Information Security Professional

☛ Create an information risk profile

☛ Create an impact severity and response chart

☛ Based on severity and channel determine incident response

☛ Create an incident workflow diagram

☛ Assign roles and responsibilities to the technical administrator, incident analyst, auditor and forensic investigator

☛ Develop the technical framework

☛ Expand the coverage of DLP controls

☛ Append the DLP controls into the rest of the organization

☛ Monitor the results of risk reduction

You should hear coverage of many testers vs. one, incentivization, focus on rare bugs, etc.

Diffie-Hellman. And if they get that right you can follow-up with the next one.

This is a fun one, as it requires them to set some ground rules. Desired answers are things like, “Did we already implement nonces?”, or, “That depends on whether we already have controls in place…” Undesired answers are things like checking referrer headers, or wild panic.

This is an ideal situation for injection and querying. If we know that the server is using a database such as SQL with a PHP controller, it becomes quite easy. We would be looking to test how the server reacts to multiple different types of requests, and what it throws back, looking for anomalies and errors.

One example could be code injection. If the server is not using authentication and evaluating each user, one could simply try /index.php?arg=1;system(‘id’) and see if the host returns unintended data.

You encrypt with the other person’s public key, and you sign with your own private. If they confuse the two, don’t put them in charge of your PKI project.

This question is a biggie. The true answer is that you contact the person in charge of that department via email – make sure to keep that for your records – along with CCing your manager as well. There may be a very important reason why a system is configured in a particular way, and locking it out could mean big trouble. Bringing up your concerns to the responsible party is the best way to let them know that you saw a potential problem, are letting them know about it, and covering yourself at the same time by having a timestamp on it.

The common weakness or vulnerabilities that the web server can take an advantage of are

☛ Default settings

☛ Misconfiguration

☛ Bugs in operating system and web servers

☛ Install anti-virus on your system

☛ Ensure that your operating system receives an automatic update

☛ By downloading latest security updates and cover vulnerabilities

☛ Share the password only to the staff to do their job

☛ Encrypt any personal data held electronically that would cause damage if it were stolen or lost

☛ On a regular interval take back-ups of the information on your computer and store them in a separate place

☛ Before disposing off old computers, remove or save all personal information to a secure drive

☛ Install anti-spyware tool

☛ Patch Management

☛ Secure installation and configuration of the O.S

☛ Safe installation and configuration of the web server software

☛ Scanning system vulnerability

☛ Anti-virus and firewalls

☛ Remote administration disabling

☛ Removing of unused and default account

☛ Changing of default ports and settings to customs port and settings

WEP cracking is the method of exploiting security vulnerabilities in wireless networks and gaining unauthorized access.

There are basically two types of cracks

☛ Active cracking: Until the WEP security has been cracked this type of cracking has no effect on the network traffic.

☛ Passive cracking: It is easy to detect compared to passive cracking. This type of attack has increased load effect on the network traffic.

If they don’t know the answer immediately it’s ok. The key is how they react. Do they panic, or do they enjoy the challenge and think through it? I was asked this question during an interview at Cisco. I told the interviewer that I didn’t know the answer but that I needed just a few seconds to figure it out. I thought out loud and within 10 seconds gave him my answer: “Compress then encrypt. If you encrypt first you’ll have nothing but random data to work with, which will destroy any potential benefit from compression.

We’re looking for a basic understanding of the issue of wanting to serve the front page in HTTP, while needing to present the login form via HTTPs, and how they’d recommend doing that. A key piece of the answer should center around avoidance of the MiTM threat posed by pure HTTP. Blank stares here mean that they’ve never seen or heard of this problem, which means they’re not likely to be anything near pro level.

A Linux admin account (root) has many powers that are not permitted for standard users. That being said, it is not always necessary to log all the way off and log back in as root in order to do these tasks. For example, if you have ever used the ‘run as admin’ command in Windows, then you will know the basic concept behind ‘sudo’ or ‘superuser (root) do’ for whatever it is you want it to do. It’s a very simple and elegant method for reducing the amount of time you need to be logged in as a privileged user. The more time a user spends with enhanced permissions, the more likely it is that something is going to go wrong – whether accidentally or intentionally.

First, one should be considering whether to even attempt circumventing the encryption directly. Decryption is nearly impossible here unless you already happen to have the private key. Without this, your computer will be spending multiple lifetimes trying to decrypt a 2048-bit key. It’s likely far easier to simply compromise an end node (i.e. the sender or receiver). This could involve phishing, exploiting the sending host to try and uncover the private key, or compromising the receiver to be able to view the emails as plain text.

Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.