of infected internet-connected devices, such as servers, PCs, and mobile phones. These devices are infected with malware and controlled by it. The primary motive of a botnet is to steal data, send spam, launch distributed denial-of-service (DDoS) attacks, etc. It can also provide the user access to the device and its connection.
What is a cybersecurity risk assessment?
A cybersecurity risk assessment refers to detecting the information assets that are prone to cyber-attacks(including customer data, hardware, laptop, etc.) and also evaluates various risks that could affect those assets. It is mostly performed to identify, evaluate, and prioritize risks across organizations. The best way to perform cybersecurity risk assessment is to detect: Relevant threats in your organization Internal and external vulnerabilities Evaluate vulnerabilities impact if they are exploited
What is the difference between Symmetric and Asymmetric Encryption in Cyber security?
A list of differences between Symmetric and Asymmetric Encryption in Cyber security: Comparison Index Symmetric Encryption Asymmetric Encryption Encryption key- Symmetric Encryption uses the same key for Encryption & decryption. Asymmetric Encryption uses different keys for Encryption & decryption. Performance- Performance Encryption is fast but more vulnerable in Symmetric Encryption. Encryption is slow due to high computation in Asymmetric Encryption. Algorithms- It uses the algorithms such as DES, 3DES, AES and RC4. It uses the algorithms such as Diffie-Hellman, RSA Purpose- It is mainly used for bulk data transmission. It is most often used for securely exchanging secret keys.
What do you mean by a Null Session?
A null session occurs when a user is not authorized using either a username or a password. It can provide a security concern for apps because it implies that the person making the request is unknown.
What is a three-way handshake process?
A three-way handshake process is used in TCP (Transmission Control Protocol) network for the transmission of data in a reliable way between the host and the client. It's called a three-way handshake because three segments are exchanged between the server and the client. SYN: The client wants to establish a connection with the server, and sends a segment with SYN(Synchronize Sequence Number) to the server if the server is up and has open ports. SYN + ACK: The server responds to the client request with SYN-ACK signal bits set if it has open ports. ACK: The client acknowledges the response of a server and sends an ACK(Acknowledgment) packet back to the server.
What form of cookie might be used in a spyware attack?
A tracking cookie, instead of a session cookie, would be used in a spyware attack because it would last through multiple sessions rather than just one.
What is the difference between virus and worm?
A virus is a piece of harmful executable code that is attached to another executable file and can modify or erase data. When a virus-infected computer application executes, it takes action such as removing a file from the computer system. Viruses can't be managed from afar. Worms are comparable to viruses in that they do not alter the program. It continues to multiply itself, causing the computer system to slow down. Worms can be manipulated with remote control. Worms' primary goal is to consume system resources.
What do you mean by Active reconnaissance?
Active reconnaissance is a type of computer assault in which an intruder interacts with the target system in order to gather information about weaknesses. Port scanning is commonly used by attackers to detect vulnerable ports, after which they exploit the vulnerabilities of services linked with open ports. This could be done using automatic scanning or manual testing with tools like ping, traceroute, and netcat, among others. This sort of recon necessitates interaction between the attacker and the victim. This recon is faster and more precise, but it generates far more noise. Because the attacker must engage with the target in order to obtain information, the recon is more likely to be detected by a firewall or other network security device.
What do you mean by ARP poisoning?
Address Resolution Protocol Poisoning is a sort of cyber-attack that uses a network device to convert IP addresses to physical addresses. On the network, the host sends an ARP broadcast, and the receiver machine responds with its physical address. It is the practice of sending bogus addresses to a switch so that it can associate them with the IP address of a legitimate machine on the network and hijack traffic.
A staff member subscribes to a number of free online IT magazines. Among the questions she was asked in order to activate her subscriptions, one magazine asked for her month of birth, a second asked for her year of birth, and a third asked for her mother's maiden name. What do you think might be going on here?
All three magazines probably have the same parent company or are distributed through the same service. The parent company or service can combine individual pieces of seemingly harmless information and use it or sell it for identity theft.
A friend sends an electronic e-greeting card (e-card) to your work email. You need to click on the attachment to see the card. What should you do?
Answer: Delete the message: This one has four big risks: 1. Some attachments contain viruses or other malicious programs, so just in general, it's risky to open unknown or unsolicited attachments. 2. Also, in some cases just clicking on a malicious link can infect a computer, so unless you are sure a link is safe, don't click on it. 3. Email addresses can be faked, so just because the email says it is from someone you know, you can't be certain of this without checking with the person. 4. Finally, some websites and links look legitimate, but they're really hoaxes designed to steal your information.
What do you understand by VA (Vulnerability Assessment) and PT (Penetration Testing)?
As the name specifies, VA or Vulnerability Assessment is the process of finding vulnerabilities or flaws on the target. In this process, the organization already knows that their system/network has flaws or weaknesses and wants to find these flaws and prioritize fixing them. PT or Penetration Testing is the process of deep searching and finding vulnerabilities on the target. In this process, the organizations set up all the possible security measures they could think of and test if there is any other way their system/network can be hacked.
Think back to a time when you were faced with a problem that required "outside the box" thinking to come up with a solution. What was the situation and your solution? How did this solution differ from a normal solution?
At my internship they wanted to find a solution to store security logs from Elastic. I was tasked at finding a storage solution for the company's security logs from Elastic. I tested a MINIO solution bare metal but the bare metal install didn't work properly. So I then looked into setting it up in docker. I went through the steps of making sure it could be reached on the network and it had the CA-certificates for security purposes. I then created a PowerPoint with my findings and found that it was cheaper to host their own instead of a cloud based solution. I also was able to bring cost from $67,000 from using cloud and 21,000 from hardware cost since I was able to get the system to run on old unused server they had before. I learned that docker could be useful for certain programs and looking into cost comparison closely will be able to give the company a clear decision.
What are the common methods of authentication for network security?
Biometrics - It is a known and registered physical attribute of a user specifically used for verifying their identity. Token - A token is used for accessing systems. It makes it more difficult for hackers to access accounts as they have long credentials. Transaction Authentication - A one-time pin or password is used in processing online transactions through which they verify their identity. Multi-Factor Authentication - It's a security system that needs more than one method of authentication. Out-of-Band Authentication - This authentication needs two different signals from two different channels or networks. It prevents most of the attacks from hacking and identity thefts in online banking.
What do you understand by Black Hat Hackers, White Hat Hackers and Grey Hat Hackers?
Black Hat Hackers: Black Hat Hackers are the most critical types of hackers. They attempt to obtain unauthorized access to a system to disrupt its operations or steal sensitive and important data. Black Hat Hackers are also known as crackers. Black Hat Hacking is always illegal due to its malicious aim. The main purpose of Black Hat Hacking is to steal company data, violate privacy, cause system damage, block network connections, etc. White Hat Hackers: White Hat Hackers are used to accessing the system for penetration testing and vulnerability assessments. They never intend to harm the system; rather, than strive to uncover holes in a computer or network system. White Hat Hackers are also referred to as Ethical Hackers. Hacking done by White Hat Hackers is called Ethical hacking. It is not a crime, and it is considered one of the most difficult professions in the IT business. Many businesses hire ethical hackers to do penetration tests and vulnerability assessments. Grey Hat Hackers: Grey Hat Hackers are a combination of Black Hat Hackers and White Hat Hackers. They use elements of both black and white hat hacking techniques. They are supposed to act without malice, but for the sake of amusement, they can exploit the security flaw in a computer system or network without the permission or knowledge of the owner. The main goal of Grey Hat Hackers is to draw the owners' attention to the security flaw or hole in the network in the hope of receiving gratitude or a reward.
What do you understand by Brute Force Attack? How can you prevent it?
Brute Force Attack is a method of finding the right credentials by repetitively trying all the permutations and combinations of possible credentials. Brute Force Attacks are automated in most cases where the tool/software automatically tries to log in with a list of possible credentials. Following is a list of some ways to prevent Brute Force Attacks: Password Length: The length of a password is an important aspect to make it hard to crack. You can specify to set at least a minimum length for the password. The lengthier the password, the harder it is to find. Password Complexity: You can include different characters formats in the password to make brute force attacks harder. Using the combination of alpha-numeric keywords along with special characters and upper and lower case characters can increase the password complexity making it difficult to be cracked. Limiting Login Attempts: You can make the password hard for brute force attacks by setting a limit on login failures. For example, you can set the limit on login failures as 5. So, when there are five consecutive login failures, the system will restrict the user from logging in for some time or send an Email or OTP to log in the next time. Because brute force is an automated process, limiting login attempts will break the brute force process.
What do you understand by CIA triad?
CIA is an acronym that stands for Confidentiality, Integrity, and Availability. It is commonly known as the CIA triad. CIA is a model that specifies the guide policies for Information Security. It is one of the most popular models used by organizations. Confidentiality: It specifies that the information should be accessible and readable only to authorized personnel and ensures that unauthorized personnel cannot access it. The information should be strongly encrypted so that if someone uses hacking to access the data, they cannot read or understand it. Integrity: Integrity is used to ensure that an unauthorized entity has not modified the data. It also ensures that data should not be corrupted. If an authorized individual/system tries to modify the data and the modification should not be successful, the data reversed back and should not be corrupted. Availability: It ensures that the data is available to the user whenever the user requires it. To achieve this, maintaining hardware, upgrading them regularly, data backups and recovery are necessary.
How to prevent CSRF attacks?
CSRF is referred to as Cross-site Request Forgery, where an attacker tricks a victim into performing actions on their behalf. CSRF attacks can be prevented by using the following ways: Employing the latest antivirus software which helps in blocking malicious scripts. While authenticating to your banking site or performing any financial transactions on any other website do not browse other sites or open any emails, which helps in executing malicious scripts while being authenticated to a financial site. Never save your login/password within your browser for financial transactions. Disable scripting in your browser.
What do you mean by Chain of Custody?
Chain of custody refers to the probability of data provided as originally acquired and has not been changed before admission into evidence. In legal terms, it's a chronological documentation/paper trail that records a proper sequence of custody, control, analysis, and disposition of electronic or physical evidence.
What is cognitive security?
Cognitive security is one of the applications of AI technologies that is used explicitly for identifying threats and protecting physical and digital systems based on human understanding processes. Self-learning security systems use pattern recognition, natural language processing, and data mining to mimic the human brain.
Differentiate between VPN and VLAN.
Companies use VLANs to consolidate devices that are dispersed across several remote sites into a single broadcast domain. VPNs, on the other hand, are used to transmit secure data between two offices of the same organization or between offices of different companies. Individuals also use it for their personal needs. A VLAN is a VPN subtype. VPN stands for Virtual Private Network, and it is a technology that creates a virtual tunnel for secure data transfer over the Internet. Because it enables encryption and anonymization, a VPN is a more advanced but more expensive solution. A VLAN is useful for segmenting a network into logical sections for easier management, but it lacks the security characteristics of a VPN. A virtual local area network minimizes the number of routers required as well as the cost of deploying routers. A VPN improves a network's overall efficiency.
What do you understand by compliance in Cybersecurity?
Compliance means living by a set of standards set by an organization/government/independent party. It helps in defining and achieving IT targets and also in mitigating threats through processes like vulnerability management.
Describe SQL Injection and Cross Site Scripting.
Cross Site Scripting XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application's database. o A SQL injection attack happens when structured query language (SQL) code is injected into forms, cookies, or http headers that do not use data sanitizing or validation methods to verify that information fits within prescribed GET or POST parameters. This flaw allows data exfiltration, changes, or deletion from databases that are connected to websites. According to the open web application security project (OWASP), the five main techniques used in SQL injection attacks are union operator, boolean, error based, out of band, and time delay. o Cross Site Scripting an XSS attack uses malicious code to redirect users to malicious websites, steal cookies or credentials, or deface websites. This is usually accomplished using malicious scripts that are executed in client browsers as a result of user input, functional statements, client requests, or other expressions. For example, attackers can attack maliciously crafted URLs via email phishing attempts, email attachments with embedded links, frames on legitimate websites, and web forums that are known to be frequently visited by targeted users.
What is Cryptography?
Cryptography is a technique or practice used to protect information from third parties called adversaries. It is a method of protecting information and communications through codes so that only those for whom the information is intended can read and process the data. In Cryptography, we also study several techniques for secure communication, mainly to protect the sensitive data from third parties that the data is not intended for.
Why is Cyber Crime increasing day by day every year?
Cyber Crime is increasing day by day every year because of the following reasons: o There is a lower risk of being caught in cyber crime o Attackers can make a lot of money if they know what to do. o Can target thousand of victims o With the introduction of cryptocurrencies, money laundering is getting easier.
What is Cyber Crime? Give some examples of Cyber Crime.
Cyber Crime is just like regular crime but happens on the Internet. Following are some examples of Cyber Crime: o Identity Theft o Online Predators o Hacking of sensitive information from the Internet o BEC ("Business Email Compromise") o Ransomware o Stealing intellectual property
What is Cyber Security? / What do you know about Cyber Security?
Cyber security is a practice of protecting internet-connected systems such as hardware, software, programs, computers, servers, mobile devices, electronic systems, networks, and data from malicious digital attacks. The main purpose of cyber security is to protect against cyberattacks like accessing, changing, or destroying sensitive information from your computer system. Cyber security attacks are mainly aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting normal business processes.
What is the need for DNS monitoring?
DNS (Domain Name System) is a service that is used for converting user-friendly domain names into a computer-friendly IP address. It allows websites under a particular domain name that is easy to remember. DNS monitoring is nothing but monitoring DNS records to ensure does it route traffic properly to your website, electronic communication, services, and more.
What do you mean by Domain Name System (DNS) Attack?
DNS hijacking is a sort of cyberattack in which cyber thieves utilize weaknesses in the Domain Name System to redirect users to malicious websites and steal data from targeted machines. Because the DNS system is such an important part of the internet infrastructure, it poses a serious cybersecurity risk. These can be avoided by the following precautions:- Examine the DNS zones in your system. Make sure your DNS servers are up to current. The BIND version is hidden. Transfers between zones should be limited. To avoid DNS poisoning attempts, disable DNS recursion. Use DNS servers that are separated. Make use of a DDOS mitigation service.
What is the difference between Encryption and Hashing? / How is Encryption different from Hashing?
Encryption and Hashing are techniques used to convert readable data into an unreadable data format, but they have some key differences. Encryption is used to make temporary data conversions. Encryption is used to provide confidentiality once data is encrypted it can be decrypted to the original data. Encryption encodes and decodes. Encryption is used to secure sensitive data from the reach of third parties. Encryption focuses on the confidentiality of the data. Hashing is used to make permanent data conversion into message digest. Hashing is used to provide integrity usually to verify files, software, images are legitimate. The hashing data cannot be converted back to original data. Hashing is a one-way encryption process. For example, it only encodes the data. Hashing is used to protect the integrity of the information. Hashing focuses on the integrity of the data.
What are the different types of Cyber Security?
Every organization has some assets that are made up of a variety of different systems. These systems must have a strong Cyber Security aspect to make the organization work well. According to the devices used in Cyber Security, it can be divided into the following types: Network security: Network security is one of the most important types of Cyber security. In this process, we have to secure a computer network against unauthorized access, intruders, attacks, disruption, and misuse using hardware and software. This security also adds an extra layer in protecting an organization's assets from both external and internal threats. An example of Network security is using a Firewall. Application security: Application security is used to safeguard software and devices against malicious attacks. This can be achieved by regularly updating the apps to ensure that they are secure against threats. Identity management & security: Identity management & security identifies each individual's level of access inside an organization. For example, you can restrict and allow access to data according to an individual's job role in the company. Data security: Data security is used to ensure that you put your data in a strong data storage system to ensure data integrity and privacy while in storage and transport. Operational security: Operational security is used to analyze and make decisions about handling and securing the data assets. For example: Storing data in an encrypted form in the database is an example of Operational security. Mobile security: Mobile security is used to specify the protection of organizational and personal data held on mobile devices such as cell phones, PCs, tablets, and other similar devices against various hostile attacks. Examples of mobile security threats are unauthorized access, device loss or theft, malware, and other threats that can harm mobile devices. Cloud security: The main aim of cloud security is to safeguard the data held in a digital environment or cloud infrastructures for an organization. It uses various cloud service providers, including AWS, Azure, Google, and others, to assure protection against a variety of threats.
What are the steps used to set up a firewall?
Following is a list of different steps used to set up a firewall: Username/password: You have to modify the default password for a firewall device, which is required to make the system secure. Remote administration: You have to disable the feature of the remote administration. Port forwarding: You have to configure port forwarding accordingly to make certain applications work properly, such as a web server or FTP server. Disable DHCP server: When installing a firewall on a network with an existing DHCP server, it can create a conflict unless you have disabled the firewall's DHCP. Enable Logging: You have to enable logging to troubleshoot firewall issues or potential attacks and understand how to view logs. Secure Policies: You have to set solid and secure security policies in place and ensure that the firewall is configured to enforce those policies.
What are the main advantages of cyber security?
Following is a list of main advantages of cyber security: Cyber security protects online businesses and transactions against ransomware, malware, online frauds, and phishing. It protects the end-users. It provides great protection for both data as well as networks. It can increase the recovery time after a breach. It prevents unauthorized users from accessing sensitive information.
What are the key elements of Cyber Security?
Following is the list of key elements of Cyber Security: Information security Network security Operational security Application security End-user security Business continuity planning
What are some common Hashing functions/algorithms?
Following is the list of some common and most used hashing functions/algorithms: Message-Digest Algorithm (MD5) Message-Digest Algorithm or MD5 is the latest and advanced form of MD4. It was introduced after finding severe security issues in MD4. MD5 is used to generate 128-bit outputs for a variable length of inputs. MD5 is the advanced version and the successor to MD4. It covers a lot of security threats but fails to provide full data security services. It is one of the most widely used algorithms, but the main issue with using MD5 is its vulnerability and collisions. Secure Hashing Algorithm (SHA) Secure Hashing Algorithm, or SHA, was developed by the National Security Agency. Later it was updated repeatedly to improve the security flaws in the old genre. Its latest and advanced version is SHA-2 that many firms are using for cryptographic purposes. Tiger Cipher Algorithm Tiger cypher algorithm is a faster and more efficient algorithm compared to Message Digest (MD5) and Secure Hashing Algorithm. It is mostly used in new generation computers and has a 192-bit hashing system. Its latest and advanced version is the Tiger2 algorithm which is more powerful than the Tiger algorithm. RIPMEND Algorithm Hans Dobbertin designed RIPMEND cryptographic hashing algorithm. It is created using the EU project RIPE framework and has a 164-bit digest. WHIRLPOOL Algorithm Vincent Rijmenand Paul Barreto designed the WHIRLPOOL algorithm. It accepts any messages of a length less than 2256 bits and returns a 512-bit message digest. Its first version was whirlpool-0, the second version was named Whirlpool-T, and the latest and most advanced version is Whirlpool.
What do you mean by Forward Secrecy and how does it work?
Forward secrecy is a property of certain key agreement protocols that ensures that the session keys will not be exposed if the server's private key is exposed. Perfect forward secrecy is another name for it (PFS). The "Diffie-Hellman key exchange" algorithm is used to accomplish this.
What is the difference between the Host Intrusion Detection System (HIDS) and Network Intrusion Detection System (NIDS)?
HIDS is an host intrusion detection system set up on a particular host/device and monitors the traffic of a particular device and suspicious system activities. HIDS is used to detect intrusions. NIDS is a network intrusion detection system which is set up on a network and is used to monitor the traffic of all network devices. NIDS is used for the network to monitor the traffic of all devices.
What are HTTP response codes?
HTTP response codes display whether a particular HTTP request has been completed. 1xx (Informational) - The request has been received, and the process is continuing. 2xx (Success) - The request was successfully received and accepted. 3xx (Redirection) - Further action must be taken to complete it. 4xx (Client Error) - Request cannot be fulfilled or has incorrect syntax. 5xx (Server Error) - The server fails to fulfill the request.
What is the main purpose of Hashing?
Hashing is required when we have to compare a huge amount of data. We can create different hash values for different data, and we can compare hashes too. Following is a list of some most important usage of Hashing: o Hashing facilitates us to keep and find records of hashed data. o Hashing can be used in cryptographic applications such as a digital signature. o With the use of hashing, we can create random strings to avoid data duplication. o Geometric hashing is a type of hashing used in computer graphics to help find proximity issues in planes.
What do you understand by honeypots?
Honeypots are the possible attack targets set up to see how different attackers attempt to exploit a network. Private firms and governments use this concept to evaluate their vulnerabilities, widely used in academic settings.
What is the difference between IDS and IPS?
IDS is an intrusion detection system which is only used for detection and monitoring systems. IDS require a human or another system to look at the results. IPS is an Intrusion prevention system which detects and prevent intrusion. IPS is a control system .
What is Traceroute in Cyber Security?
In Cyber Security, a traceroute is used to show the packet path by listing all the points that the packet passes through. Traceroute is mainly used when the packet does not reach the destination. With the help of a traceroute, we can check where the connection breaks or stops to identify the failure.
What is Patch management in Cyber security? How often should we perform Patch management?
In Cyber security, patch management is a process to keep the software on computers and network devices up to date and make them capable of resisting low-level cyber attacks. It is used in any software which is prone to technical vulnerabilities. We should perform patch management as soon as it is released. For example, when a patch is released for Windows, it should be applied to all machines as soon as possible. Same in network devices, we should apply patch management as soon as it is released. We should follow proper patch management for better security.
What do you mean by System Hardening?
In general, system hardening refers to a set of tools and procedures for managing vulnerabilities in an organization's systems, applications, firmware, and other components.The goal of system hardening is to lower security risks by lowering potential attacks and compressing the system's attack surface.The many types of system hardening are as follows: Hardening of databases Hardening of the operating system Hardening of the application Hardening the server
What is data leakage in the context of Cyber security?
In the context of Cyber security, data leakage is an unauthorized transfer of data to the outside of the secure network. Data leakage can occur via email, optical media, laptops, and USB keys etc.
What is the difference between information protection and information assurance?
Information protection: It protects the data using encryption, security software, etc., from unauthorized access. Information Assurance: It keeps the data reliable by ensuring availability, authentication, confidentiality, etc.
What do you mean by a DDoS attack? How can you prevent it?
It's a form of cyber threat or malicious effort in which fraudsters use Internet traffic to fulfill legitimate requests to the target or its surrounding infrastructure, causing the target's regular traffic to be disrupted. The requests originate from a variety of IP addresses, which might cause the system to become unworkable, overload its servers, cause them to slow down or go offline, or prevent an organization from performing its essential responsibilities. The methods listed below will assist you in stopping and preventing DDOS attacks: Create a denial of the service response strategy. Maintain the integrity of your network infrastructure. Use fundamental network security measures. Keep a solid network architecture. Recognize the Warning Signs Think about DDoS as a service.
What are the two phases of Web Application Security testing ?
Passive and Active. In the passive mode the tester tries to understand the application's logic and plays with the application. Tools can be used for information gathering. For example, an HTTP proxy can be used to observe all the HTTP requests and responses. At the end of this phase, the tester should understand all the access points (gates) of the application (e.g., HTTP headers, parameters, and cookies). In the active mode, the tester begins to test using the methodology describedin the follow sections. • Information Gathering• Configuration and Deployment Management Testing• Identity Management Testing• Authentication Testing• Authorization Testing• Session Management Testing• Input Validation Testing• Error Handling• Cryptography• Business Logic Testing• Client Side Testing
Which are the best Patch management tools or software? Why are they used?
Patch management tools or software are used to ensure that the components of a company's software and IT infrastructure are up to date. The patch management tools work by tracking updates of various software and middleware solutions, and then they alert users to make necessary updates or execute updates automatically. Following is a list of the top 10 best patch management software or tools: Atera NinjaRMM Acronis Cyber Protect Cloud Acronis Cyber Protect PDQ Deploy ManageEngine Patch Manager Plus Microsoft System Center Automox SmartDeploy SolarWinds Patch Manager
What do you mean by perimeter-based and data-based protection?
Perimeter-based cybersecurity entails putting security measures in place to safeguard your company's network from hackers. It examines people attempting to break into your network and prevents any suspicious intrusion attempts. The term "data-based protection" refers to the use of security measures on the data itself. It is unaffected by network connectivity. As a result, you can keep track of and safeguard your data regardless of where it is stored, who accesses it, or which connection is used to access it.
What do you mean by Phishing?
Phishing is a sort of cybercrime in which the sender appears to be a legitimate entity such as PayPal, eBay, financial institutions, or friends and coworkers. They send an email, phone call, or text message to a target or target with a link to convince them to click on the link. This link will take users to a fake website where they will be asked to enter sensitive information such as personal information, banking and credit card information, social security numbers, usernames, and passwords. By clicking the link, malware will be installed on the target machines, allowing hackers to remotely control them. You can protect yourself from phishing attacks by following these guidelines: Don't give out important information on websites you don't know. Check the site's security. Make use of firewalls. Use Toolbar for Anti-Phishing
What are Polymorphic viruses?
Polymorphic viruses are sophisticated file infectors that may build changed versions of themselves in order to avoid detection while maintaining the same fundamental behaviors after each infection. Polymorphic viruses encrypt their programming and employ various encryption keys each time to alter their physical file makeup throughout each infection. Mutation engines are used by polymorphic viruses to change their decryption routines every time they infect a machine. Because typical security solutions do not use a static, unchanging code, traditional security solutions may miss them. They are considerably more difficult to detect because they use complicated mutation engines that generate billions of decryption routines.
What do you understand by Port Scanning?
Port scanning is the technique administrators, and hackers use to identify the open ports and services available on a host. Hackers use this technique to find information that can be helpful to find flaws and exploit vulnerabilities, and administrators use this technique to verify the security policies of the network. Following is a list of some most common Port Scanning Techniques: Ping Scan TCP Half-Open TCP Connect UDP Stealth Scanning
What is Remote Desktop Protocol (RDP)?
RDP (Remote Desktop Protocol) is a Microsoft protocol specifically designed for application data transfer security and encryption between client devices, users, and a virtual network server. It allows administrators to remotely evaluate and resolve issues individual subscribers encounter. It supports up to 64,000 separate data channels with a provision for multipoint transmission.
What do you mean by SQL Injection? How do you prevent it?
SQL injection is a typical attack in which fraudsters employ malicious SQL scripts to manipulate backend databases and get access to sensitive data. The hostile actor can see, edit, or remove important company data, customer lists, or customers' personal details contained in the SQL database after the attack is successful. The following practices can help you avoid SQL Injection attacks: Prepare statements ahead of time. Use Pre-defined Procedures Verify the user's input.
Which is more reliable: SSL or HTTPS?
SSL (Secure Sockets Layer) is a secure technology that allows two or more parties to communicate securely over the internet. To provide security, it works on top of HTTP. It works at the Presentation layer.HTTPS (Hypertext Transfer Protocol Secure) is a combination of HTTP and SSL that uses encryption to create a more secure surfing experience. The working of HTTPS involves the top 4 layers of the OSI model, i.e, Application Layer, Presentation Layer, Session Layer, and Transport Layer.SSL is more secure than HTTPS in terms of security.
What do you understand by Shoulder Surfing?
Shoulder surfing is a form of physical assault used by fraudsters by physically peering at people's screens to cheat while they type sensitive information in a semi-public area.
What do you mean by Network Sniffing?
Sniffing is a technique for evaluating data packets delivered across a network. This can be accomplished through the use of specialized software or hardware. Sniffing can be used for a variety of purposes, including: Capture confidential information, such as a password. Listen in on chat messaging Over a network, keep an eye on a data package.
Differentiate between spear phishing and phishing?
Spear phishing is a type of phishing assault that targets a small number of high-value targets, usually just one. Phishing usually entails sending a bulk email or message to a big group of people. It implies that spear-phishing will be much more personalized and perhaps more well-researched (for the individual), whereas phishing will be more like a real fishing trip where whoever eats the hook is caught.
What is the difference between stored XSS and reflected XSS?
Stored XSS attacks where the injected scripts are permanently stored on the target servers are called stored XSS attacks. In stored XSS attacks, the victim retrieves the server's malicious script when requesting the stored information. Reflected XSS Attacks where the user has to send the request first, then start running on the victim's browser, are called reflected XSS attacks. The reflected XSS attacks reflect results from the browser to the user who sent the request.
What is the difference between a threat, vulnerability and risk?
THREAT: A threat can be any form of hazard capable of destroying or stealing data, disrupting operations, or cause harm in general. Such as malware, phishing ,threat actors, and unethical employees. Any type of threat may be harmful for the organization, so; it is essential to understand threats for developing effective mitigation and making informed cyber security decisions. Vulnerability: Vulnerability is a possible problem or a flaw in hardware, software, personnel, or procedures that can harm the organization. Threat actors can use these vulnerabilities to achieve their objectives. Some examples of vulnerabilities are given below: Physical vulnerabilities: Publicly exposed networking equipment is an example of Physical vulnerability. Software vulnerabilities: buffer overflow vulnerability in a browser. Human vulnerabilities :. an employee vulnerable to phishing assaults. Zero-day vulnerability: It is a type of vulnerability for which a remedy is not yet available. To cope up with vulnerabilities, we have a method called Vulnerability management. It is the process of identifying, reporting and repairing vulnerabilities. Risk: Risk is a combination of threat and vulnerability. When we combine the probability of a threat and the consequence of vulnerability, it is called a risk. Risk is the likelihood of a threat agent successfully exploiting vulnerability. A formula to calculate risk: Risk = likelihood of a threat * Vulnerability Impact To control and manage the risk, we use a method called Risk management. It is a process of identifying all potential hazards, analyzing their impact, and determining the best course of action. This is an always running procedure used to examine the new threats and vulnerabilities regularly. By using this method, we can avoid or minimize risks. We can also accept or passed them to a third party according to the response chosen.
What do you understand by the MITM attack ?
The MITM attack stands for Man-in-the-Middle attack. As the name specifies, it is a type of attack where a third person pr an attacker intercepts communication between two persons. The primary intention of MITM is to access confidential information.
Someone used their yahoo account at a computer lab. She made sure her yahoo account was no longer open in the browser window before leaving the lab. Someone came in behind her and used the same browser to re-access her account. They started sending emails from it and caused all sorts of mayhem. Question: What do you think might be going on here?
The first person probably didn't log out of her account, so the new person could just go to history and access her account. Another possibility is that she did log out, but didn't clear her web cache. (This is done through the browser menu to clear pages that the browser has saved for future use.)
What are the benefits of Cyber Security?
The following are some of the advantages of putting cybersecurity in place and keeping it up to date: Businesses are protected from cyberattacks and data breaches. Both data and network security are safeguarded. Unauthorized user access is kept to a minimum. There is a quicker recovery time after a breach. Protection for end-users and endpoint devices. Regulatory compliance. Operational consistency. Developers, partners, consumers, stakeholders, and employees have a higher level of trust in the company's reputation.
How to prevent 'Man-in-the-Middle Attack'?
The following practices prevent the 'Man-in-the-Middle Attacks': Have stronger WAP/WEP Encryption on wireless access points avoids unauthorized users. Use a VPN for a secure environment to protect sensitive information. It uses key-based encryption. Public key pair-based authentication must be used in various layers of a stack for ensuring whether you are communicating the right things are not. HTTPS must be employed for securely communicating over HTTP through the public-private key exchange.
How will you keep yourself updated with the latest cybersecurity news?
The following ways will help you to keep up with the latest cybersecurity updates: Follow news websites and blogs from security experts. ( follow news CISA.gov and USCYBERcom Cybersecurity Alert I follow podcast more than blogs. The podcast I follow are cyberwire daily, security now, cyber security today, malicious life, darknet diaries. Iranian MOIS muddy water hacker group are using open source male ware to conduct espionage Browse security-related social media topics. Check vulnerability alert feeds and advisory sites. Attend cybersecurity live events.
What is the full form of SSL? Why is it used?
The full form of SSL is Secure Sockets Layer. This is a technology used to create encrypted connections between a web server and a web browser. SSL is used to protect the information in online transactions and digital payments to maintain data privacy.
What is an XSS attack, and how can you prevent it?
The full form of XSS attack is a Cross-Site Scripting attack. It is a cyberattack that makes hackers able to inject malicious client-side scripts into web pages. The XSS attacks are mainly used to hijack sessions, steal cookies, modify DOM, remote code execution, crash the server, etc. We can use the following practices to prevent XSS attacks: By validating user inputs By sanitizing user inputs By encoding special characters By using Anti-XSS services/tools By using XSS HTML Filter
What are the several indicators of compromise(IOC) that organizations should monitor?
The key indicators of compromise that organizations should monitor are listed below: Unusual Outbound Network Traffic HTML Response Sizes Geographical Irregularities Increases in Database Read Volume Log-In Red Flags Unexpected Patching of Systems Large Numbers of Requests for the Same File Web Traffic with Unhuman Behavior Suspicious Registry or System File Changes Unusual DNS Requests Mobile Device Profile Changes Bundles of Data in the Wrong Place Mismatched Port-Application Traffic Signs of DDoS Activity Anomalies in Privileged User Account Activity
What is the main goal of Cyber Security?
The main goal of cyber security is to protect data from cyber attacks. This is done by focusing on the CIA Triad focused on confidentiality, integrity, and availability. Confidentiality: Confidentiality is used to provide privacy to prevent unauthorized access to data. It ensures that the data is only accessible to those who are authorized to use it and restricts access to others. It restricts vital information to be exposed to the wrong hands. A good example of Confidentiality is Data encryption which is used to keep information private. Integrity: The Integrity principle is used to assure that the data is genuine, correct, and safe from unwanted threat actors or unintentional user alteration. It also specifies that the source of information must be genuine. If any changes are made, precautions should be taken to protect sensitive data from corruption or loss and recover from such an incident quickly. Availability: The Availability principle ensures that the information is constantly available and accessible to those who have access to it. It also ensures that any types of system failures or cyber-attacks do not obstruct these accesses.
Differentiate between Stream Cipher and Block Cipher.
The major distinction between a block cypher and a stream cypher is that a block cypher turns plain text into ciphertext one block at a time. Stream cypher, on the other hand, converts plain text into ciphertext by taking one byte of plain text at a time. Block Cipher is a way of converting plaintext into ciphertext one block at a time. Block Ciphers are either 64 bits or more than 64 bits. The ECB (Electronic Code Book) and CBC (Common Block Cipher) algorithm modes are utilized in block cipher (Cipher Block Chaining). The Caesar cipher, polygram substitution cipher, and other transposition algorithms are used in the block cipher. When compared to stream cipher, a block cipher is slower. Stream Cipher takes one byte of plain text at a time and converts it to cipher text. 8 bits are used in stream ciphers. CFB (Cipher Feedback) and OFB (Output Feedback) are the two algorithm types utilized in stream cipher (Output Feedback). Stream cipher uses substitution techniques such as the rail-fence technique, columnar transposition technique, and others. When compared to a block cipher, a stream cipher is slower.
What are the most common types of cyber security attacks?
The most common types of cyber security attacks are: Malware Phishing Cross-Site Scripting (XSS) Denial-of-Service (DoS) Domain Name System Attack Man-in-the-Middle Attacks SQL Injection Attack Session Hijacking Brute Force etc.
what is the difference between the Red Team and the Blue team?
The red team and blue team refer to cyberwarfare. Many organizations split the security team into two groups as red team and blue team. The red team refers to an attacker who exploits weaknesses in an organization's security. The blue team refers to a defender who identifies and patches vulnerabilities into successful breaches.
How can you avoid a brute force attack?
There are a variety of techniques for stopping or preventing brute force attacks. A robust password policy is the most evident. Strong passwords should be enforced by every web application or public server. Standard user accounts, for example, must contain at least eight characters, a number, uppercase and lowercase letters, and a special character. Furthermore, servers should mandate password updates on a regular basis.Brute Force attack can also be avoided by the following methods:- Limit the number of failed login attempts. By altering the sshd_config file, you can make the root user unreachable via SSH. Instead of using the default port, change it in your sshd config file. Make use of Captcha. Limit logins to a certain IP address or range of IP addresses. Authentication using two factors URLs for logging in that are unique Keep an eye on the server logs.
What do you think might be going on here?
There are two methods to doing this: qualitative and quantitative. Qualitative does not assign dollar values to components of the risk analysis. A quantitative assessment process involves these three steps: 1. Estimate potential losses - single loss expectancy (SLE) = asset value x exposure factor 2. Conduct a threat analysis - the goal is to estimate the annual rate of occurrence (ARO). This number value represents how many times the event is expected to happen in one year. 3. Determine annual loss expectancy (ALE) - ALE = single loss expectancy (SLE) x annual rate of occurrence (ARO)
What do you understand by Unicasting, Multicasting, and Broadcasting? What is the difference between them?
Unicasting, Multicasting, and Broadcasting are the three methods used to transmit data over a network. o Unicasting: Unicasting is used to send information from a single user to a single receiver. This method is used for point-to-point communications. o Multicasting: Multicasting is used to send data from one or more sources to multiple destinations. o Broadcasting: Broadcasting is also known as one-to-all. In this method, a single sender sends the data over multiple receivers. I.e. the communication is done between a single user and several receivers. The best example of broadcasting is radio or TV broadcasting, where a single sender sends signals to multiple receivers.
What is a VPN? What is its use in Cyber Security?
VPN is an acronym that stands for Virtual Private Network. It creates a safe encrypted tunnel across the internet by connecting a VPN server to a VPN client. Suppose a user has a VPN client installed on their machine. The VPN client then creates an encrypted tunnel to the VPN server, and the user can securely send or receive information over the internet.
How do you decide the placement of the encryption function?
We must decide what to encrypt and where the encryption mechanism should be situated if encryption is to be used to counter attacks on confidentiality. Link and end-to-end encryption are the two main ways of encryption placement.End-to-end encryption, or E2EE, is a secure data transfer system in which data is encrypted and decrypted only at the endpoints, regardless of how many points it passes through in the middle of its virtual journey. This sort of encryption is an excellent technique to communicate in a secure and confidential manner. Because no one else has the key to decode it, no one in the middle will be able to read it.The primary difference between link encryption and end-to-end encryption is that link encryption encrypts and decrypts all traffic at all points, not just at the endpoints. All data is encrypted as it travels along the communication line with this approach. When it reaches a router or another intermediary device, however, it is decrypted so that the intermediator can determine which direction to send it next.
To perform testing of open ports using a port scanner, you will need Nmap port scanner installed on your system. Although you want to close any unnecessary ports, ports are opened to provide a benefit to users. Enabling Windows Firewall and closing ports will reduce the utility of a system, and many potentially desirable features of a system will no longer function. You must proceed cautiously and test the system to ensure the desirable features are still functional while making sure that you've closed as many ports as you can. What is the procedure for this?
You will implement Windows Firewall and close ports that aren't required for the given requirements of the system. You will then test the system both internally and externally and confirm that you've achieved the desirable results. At the command prompt type "netstat -a -n -o". This command displays all open ports and connections, places them in numeric or alphabetic order and shows the PID that opened the port. By comparing the PID values in the result from the netstat command to the PID values in Task Manager, you can identify which processes opened which ports as well as who launched the process. To take a look at how the system appears from an external system looking at the firewall, use the nmap command "nmap -sS -O <ip address of the system>". This command tells your machine to run a port scan on the system of the IP address, use stealth scan mode, and attempt to identify the operating system. Notice which ports report back as open. If other ports are open identify their sources and determine whether they are desirable or undesirable. If undesirable, the disable the application and services related to these ports and reconfigure the Windows firewall to block these ports correctly.
