1. What is meant by port blocking within LAN ?

2. In terms of efficient network operation, is it better to have bigger or small

er collision and broadcast domains? If it is better to have smaller ones, why is
smaller better, and how do we make them smaller? If it is better to have bigger
ones, why is bigger better, and how do we make them bigger? What else can you t
ell me about them?
3. How do you use RSA for both authentication and secrecy?
4. How do you do authentication with message digest(MD5)? (Usually MD is used fo
r finding tampering of data)
------
1. Can you explain the difference between trusted and untrusted networks?
2. Can you define in short what VPN is?
3. What are the different types of VPN?
4. What requirements should a VPN fulfill?
5. How many ways are there to implement VPN architecture?
6. What are the different ways authentication mechanism in VPN?
7. Can you explain the basic of encryption in VPN?
8. what's the difference between Symmetric and Asymmetric cryptosystem?
9. what are the different symmetric algorithms?
10. What are the disadvantages of symmetric algorithms?
11. what are the different asymmetric algorithms?
12. Can you explain different components in PKI?
13. What is a digital certificate?
14. Can you explain tunneling?
15. what is the concept of HA and FA in VPN tunneling?
16. Can you explain VPN tunneled packet in detail?
17. Can you explain voluntary and compulsory tunnels?
18. Can you explain static and dynamic tunnels?
19. Can you explain encapsulating, carrier and passenger protocol?
20. On which layer does L2F, PPTP and L2TP operate?
21. Can you explain PPP protocol?
22. Can you explain PPP link process step by step?
23. Can you explain PPP packet format?
24. How does PPP use LCP for link control?
25. Can you explain PPTP (Point-to-Point Tunneling Protocol)?
------
26. What is GRE in PPTP?
27. How does PPTP encapsulate data?
28. Can you explain CHAP?
29. Can you explain PAP?
30. what does PPTP use for encryption and authentication?
31. What is a L2F protocol?
32. Can you explain the broader steps of how L2F establishes the tunnel?
33. Can you explain how L2F data tunneling process works?
34. How do we do encryption and authentication in L2F?
35. Can you explain L2TP?
36. Can you define LAC and LNS?
37. How does L2TP process?
38. How do we do encryption and authentication in L2TP?
39. Can you explain what IPSec is?
40. Can you give an overview of various components in IPSec?
41. In IPSec what is SAD, SPD and SA's?
42. Can you explain in a generic manner the packet of IPSec?
43. Can you describe the Authentication Header (AH) Protocol?
44. what is ESP (Encapsulating Security Payload)?
45. What is Transport and Tunnel mode?
46. Can you explain IKE (Internet Key Exchange)?
47. Can you explain IKE phases?
48. Can you explain IKE modes?
49. Can you explain transport and tunnel mode in detail with datagram packets?
-------
1. What is meant by port blocking within LAN ?
Restricting packet flow via specific ports. Usage--limit and/or control accessib
ility/availabilitry to/of specific services/resources.
2. In terms of efficient network operation, is it better to have bigger or small
er collision and broadcast domains? If it is better to have smaller ones, why is
smaller better, and how do we make them smaller? If it is better to have bigger
ones, why is bigger better, and how do we make them bigger? What else can you t
ell me about them?
there should be a smaller collision domain to have a efficient network. to creat
e a smaller collision domain we can use sub-netting of ip's address. to make net
work more efficient we can use routers/layer 3 switches. Another thing is that a
s we have more broadcast domain, smaller the broadcast domain, which makes the c
ollision domain smaller also.
3. How do you use RSA for both authentication and secrecy?
RSA is based upon public key/private key concept. For authentication one can enc
rypt the hash (MD5/SHA) of the data with his private key. This is known as digit
al signature. And secrecy is achieved by encrypting the data with the public key
of the target user. Generally we dont use RSA for encryption because of key siz
e (1024 bits). Rather a symmetric session key (128/256 bit) is established betwe
en communicating parties and is used for encryption.
4. How do you do authentication with message digest(MD5)? (Usually MD is used fo
r finding tampering of data)
MD5 is a cryptographic hash function with a 128-bit hash value output. It is use
d to check the integrity of files/input. An MD5 hash is expressed as a 32-charac
ter hex number.It takes the variable-length input and converts it into a fixed l
ength output of 128-bits called as MD5 hash. It is a one-way hash function. Any
change in the message would result in a completely different hash. Hence, the me
ssage (input/password etc.) would fail the authentication process if they are in
correct or altered in any way.
------------
Can you define what a FIREWALL is?
What are the different types of firewalls?
Can you explain packet filtering firewall?
Can you explain circuit level gateway?
Can you explain stateful inspection?
What is Application Gateway?
Is NAT a firewall?
Are personal firewall actually firewalls?
Can you explain the concept of demilitarized zone?
What is the meaning of bastion host?
What are the different types of firewall architectures?
Can you explain dual home architecture?
Can you explain screened host architecture?
Can you explain screened subnet architecture?
What is the use of perimeter area?
What is IP spoofing and how can it be prevented?
Which firewall have you worked with?

----------
Can you define what a FIREWALL is?
Is something that does packet filtering, stateful packet filtering, and/or appli
cation filtering granting or denying traffic flow to the networks it connects.
What are the different types of firewalls?
SW, HW. Your wife at the door is an example. When she smells you, Advanced Appli
cation filtering, that fires up the Glock G-18 and you ran for your life away fr
om the door.
Can you explain packet filtering firewall?
IP, port, source, destination-based filtering. That simple.
Can you explain circuit level gateway?
It's the first time I've heard of that. I'm honest enough not to google for this
.
Can you explain stateful inspection?
Easy. Static packet filtering can only allow or block traffic that you explicitl
y state, except for those that you don't specify that are automatically denied b
y default. Statefull inspection allows incoming traffic as long as it is part of
an [already] established session coming from, usually, the internal network cli
ents. in this way, you save tons of config lines and memroy consumption
What is Application Gateway?
Zzzz...
Is NAT a firewall?
Zzzz...
Are personal firewall actually firewalls?
Zzzz... Software-based firewalls, yes.
Can you explain the concept of demilitarized zone?
Like North an South Korean borders. If you're from the North running towards the
South, you get shot from the back and the front coming from botrh North and Sou
th guns.
I know you get me here.
What is the meaning of bastion host?
Fortified, strengthened host allowed external access and is in the internal netw
ork.
What are the different types of firewall architectures?
Hmm, are you talking of the bastion host, 3-legged firewall ala PIX 501, and the
back-to-back firewall setup?
Can you explain dual home architecture?
Zzzz...
Can you explain screened host architecture?
Zzzz... M$ stuff...
Can you explain screened subnet architecture?
DMZ...... Zzzz...
What is the use of perimeter area?
Zzzz...
What is IP spoofing and how can it be prevented?
crypto... PKIs, RSA, VPNs, IPSec... need I say more?
Which firewall have you worked with?
Router-into-firewall through reflex on NACLs and ISA 2004/2006. Virtually, ASA 5
510 and 5520 through my design project with te US army.
-------------
1. Can you explain the difference between trusted and untrusted networks?
A trusted network is any network you deem as "trust worthy" that will generally
not cause harm. An untrusted network is anything still not part of your trusted
network until evaluation approves of it. The Internet, even though if you don't
evaluate it is an untrusted network.
2. Can you define in short what VPN is?
Something that extends your LAN.
3. What are the different types of VPN?
Extranet, Intranet, and Access VPNs.
4. What requirements should a VPN fulfill?
Confidentiality, Integrity, Non-Repudiation... hahahaha
5. How many ways are there to implement VPN architecture?
Hmm, Mr. Interviewer, what do you exactly mean? Anyway, I can use SW-based VPN c
onnecting it to a HW-based VPN appliance. Something like that?
6. What are the different ways authentication mechanism in VPN?
Implemented? Um, Certificates, Kerberos, PSK...
7. Can you explain the basic of encryption in VPN?
Basics of it? Well, we either use IPSec-bundled encryption lgorithms or MPPE if
we use PPTP. Would you like me to explain more?
8. what's the difference between Symmetric and Asymmetric cryptosystem?
Easy. Symmetric is like you looking into a mirror. Assymetric is me breaking you
r face in two. hahaha!
9. what are the different symmetric algorithms?
RSA.... RSA.... RSA... Is RC4 in this too?
10. What are the disadvantages of symmetric algorithms?
The key use use to encrypt the data is the same key you use to decrypt it. Now,
how do I send it to you?
11. what are the different asymmetric algorithms?
DES, 3DES, AES? heheh... ECC?
12. Can you explain different components in PKI?
CA, Certificates, authentication DB, applications consuming certificates...
13. What is a digital certificate?
Is a piece of code designed to provide confidentiality, integrity, non-repudiati
on, mutual authentication, and anti-replay mechanism use for purposes other than
validating credentials, email security, and others.
14. Can you explain tunneling?
Easy. Sorority party. You enter in as Crusty the Clown. They let you in. You get
in on them. Something like that.
15. what is the concept of HA and FA in VPN tunneling?
Hmm, I'll have to google for this...
16. Can you explain VPN tunneled packet in detail?
Yes I can.
17. Can you explain voluntary and compulsory tunnels?
Yes I can.
18. Can you explain static and dynamic tunnels?
Yes I can.
19. Can you explain encapsulating, carrier and passenger protocol?
Yes I can.
20. On which layer does L2F, PPTP and L2TP operate?
VPNs were usually in Layer 2. Now, someone asked me were IPSec is in the OSI Lay
er. it's in Layer 4.
21. Can you explain PPP protocol?
Yes I can.
22. Can you explain PPP link process step by step?
Yes I can.
23. Can you explain PPP packet format?
I forgot that. So don't ask me again.
24. How does PPP use LCP for link control?
If LCP senes the line quality is bad, it goes to a fall-back rate.
25. Can you explain PPTP (Point-to-Point Tunneling Protocol)?
Yes I can. Mr. Interviewer, if I did explained this, PPTP is a M$ VPN tunneling
protocol that allows NAT-traversal and uses MPPE as the encryption protocol. The
re are no certificates involved in PPTP VPN sessions and that we have 40-bit, 56
-bit, and 128-bit MPPE ecnryption to protect the tunnel. PPTP allows access to m
ost legacy Microsoft OS and even to the new ones including Vista.

26. What is GRE in PPTP?

Generic Routing Encapsualtion??? I forgot what it does. Next question please. Bu
t I'll get back to you.
27. How does PPTP encapsulate data?
I'll remind myself to look that up in my notes.
28. Can you explain CHAP?
Challenge Handshake Authentication protocol. As far as I remember, it's more of
sending the hash of the credentials to the other system rather than sending the
actual username and password over the line.
29. Can you explain PAP?
Are? You always ask me if I can. Well, see #28.
30. what does PPTP use for encryption and authentication?
MPPE, MS-Chap.
31. What is a L2F protocol?
Layer 2 Forwardig protocol.
32. Can you explain the broader steps of how L2F establishes the tunnel?
I can't because i honestly never dealt or studied it. I will google thi tomorrow
, Mr. Interviewer.
33. Can you explain how L2F data tunneling process works?
Can't.
34. How do we do encryption and authentication in L2F?
Um...
35. Can you explain L2TP?
Layer 2 Tunnelling Protocol? Um, it uses IPSec to provide encryption and may be
able to use KV5, Certs, or PSKs for authentication.
36. Can you define LAC and LNS?
Can't.
37. How does L2TP process?
hehe...
38. How do we do encryption and authentication in L2TP?
...
39. Can you explain what IPSec is?
Simply put, it is to provide security to IPv4, which doesn't have it and is incl
uded in IPv6. It provides data or packet integrity and/or confidentiality.
40. Can you give an overview of various components in IPSec?
ISAKMP - IKE, Okaley, Phase 1, Phase 2, SAs, key regeneration, 3DES, DES, MD5, S
HA-1...
41. In IPSec what is SAD, SPD and SA's?
... I only know SAs.
42. Can you explain in a generic manner the packet of IPSec?
Can I just discuss AH, ESP then go to this question? You're asking me questions
that have hard introductions to get them explained, Mister.
43. Can you describe the Authentication Header (AH) Protocol?
AH only provide packet integrity. ANd because of this, it's hard to use it if yo
u plan on having IPSec packets pass through a NAT box.
44. what is ESP (Encapsulating Security Payload)?
Encapsulating Security Payload... hahah! It can do both data confidentiality and
integrity by using DES, 3DES and MD5, SHA-1.
45. What is Transport and Tunnel mode?
Transport mode used in LANs. Tunnel used between gateways.
46. Can you explain IKE (Internet Key Exchange)?
...
47. Can you explain IKE phases?
...
48. Can you explain IKE modes?
...
49. Can you explain transport and tunnel mode in detail with datagram packets?
I'll research them... Actually, it's hard to do it impromptu especially since th
is isn't just what I focus on. But I generally have an understanding. And if I w
ere CCSP, I would have answered evey item in detail.
------------
1. Can you explain the difference between trusted and untrusted networks?
our LAN is trusted network and everything else is untrusted network ( need to pu
t this into better words though)

2. Can you define in short what VPN is?

A VPN is an encrypted connection over a public network between terminating point
s of two or more private networks.
3. What are the different types of VPN?
remote access
site-to-site
firewall based
6. What are the different ways authentication mechanism in VPN?
authentication between VPN peers can be achieved in 3 ways
1. pre-shared keys
2. RSA Digital signatures
3. RSA Encrypted Nonces
of which 'RSA Digital signatures' is most popular
7. Can you explain the basic of encryption in VPN?
basic encryption in VNP is achieved using any of the below symmetric encryption
algorithms
DES,3DES,AES
8. what's the difference between Symmetric and Asymmetric cryptosystem?
symmetric cryptosystem uses identical cryptographic keys for both decryption and
encryption.
where as Asymmetric cryptosystem uses two different keys to encrypt and decrypt
the plaintext. The two keys are related mathematically; a message encrypted by t
he algorithm using one key can be decrypted by the same algorithm using the othe
r.

9. what are the different symmetric algorithms?

DES,3DES,AES
10. What are the disadvantages of symmetric algorithms?
One disadvantage of symmetric-key algorithms is the requirement of a shared secr
et key, with one copy at each end. In order to ensure secure communications betw
een everyone in a population of n people a total of n(n - 1)/2 keys are needed,
which is the total number of possible communication channels
---------