Logo F2FInterview

Network Security Interview Questions

Q   |   QA
‹‹ previous1234

ARP(ADDRESS RESOLUTION PROTOCOL) is a network layer protocol which associates the physical hardware address of a network node(commonly known as a MAC ADDRESS) to its ip address. now an ARP creates a table known as ARP CACHE/TABLE that maps ip addresses to the hardware addressess of nodes on the local network.

if based on the ip address it sees that it has the node's mac address in its ARP TABLE then transmitting to that ip address is done quicker because the destination is known and voila network traffic is reduced. 

Digital signature : Information that is encrypted with an entity private key and is appended to a message to assure the recipient of the authenticity and integrity of the message. The digital signature proves that the message was signed by the entity that owns, or has access to, the private key or shared secret symmetric key.
smart cards : Smart cards help businesses evolve and expand their products and services in a rapidly changing global market. In addition to the well known commercial applications (banking, payments, access control, identification, ticketing and parking or toll collection), in recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications (secure logon and authentication of users to PC and networks, storage of digital certificates, passwords and credentials, encryption of sensitive data, wireless communication subscriber authentication, etc.) 

Broadcast Domain

send the packet to all the Present Network

IT may be send by the person

it may broadcast by the switch when the address not found in the Network.

For breaking broadcast domain We can Use Router

Collision Domain:

Switch has no collision as compare to hun (layer on Device

Broadcast Domain is the area where when one device in the network sends the data or packet it will received by all the devices present over the network.

Kerberos is an authentication protocol,it is named after a dog who is according to the Greek mythology,- is said to stand at the gates of Hades.In the terms of computer networking it is a collection of softwares used in large networks to authenticate and establish a user's claimed identity.It is developed by MIT and using a combination of encryption as well as distributed databases so that the user can log in start a session.

It has some disadvanteges though.As I said Kereberos had been developed by MIT under the project Athena,- Kerberos is designed to authenticate the end users on the servers.

Kerberos is not a peer to peer system ,nor was it meant to do for one computer system's daemons to contact another computer.

There are many issues concerning to Kerberos.Namely,on most of the computer system there is no a secure area to save the keys.

It is known that a keys must be stored in plain text format in order to obtain a "ticket granting ticket" this area where the tickets are resides obviously supposed be a secured area.

However this is not the case therefore most of the time this is actually a potential security risk.

In case if the plain text key could be obtained by a hacker the Kerberos authentication server in that specific realm can be comprimised fairly easily.

It is also noteable that the other issue is the actual mechanism how the Kerberos handling the keys on a multisuser computer.The keys are cached and can be obtained by other user as well who are logged into the computer network..On a single user workstation only the actual user has access to system resources however if the workstation support multiple users then it is possible for another user on the system to obtain the keys.

Some other weaknesses are also exist in the Kerberos protocol, however those vulnerabilities are too complicated to discuss without the deep understanding of the protocol and the way as it had been implemented. 

First of all see traceroute works using ICMP packets. First source sends an ICMP packet with Time to Live (TTL) field as 1 to the destination address. Now intermediate router receives the packet and sees that TTL field has expired, so it sends a ICMP TTL expired reply. Now the source machine again sends the ICMP packet with TTL field as 2. This time second intermediate router replies. This process is repeated till destination is reached. That way the source can get the entire route upto destination. 

‹‹ previous1234

In order to link this F2FInterview's page as Reference on your website or Blog, click on below text area and pres (CTRL-C) to copy the code in clipboard or right click then copy the following lines after that paste into your website or Blog.

Get Reference Link To This Page: (copy below code by (CTRL-C) and paste into your website or Blog)
HTML Rendering of above code: