foreword
With the support of national policies, the network security industry is becoming more and more well-known to the public, and more and more people want to enter the network security industry.
In order to get the offer you want, in addition to learning network security knowledge, you must also handle the interview of the company well.
As a security veteran, I have worked for so many years and interviewed many people and asked many interview questions. I also collected various interview questions about penetration on the Internet. It contains my insights on some issues. I hope it can be helpful to everyone.
Note: Some of them are summarized based on memory, and some problems may be described. The security system is huge, and these are just the tip of the iceberg.
Interested students can click on my address, and the interview questions and answers have been summarized in Baidu.
Address: 2023 Network Security Common Interview Questions and Answers
SQL injection attacks refer to attackers performing unauthorized operations by inserting malicious SQL statements into input boxes of web applications. Ways to prevent SQL injection attacks include using parameterized queries and input validation, and avoiding dynamic SQL statements.
A cross-site scripting attack refers to an attacker stealing user data or performing unauthorized operations by inserting malicious scripts into input boxes of web applications. Ways to prevent XSS attacks include validating and escaping input data, using Content Security Policy (CSP), and limiting the scope of cookies.
A cross-site request forgery attack is when an attacker takes advantage of a user's authenticated session to perform unauthorized operations. Ways to prevent CSRF attacks include using sync tokens and using two-factor authentication.
A clickjacking attack is when an attacker tricks a user into taking an action by embedding a malicious website within a transparent layer of a legitimate website. Ways to prevent clickjacking attacks include using the X-Frame-Options HTTP header and using JavaScript frames to prevent page embedding.
A session hijacking attack refers to an attacker impersonating a user by obtaining the user's session ID. Ways to prevent session hijacking attacks include using secure cookies (such as HttpOnly and the Secure flag) and using two-factor authentication.
A file include vulnerability is when an attacker performs unauthorized actions by supplying a malicious filename to a file include function in a web application. Ways to prevent file include vulnerabilities include restricting the directories that include files, using whitelists to validate file names, and using safe file include functions.
A buffer overflow attack refers to an attacker modifying the execution flow of a program by inputting data exceeding the size of the buffer into the buffer input data in the program. Ways to prevent buffer overflow attacks include using stack protectors and data execution prevention.
Port scanning means that attackers scan computers on the network to find open ports, so as to find targets that can be attacked. Ways to prevent port scanning include using a network firewall, hiding ports that do not need to be open, and using an intrusion detection system (IDS) and intrusion prevention system (IPS) to monitor and defend against attacks.
A man-in-the-middle attack occurs when an attacker inserts his own computer between a user and a server, thereby stealing data or performing unauthorized actions. Methods to prevent man-in-the-middle attacks include using the HTTPS protocol, using digital certificate authentication, and using public key infrastructure (PKI).
A password cracking attack is when an attacker brute force guesses a password to gain access to a protected resource. Ways to prevent password cracking attacks include using strong password policies, using multi-factor authentication, and using password hash functions to encrypt stored passwords.
When it comes to intranet security, there are usually several areas to consider: authentication, network defense, vulnerability management, monitoring and response. Here are 10 common intranet security interview questions and answers:
2.1. What are Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)? How are they different?
Both IDS and IPS are network security devices that monitor network activity and respond to potential threats. IDS are used to monitor network traffic and generate alerts so security teams can investigate promptly. IPS can automatically block potential attacks according to preset rules. These are two different devices, where an IDS is used to monitor network traffic and generate alerts, while an IPS is able to automatically respond to potential threats.
Multi-factor authentication is a method of authentication that requires a user to provide two or more different types of authentication credentials. This can include passwords, smart cards, biometrics or other means. Unlike single-factor authentication, multi-factor authentication can provide increased security because an attacker needs to break through multiple barriers to successfully gain access to a system.
Port scanning is the act of scanning for open ports on a target computer. Attackers can use port scanning tools to determine the open ports on the target computer in order to launch targeted attacks. Port scanning can also be used to manage the target network in order to discover open ports in the network and ensure that they are only used for intended services.
Vulnerability assessment refers to the process of evaluating the vulnerabilities and security risks that exist in the system. It includes identifying vulnerabilities, assessing their severity, and recommending remediation. A vulnerability assessment can help organizations understand their security posture and determine what needs to be done to mitigate security risks.
Phishing is the use of fake websites or emails to trick users into providing sensitive information. This behavior often leads to identity theft or other security issues. To avoid falling victim to phishing, users should always be vigilant, especially when receiving emails or clicking on links. Users are advised to check whether the sender's address, the URL pointed to by the link, and the content of the email are authentic and credible. Users should also use secure passwords, change them regularly, and use two-factor authentication for added account security.
An intranet firewall is a security device used to protect the internal network from external attacks. It controls network traffic, monitors and logs network activity, and blocks unsafe connections if necessary. Intranet firewalls can help organizations protect their internal systems and data from unauthorized users and attackers.
RDP attacks refer to attackers exploiting vulnerabilities in the RDP protocol or using brute force methods to gain access to remote computers. To avoid RDP attacks, organizations can take the following measures: restrict RDP access, configure security settings, use multi-factor authentication, disable weak passwords and configure firewalls to limit inbound traffic.
Intranet monitoring refers to the process of detecting security threats by monitoring network traffic in real time. Through intranet monitoring, security teams can discover and respond to network attacks in a timely manner, protecting internal systems and data from damage. Intranet monitoring can be achieved through the use of intrusion detection systems (IDS) or network traffic analysis tools.
Vulnerability management is an ongoing process for identifying and remediating vulnerabilities and security risks that exist in a system. Vulnerability management can help organizations ensure their systems and applications stay up-to-date with patches and security updates, and reduce opportunities for attackers to exploit vulnerabilities. Vulnerability management can also improve an organization's compliance and regulatory compliance.
Network topology refers to the structure of physical or logical connections between devices in a computer network. Network topology can describe the relationship between devices in the network and identify vulnerabilities and intrusion points that attackers may exploit. Understanding network topology can help security teams understand the structure and characteristics of internal networks and take appropriate security measures to protect their systems and data. For example, secure network topology with isolated networks, strong passwords, two-factor authentication, and more.
These are some examples of intranet security interview questions and answers, I hope they will help you! Remember, intranet security is a broad topic with many different aspects, so there are many other questions and answers that you can continue to learn and explore.
3.1. What is Equal Guarantee Evaluation? What is the main purpose of the Equal Protection Assessment?
Equal protection evaluation refers to an evaluation method for network security level protection, mainly for the purpose of evaluating and improving network security. Its main purpose is to establish a network security assessment mechanism, promote the construction of a network security level protection system, improve network security assurance capabilities, and protect key information infrastructure.
3.2. Please briefly describe the classification of network security protection levels and their meanings.
The level of network security protection is divided into five levels, namely level one (not important), level two (general), level three (more important), level four (important), and level five (safety and confidentiality). Among them, the first level of security and confidentiality is the highest level, and the fifth level of unimportant is the lowest level. Different levels correspond to different safety protection measures and standards.
Equal protection evaluation mainly includes four aspects: network security management, network security technology, network security incident handling, and network security monitoring.
3.4. What are the main aspects of network security management in the assessment and evaluation of graded guarantees?
The network security management in the level protection evaluation mainly includes organizational structure, management system, personnel management, security awareness, emergency plan, etc.
3.5. What are the main aspects of the network security technology in the evaluation of the security protection?
The network security technology in the evaluation of equal protection mainly includes network equipment, network topology, security policy, network access control, encryption technology, security audit and so on.
3.6. What aspects are mainly included in the handling of network security incidents in the assessment and evaluation of graded guarantees?
The handling of network security incidents in the level protection assessment mainly includes incident response, security vulnerability management, risk assessment and other aspects.
3.7. What are the main aspects of network security monitoring in the evaluation of graded guarantees?
The network security monitoring in the level protection evaluation mainly includes security event monitoring, security situation awareness, and security operation monitoring.
The evaluation cycle of the MEP evaluation is generally three years, but it can be shortened or extended according to the actual situation.
Answer: The results of the MEP assessment include the assessment report, assessment results and grade determination.
The implementation process of the equal protection assessment mainly includes the following steps:
Preparation for grade protection assessment: clarify the scope and objectives of the assessment, and prepare the assessment materials and environment.
Evaluation declaration: declare the evaluation project and submit relevant materials.
Evaluation and evaluation: Evaluators evaluate the evaluation objects, including on-site inspection, document review, interviews and surveys.
Evaluation report: Evaluators write evaluation reports to explain and analyze the evaluation results.
Evaluation Feedback: Feedback on the evaluation results and put forward suggestions for rectification.
Rectification review: review the rectification situation and confirm whether the rectification is qualified.
Evaluation results: According to the evaluation results and grade judgment, grade certificates will be issued.
Considering the length of the content, it is not convenient to display all the content. I will show you the remaining interview questions in the form of screenshots:
1. What is SQL injection attack
2. What is XSS attack
3. What is CSRF attack
4. What is file upload vulnerability
5. DDos attack
6. Distribution of important protocols 7.
Working principle of arp protocol
8. What is RARP? Principle
9. What is dns? The working principle of dns
10. What is the rip protocol? The working principle of rip
11. The disadvantages of RIP
12. OSPF protocol? The working principle of OSPF
13. Summary of the difference between TCP and UDP?
14. What is the three-way handshake Wave four times? Why does tcp shake hands three times?
15. Difference between GET and POST
16. Difference between Cookies and session
17. How does session work?
18. A complete HTTP request process
19. The difference between HTTPS and HTTP
20. Seven of OSI What are the layer models?
21. The difference between http long connection and short connection
22. How does TCP ensure reliable transmission?
23. What are the common status codes?
24. What is SSL? How does https ensure the security of data transmission (SSL is How to work to ensure security)
25. How to ensure that the public key is not tampered with?
26. PHP burst absolute path method?
27. What are your commonly used penetration tools, which one is the most commonly used
? use
29. Spear attack and watering hole attack
30. What is virtual machine escape?
31. Man-in-the-middle attack?
32. TCP three-way handshake process?
33. Seven-layer model?
34. Understanding of cloud security 35.
Have you ever understood websocket?
36. What is DDOS? What are they? What is CC attack? What is the difference?
37. What is land attack?
38. How do you collect information? 39.
What is CRLF injection attack?
40. Prevent XSS, front-end and back-end Two angles?
41. How to protect the security of a port?
42. Webshell detection ideas? 43. What
is GPC ? 46. Carrier (or other) network hijacking 47. What is DNS spoofing 48. The principle and defense of buffer overflow 49. Emergency response to network security incidents 50,...