In the first step, the client sends a SYN packet for synchronisation with the server. In the second step, the server responds to the client with both synchronisation and acknowledgement of the received packet, SYN+ACK. In the final step, the client acknowledges the response of the server, and they both create a stable connection that will begin the actual data transfer process.
During the TCP three-way handshake, it negotiates three important values.
i.Initial sequence number; ii.Window buffer size; and iii.Maximum segment size
i.Twice NAT ii. NAT exemption iii. Policy based NAT iv. Dynamic NAT v. Static NAT vi. Dynamic PAT
Full form of VPN is Virtual private network, is an encrypted connection over the internet between client and server. Encrypted connection ensures sensitive data is safely transmitted.
Cisco ASA supports policy based IPSEC VPN
Palo alto supports route based IPSEC VPN.
Aggressive mode is typically used for remote access VPNs, and it is also used when peers have dynamic external IP addresses.
Encryption is a two-way process where plain text data is converted into cypher text, and cypher text can be converted back to plain text.
Hashing is mainly used for integrity purposes, and it is impossible to reverse engineer the hash value back to the plain text data.
PFS is mainly used to generate a new key when the lifetime of the VPN tunnel expires, so it would ensure protection from hackers trying to compromise the keys.
i.Tap mode
ii.Virtual Wire
iii.Layer 2
iv.Layer 3
The Palo Alto Next-Generation firewalls have a unique Single Pass Parallel Processing (SP3) Architecture. The advantages of this architecture are high throughput and low-latency.
A router is a networking device that is used to connect various networks together. A firewall is a security device which protects your internal systems, servers, etc. from external attacks by configuring various security policy rules in the firewall.
Port scan is used to determine which TCP/UDP ports are open on a system and could be receiving or sending data.
I. Authenticated scan and ii. Unauthenticated scan
A vulnerability is a weakness or a loophole in a system or network due to lack of security rules, poor design or misconfiguration and which can be discovered by using the various vulnerability scanners.
Exploit is defined as the program or code developed, commands through which a vulnerability can be leveraged for malicious activities by hackers.
Risk is defined as the potential for loss or damage of data due to exploitation. A threat is defined as a hypothetical event or potential negative action triggered due to exploitation of a vulnerability by an attacker that results in an impact on the system or application.
Vulnerability scan is performed to discover the vulnerabilities in the system or application. In the penetration testing reported vulnerabilities shall be exploited by injecting code or commands.
Application security assessment includes active scanning and passive scanning.
In the active scan, scanner will send various crafted requests to the application, derived from the base request, and analyses the resulting responses looking for vulnerable behaviour.
In the passive scan, scanner will not send any new requests. It just analyses the contents of the base request and response, and concludes vulnerabilities.
What are the considerations need to be followed while upgrading to a new firewall ?
How will you troubleshoot when user reports application is accessible and not accessible sometimes ?
How will you troubleshoot in various ways when user reports there is slowness in accessing an application ?
How do you troubleshoot not able to access the specific destination though both IPSEC phase 1 and phase2 tunnels are UP.
What are the steps you will perform when system got compromised in a network?
How will you identify suspicious activity is happening in the organization’s network when there is no incident generated in SIEM?
How will you investigate if system is affected with a malware?
How will you mitigate if sync flood attack is happening in the network?
How will you mitigate various kinds of attacks brute force, DDOS SQL injection ?
How will you troubleshoot if logs are not coming to the heavyforwarder?
How will you troubleshoot if logs are not able to search in the search head, but heavy forwarder still receives logs continuously.
Which scan method you will use to discover the vulnerabilities effectively?
How will you determine if the reported vulnerability is false positive or true positive ?
Why scanner is still reporting specific vulnerability though patch or fix applied to a system?
What changes you need to perform in scan settings especially when you are scanning hosts through a firewall?
© Copyright SOCINFOTECH 2021. All Right Reserved. Designed By BHARATH KATTAMANCHI. TIRUPATIHOST.