Information Security Professional

For me at least, this one is easy- getting my CISSP. I studied for months, did every possible thing I could to improve my recall and asked for anybody and everybody to help ask questions and modify them in ways to make me try to think around corners. Everybody has at least one thing that they are proud of, and while this and the next question may be the same answer, all that matters is showing that you are willing to move forward and willing to be self-motivated.

Information Protection is just what it sounds like- protecting information through the use of Encryption, Security software and other methods designed to keep it safe. Information Assurance on the other hand deals more with keeping the data reliable – RAID configurations, backups, non-repudiation techniques, etc.

Another opinion question, and as usual a lot of different potential answers. The baseline for these though would be three key elements: An anti-malware application, a remote wipe utility, and full-disk encryption. Almost all modern mobile devices regardless of manufacturer have anti-malware and remote wipe available for them, and very few systems now do not come with full-disk encryption available as an option directly within the OS.

It certifies the ability of an individual to conduct formal incident investigation and manage advanced incident handling scenarios including external and internal data breach intrusions

A standard question type. All we’re looking for here is to see if they pay attention to the industry leaders, and to possibly glean some more insight into how they approach security. If they name a bunch of hackers/criminals that’ll tell you one thing, and if they name a few of the pioneers that’ll say another. If they don’t know anyone in Security, we’ll consider closely what position you’re hiring them for. Hopefully it isn’t a junior position.

Ideally you’ll hear inquiry into what’s meant by “dangerous”. Does that mean more likely to attack you, or more dangerous when they do?

All we want to see here is if the color drains from the guy’s face. If he panics then we not only know he’s not a programmer (not necessarily bad), but that he’s afraid of programming (bad). I know it’s controversial, but I think that any high-level security guy needs some programming skills. They don’t need to be a God at it, but they need to understand the concepts and at least be able to muddle through some scripting when required.

Input Validation/Output Sanitization, with focus on the latter.

Tracert or traceroute, depending on the operating system, allows you to see exactly what routers you touch as you move along the chain of connections to your final destination. However, if you end up with a problem where you can’t connect or can’t ping your final destination, a tracert can help in that regard as you can tell exactly where the chain of connections stop. With this information, you can contact the correct people – whether it be your own firewall, your ISP, your destination’s ISP or somewhere in the middle.

Salt at its most fundamental level is random data. When a properly protected password system receives a new password, it will create a hashed value for that password, create a new random salt value, and then store that combined value in its database. This helps defend against dictionary attacks and known hash attacks. For example, if a user uses the same password on two different systems, if they used the same hashing algorithm, they could end up with the same hash value. However, if even one of the systems uses salt with its hashes, the values will be different.

There are a couple of different ways to do this, but the most like scenario you will run into is this: What you would want to do is setup a network-based installer capable of network-booting via PXE (if you’ve ever seen this during your system boot and wondering what it was for, tada). Environments that have very large numbers of systems more often than not have the capability of pushing out images via the network. This reduces the amount of hands-on time that is required on each system, and keeps the installs more consistent.

Ideally you want all of your data to pass through an encrypted connection. This would usually entail tunneling via SSH into whatever outside service you need, over a virtual private network (VPN). Otherwise, you’re vulnerable to all manner of attacks, from man-in-the-middle, to captive portals exploitation, and so on.

I refer to various security news sites , blogs etc. Also I am subscribed to various online security magazines like Pentest magazine, HackInsight etc and I surf through the archives of various security conferences held worldwide.

The separation or departing of IP from its intended place of storage is known as data leakage. The factors that are responsible for data leakage can be

☛ Copy of the IP to a less secure system or their personal computer

☛ Human error

☛ Technology mishaps

☛ System misconfiguration

☛ A system breach from a hacker

☛ A home-grown application developed to interface to the public

☛ Inadequate security control for shared documents or drives

☛ Corrupt hard-drive

☛ Back up are stored in an insecure place

Phishing is a technique that deceit people to obtain data from users. The social engineer tries to impersonate genuine website webpage like yahoo or face-book and will ask the user to enter their password and account ID.

It can be prevented by:

☛ Having a guard against spam

☛ Communicating personal information through secure websites only

☛ Download files or attachments in emails from unknown senders

☛ Never e-mail financial information

☛ Beware of links in e-mails that ask for personal information

☛ Ignore entering personal information in a pop-up screen

An organization can rely on following methods to guard themselves against SQL injection

☛ Sanitize user input: User input should be never trusted it must be sanitized before it is used

☛ Stored procedures: These can encapsulate the SQL statements and treat all input as parameters

☛ Regular expressions: Detecting and dumping harmful code before executing SQL statements

☛ Database connection user access rights: Only necessary and limited access right should be given to accounts used to connect to the database

☛ Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.