IT and InfoSec interview questions: part two
Of all of the IT and InfoSec interview questions I’ve been asked, networking terminology is very important. I have been asked about the TCP 3-way handshake, common ports and protocols, and the basics of access control lists in almost every interview. These concepts come up even in interviews even for non-network related jobs. I will explain the basics of the concept, and how to speak about them in an interview.
The TCP 3-way handshake
When you meet someone for the first time, you may shake hands. One person initiates the handshake by putting their hand out, and the other responds by acknowledging the first person, putting their hand out and shaking. This is how networks communicate over TCP. It establishes a connection first prior to sending data, therefore ensuring the data gets there. If a packet is missed, it will get resent. To start, the initiating machine sends a SYN packet, the receiving machine gets that and sends an ACK/SYN packet. Finally, the initiating machine sends an ACK back. The communication is established.
UDP is the other type that can be used. It just sends the message and never looks back. UDP is useful for streaming services like video or voice where it is accepted if a packet is lost. In voice and video, it also would not make sense to receive a packet out of sequence. A way to remember the two is UDP is like a child who is just screaming at the world, not caring if anyone hears. TCP is the child walking up to you and calling your name. You look at them to acknowledge, and respond with a ‘What?’ They then reply with a ‘good’ and continue with their problem.
Common ports and protocols
There are a lot of commonly used ports and protocols that everyone in IT should remember. These will be on your certification exam tests, class finals, and interviews. Sometimes you will need to know specific ones for applications you run or just the general standard ones. The most commonly used are HTTP (80) and HTTPS (443), and SSH (22). DNS uses tcp and udp port 53. Most security exams ask what port telnet (23) is which isn’t used anymore because it transmits the password in plaintext. SMTP (25) and FTP (20/21) round out the most commonly asked ports. Many IT and InfoSec interview questions try to trick you by asking about older technology as well as new.
Access Control List (ACL)
ACL’s form the backbone of networking. The concept of ACL’s are used throughout IT security in appliances like firewalls and intrusion detection/prevention devices. Understanding how they work is key because it can be different from device to device. For example, the language to configure Cisco devices is slightly different than Juniper devices.
Basic ACL’s have lines with allow and deny entries. These rules simply allow or deny a source IP to access a destination IP over a port or protocol. Best practice is to have a deny-all statement at the bottom of a list because devices work from the top down. When a packet comes in, the device works through the list and if the item is not listed, it gets denied by the bottom rule. More advanced devices like a deep packet inspection firewall actually inspect the packet in order to make sure it is the right port or protocol claimed by the packet.
A firewall or IDS/IPS also have the ability to configure allow or deny lists. These lists either allow all on the list and deny the rest, or deny all on the list and allow the rest. Both of these types have their uses, depending on the situation. An allow list is best practice because it only allows known good packets, processes, etc to run. Using allow lists is easy because new items can be added quickly meanwhile still offering maximum security posture.
IT and InfoSec interview questions can come in many forms. This post covers basic networking terminology. These terms come up in interviews all the time. Any other basic terms that you feel are common? Comment below and I can add them. If you enjoyed this article, please subscribe to be notified about the latest posts and comment below. Thanks for reading!