Summary of 1000 common network security interview questions [2023 latest finishing]

Others 2023-05-07 19:41:02 views: null

The difference and relationship between the seven layers of OSI and the four layers of TCP/IP

  • OSI seven layers:
    1. Application layer: defines the interaction and communication rules between application processes. HTTP, FTP, SMTP, POP3; Gateway
    2. Presentation layer: the syntax and semantics of information and their associations, such as encryption and decryption, conversion and translation, compression and decompression
    3. Session layer: Establish and manage sessions between users on different machines. SSL, TLS, RPC; Gateway
    4. Transport layer: accepts upper-layer data, divides the data when necessary, and delivers the data to the network layer, while ensuring that the message can reach the opposite end, and is responsible for providing general data transmission services for the communication between the two host processes. TCP, UDP; Gateway
    5. Network layer: Control the operation of the subnet, select the appropriate network routing and switching nodes, and ensure the timely transmission of data, such as logical addressing, packet transmission, and routing selection. IPv4, IPv6; router
    6. Data Link Layer: Physical addressing while converting raw bit streams into logical transmission lines. PPP, ARP, RARP; bridges, switches
    7. Physical Layer: Transmission of raw bit streams over mechanical, electrical, timing interface channels. IEEE; network cable, network card
  • TCP/IP four layers
    1. application layer
    2. transport layer
    3. Network layer
    4. network interface layer

ARP protocol

Convert ip address to mac address.

  • Query your own arp cache list
  • If there is none in the cache list, send an arp broadcast with the target address of 12 f
  • After receiving the broadcast, the host will check whether its own ip address is consistent with the ip requested by arp, cache the mapping in its own arp cache and respond
  • After arp receives the response, it caches the mapping, and if it does not receive a response, the query fails

Occurs after the browser enters www.baidu.com

  1. DNS resolution
  2. Establish a TCP connection
  3. send HTTP request
  4. The server responds to the HTTP request and gets the html code
  5. The browser parses the code and requests the corresponding resources css, js, pictures
  6. The browser renders the page and presents it to the user
  7. connection ended

DNS addressing process

  1. First check whether there is a corresponding mapping in the local hosts file, and use it if there is one
  2. If there is no mapping in hosts, check whether there is a corresponding mapping in the cache of the local DNS resolver, and use it if there is one
  3. Find the preferred DNS server (local DNS server) set by TCP/IP. When the local DNS server receives a query, if the domain name is included in the local configuration area resources, it will be used. This resolution is authoritative
  4. If this domain name is not resolved by the local DNS server but the mapping relationship has been cached, it is also used but this resolution is not authoritative
  5. See if the forwarding mode is enabled. If it is not enabled, it will search recursively. First send it to the root domain name server. , get the address of .com, and then go to .com. If it cannot be resolved, it will return the address of baidu.com, and then go to Find baidu.com, repeat the operation until you find the host of www.baidu.com
  6. Enabling the forwarding mode will transfer the request to its superior for DNS resolution. If the superior cannot resolve it, it will continue to hand over the domain name to the superior or the root for resolution depending on whether the forwarding mode is enabled.
  7. The final results are sent to the local DNS server, and then sent to the client

DNS cache

Browser cache (chrome:://dns/), system cache (hosts), router cache, IPS server cache, root domain name server cache, top-level domain name server cache, live domain name server cache

Web performance optimization technology

  • DNS query optimization
  • client cache
  • Optimize TCP connections
  • avoid redirection
  • Caching at the edge of the network
  • conditional caching
  • Compression and code minimalism
  • image optimization

cyber security

XSS attacks and CSRF attacks.

  • XSS attack: cross-site scripting attack, embed malicious script code in the web page, and the script code will be executed when browsing the page
  • CSRF attack: Exploiting trusted websites by disguising requests from trusted users

HTTP

The difference between http1 2

HTTP1.1

  • Persistent connection: After a web page is opened, the TCP connection used to transmit HTTP data between the client and the server will not be closed. When the client visits the server again, it will continue to use this established connection (with a hold time)
  • Error response status code: Added 24 error response status codes (409 The requested resource conflicts with the current resource status, 410 A resource on the server is permanently deleted)
  • pipelining of requests
  • Increase cache processing (Entity tag, if-Unmodified-Since, if-Match, if-None-Match)
  • Add host field, support breakpoint transmission (range header field can save bandwidth)

HTTP2.0

  • Binary framing: the basic unit of communication is frame
  • Multiplexing: Allows a single connection to initiate multiple request-response messages, but there is a limit to the number under the same domain name
  • header compression
  • Server push: one request can get multiple responses

The difference between HTTP and HTTPs

  • HTTPs requires a CA certificate, which generally requires a fee
  • HTTP information is transmitted in plain text, and HTTPs information is transmitted based on SSL encryption
  • HTTP default port 80, HTTPs default port 443
  • HTTP connection is simple, stateless, HTTPs class for encrypted transmission, identity authentication, security

HTTPs protocol data transmission process

  1. The browser sends the supported encryption algorithm information to the server
  2. The server selects a set of encryption algorithms supported by the browser, and sends back the identity verification information to the browser in the form of a certificate
  3. After the browser receives the certificate, it verifies its legitimacy and sends it to the server in combination with the certificate public key encryption information
  4. The server decrypts the information with the private key, verifies the hash, and sends the encrypted response message back to the browser
  5. The browser decrypts the information and verifies it

HTTP Common Response Status Codes

  • 1xx: The request has been accepted and is being processed
  • 2xx: The request was successfully processed, 200 was processed normally, 204 the request was processed successfully but no resource was returned to the client, 206 range request
  • 3xx: Request redirection, further processing is required, 301 permanent 302 temporary 304 cache
  • 4xx: Client error, 400 The request has a syntax error, 401 The request sent requires authentication information recognized by HTTP, 403 The request is rejected, 404 The page cannot be found
  • 5xx: server error, 500 server internal error, 503 service temporarily unavailable

The difference between GET and POST

  • GET is used to obtain resources and will not cause resource changes. POST is used to create resources and will cause resource changes
  • GET requests are idempotent, but POST requests are not.
  • GET request parameters are attached to the URL, and POST request parameters are in the request body
  • GET request parameters have a length limit (limited by URL length), POST does not
  • POST is more secure than GET
  • GET can be cached, POST cannot
  • GET only accepts ascii format parameters, and POST has no restrictions

The difference between Session and Cookie

session: record the user's status through the server, cookie: save user information

  • Session is on the server side, Cookie is on the client side
  • Session can store any Java object, and Cookie can only be a string
  • Session has no size limit, but because it needs to consume server resources, it generally only saves important data; the maximum size of cookies is 4k, and a site can save up to 20 on the browser
  • Session cannot cross domains, even subdomains under the same parent domain name; Cookies can cross domains
  • Session relies on session_id, and session_id exists in cookie. If the browser disables cookie, session will also be invalid. The solution is to splicing session_id into url
  • User authentication generally uses session

TCP/UDP

RTT and RTO

  • RTT: the time from sending a data packet to receiving the corresponding ACK
  • RTO: retransmission time interval, calculated according to RTT, if no response from the other party is received after RTO, the data packet will be resent

The difference between TCP and UDP

TCP UDP
Is it connected connection-oriented no connection
Is it reliable reliable Unreliable
number of connection objects one to one One-to-one, one-to-many, many-to-one, many-to-many
transfer method byte stream datagram
head overhead Minimum 20 bytes, maximum 60 Small overhead, only 8 bytes
transmission efficiency slow quick
required resources many few
Applicable scene Applications requiring reliable transmission real-time application

Protocols based on TCP and UDP

  • TCP: HTTP, HTTPs, FTP, POP3, SMTP, Telent (Remote Login Protocol), SSH (Secure Shell Protocol)
  • UDP: DHCP (Dynamic Host Configuration Protocol), NTP (Network Time Protocol), BOOTP (Bootstrap Protocol), DNS

How does TCP realize reliable transmission of messages

Checksum, sequence number, acknowledgment, timeout retransmission, connection management, flow control, congestion control.

  • Application data is segmented into chunks of data that TCP considers most appropriate to send
  • TCP numbers each packet, the receiver sorts the packets, and transmits the ordered data to the application layer
  • Checksum: The sent data segment is regarded as a 16-bit integer, these numbers are added together, the overflow bit is added at the end, and the checksum is obtained by inverting. The sender calculates the checksum before sending the data and fills the field in the header. The receiver recalculates the checksum and compares it after getting the data. If there is an error in the checksum, the segment will be discarded and the receipt will not be confirmed.
  • Serial number: Number the data, that is, the seq field, which can be used for deduplication, confirmation response, and sorting.
  • Confirmation response: The receiver can send an ACK message after receiving the message, and the confirmation sequence number ack in it tells the sender where to transmit it next time.
  • Timeout retransmission: The sender will retransmit the data if it does not receive the ACK message after sending the data.
  • Connection management: three-way handshake, four-way wave.
  • Flow control: To prevent the sender from sending data too fast, causing the receiver to accept it in a hurry and losing a large amount of data packets, the receiver puts its own available window size in the window field in the ACK message, that is, a variable-size sliding window protocol .
  • Congestion control: Congestion control algorithm.
    1. Slow start: The network situation is unknown at the beginning, and the cwnd value is 1. After each propagation round, the cwnd doubles
    2. Congestion avoidance: every time a round-trip time RTT passes, cwnd is incremented by one
    3. Fast retransmission and fast recovery (FRR): fast retransmission is to assume that the data segment is lost after receiving three repeated ACKs, and then retransmit the lost data segment; fast recovery is that the sender receives n (n >= 3) After the same ACK is confirmed, the congestion threshold is halved, the congestion window is set to the threshold + n, and the congestion window is reset to the threshold size until a new ACK is received
  • ARQ protocol: stop sending each time a packet is sent, wait for confirmation from the other party, and send the next packet after receiving the confirmation

When does flow control deadlock and how to avoid it

  • When will it be deadlocked: the sender will stop sending when it receives a response with a window of 0 from the receiver, and wait for the next response with a non-zero window from the receiver. If the response with a non-zero window is lost during transmission, Then the sender will wait forever, and the receiver will think that the sender has received the response, and will wait for the sender to send new data, so that the two parties wait for each other, forming a deadlock.
  • How to avoid: The sender will start a timer after receiving a response with a window of 0, and when the time is up, it will actively send a message to ask for the size of the receiving window, and if it is 0, reset the timer and continue to wait. lost, the timer is reset and the window detection message is resent

ARQ protocol

  • Stop waiting for ARQ: After sending a packet, wait for ACK, resend before receiving ACK after timeout, discard duplicate packets, but still need to send confirmation.
    1. Normal case: send, receive, send,,,
    2. An error occurred: a timeout timer needs to be set after sending a packet, and the retransmission time is greater than the average round-trip time (automatic retransmission ARQ)
    3. Missing acknowledgments and late acknowledgments:
      • Confirmation loss: The confirmation message is lost, that is, the sender sent the data, the receiver received the data and sent a confirmation message, but the message was lost, then the sender retransmitted the data because it did not receive the confirmation message, and the receiver at this time Do two things, one is to discard this data (because it has been sent before), and the other is to send a confirmation message (indicating that this packet has been received)
      • Acknowledgment Late: The acknowledgment message arrived late in transmission, but was not lost. That is, the sender sends data, the receiver receives the data and sends a confirmation message, but the message is late, then the sender retransmits the data because it has not received the confirmation message, and then the receiver continues to send confirmation messages (a total of two ), then the receiver will discard the last data packet, and the sender will discard the last confirmation packet
  • Continuous ARQ: The packets in the sending window of the sender can be sent continuously without waiting for confirmation. The receiver uses cumulative confirmation to send confirmation to the last packet that arrives in order, and Go-Back-N when it fails.

How does the TCP protocol improve transmission efficiency

Sliding window, fast retransmission, delayed acknowledgment, piggyback acknowledgment.

  • Sliding window: Send multiple pieces of data at a time, set the window size to the maximum value that can continue to send data without waiting for a response, that is, the remaining value in the receiver's message buffer.
  • Fast retransmission: When the packet is lost, the data needs to be retransmitted, so there may be two cases of packet loss. The first is that the sender’s data packet is lost, and the sender will receive multiple identical ACKs at this time. When there are three ACKs, the corresponding data packets will be retransmitted immediately. The second is that the receiver’s ACK message is lost, so it will not be affected at this time, and there is no need to lose packets, because it can be confirmed through subsequent ACK messages.
  • Delayed response: When the receiver consumes faster, if the response time is slightly delayed, some of the data in the receiver's window may have been consumed, then the window value at this time will become larger, and the sender can also send more data next time. much data.
  • Piggybacking.

TCP congestion control

Slow start, congestion avoidance, fast retransmission, fast recovery

Three handshakes and four waves

three handshake

  • The client sends a message with SYN = 1, seq = m, and does not contain data, and the client enters the SYN-SEND state
  • The server sends SYN = 1, ACK = 1, seq = n, ack = m + 1, a message that does not contain data, and the server enters the SYN-RECV state
  • The client then sends ACK = 1, seq = m + 1, ack = n + 1, a message that does not contain data, and enters the ESTABLISHED state, and the server also enters the ESTABLISHED state after receiving this message

Hidden dangers of SYN Flood and solutions

  • reason:

    1. The server received the SYN from the client, but did not receive the ACK confirmation when replying to the SYN-ACK
    2. The server keeps retrying until it times out, and Linux waits for 63s by default before disconnecting

  • Hidden dangers:

    The malicious program sends a SYN packet to the server, and then goes offline. The server needs to wait for 63 seconds before disconnecting. The attacker can exhaust the SYN queue of the server and cause the normal connection to fail

  • Protective measures:

    1. After the SYN queue is full, the SYN Cookie will be sent through the tcp_syncookies parameter
    2. If the connection is normal, the client will send back the SYN Cookie and establish the connection directly

waved four times

  • The client closes the connection, sends a message with FIN = 1, ack = m, and does not contain data, and enters the FIN-WAIT-1 state
  • The server sends ACK = 1, seq = v, ack = m + 1 to notify the host to close the application and enter the CLOSE-WAIT state (the server may continue to send data to the client), and the client receives this message After entering the FIN-WAIT-2 state
  • After the server finishes transmitting the data, it closes the connection, sends a message with FIN = 1, ACK = 1, seq = n, ack = m + 1, and enters the LAST-ACK state
  • The client sends a message with ACK = 1, seq = m + 1, ack = n + 1, and enters the TIME-WAIT state

Why is there a three-way handshake

  • The first time to ensure that the client does not know anything, the server knows that the client sends and receives normally, the second time the client knows that the client sends and receives normally, the server sends and receives normally, and the third time the server also knows the client The sending and receiving of the end is normal, and the sending and receiving of the server is normal.
  • If there are two handshakes, then as long as the server sends a confirmation packet, the connection will be established. If the client does not respond to the link at this time, resources will be wasted. If the server does not receive the reconfirmation from the client, it will know that the client does not If it is really required to establish a request, then resources will not be wasted (considering the scenario, the first handshake, the network transmission is slow, the client thinks that the packet is lost, so the first handshake is sent again, and then the server responds to the second packet , and then the first packet finally arrives, then the second handshake is established at this time. If there are only two handshakes, then the resources of the server are wasted at this time. If it is a three-way handshake, the client will not respond to the first time that arrives later. request, the transmission of the third handshake will not be performed, and server resources will not be wasted)

Why is it necessary to wave four times

Either party can issue a notification to release the connection after the end of the data transmission, and enter a semi-closed state after the other party confirms, and when the other party has no data to send, then send a connection release notification, and the other party will completely close the connection after confirmation

Why does the client have to wait for 2MSL at the end

MSL: Maximum Segment Lifetime

  • Ensure that the last ACK packet can reach the server. If the last packet is lost, the server will think that the client has not received the third waving packet, and then resend the packet, then wait for 2MSL on the client side. The retransmitted packet can be received at this time, and the fourth waving packet of the response will be given, and the 2MSL timer will be restarted
  • Prevent invalid connection request segments from appearing in this connection (during the waiting 2MSL time, all previously invalid connection requests will disappear from the network, preventing old connection requests from affecting new connections)

Under what circumstances will the server appear in a large number of CLOSE_WAIT states

Many clients closed the Socket connection after a large number of requests, and the server was busy reading or writing, and did not close it in time.

CLOSE_WAIT has an upper limit. When reached, too many open files exception will be thrown, which may cause the server to crash

Why can't the serial number start from 0 but be random

To prevent tcp message forgery, if it starts with 0, then as long as different data packets have the same length, seq and ack will be the same, and a battle report may be generated, resulting in two data packets that do not belong to the same complete data packet being misjudged as the same Bag

TCP keep-alive mechanism

  • Want the other party to send a keep-alive detection message, if no response is received, continue to send
  • After the number of attempts is large, the connection will be interrupted after the number of keep-alive probes

IP

How are IP addresses divided?

IP address = network address + host address

  • Class A address: 0 + 7-bit network number + 24-bit host number, range (1.0.0.0 - 126.0.0.0)
  • Class B address: 10 + 14-bit network number + 16-bit host number, range (128.0.0.0 - 191.255.0.0)
  • Class C address: 110 + 21-bit network number + 8-bit host number, range (192.0.0.0 - 233.255.255.0)
  • Class D address: 1110 + 28-bit multicast group number, the value of the network number is between 224 - 239
  • Class E address: Reserved address, the value of the network number is between 240 - 255

Due to space reasons, it is not fully displayed, the codeword is really too difficult! If you need this set of interview questions, you can scan the code below to get it! thanks for your support!

CSDN spree: "Hacker & Network Security Introduction & Interview Questions Collection" for free

Guess you like

Origin blog.csdn.net/yinjiyufei/article/details/130289163
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com