Saturday, October 6, 2018

What should you know before interviewing for a Security Analyst position

1. Where do you get the security News from or how do you stay up to date?

2. Are open-source projects more or less secure than proprietary ones?

The ideal answer involves the size of the project, how many developers are working on it (and what their backgrounds are), and most importantly “quality control”. In short, there is no way to tell the quality of a project simply by knowing that it's either open-source or proprietary. There are many examples of horribly insecure applications that came from both camps.

3. How do you change your DNS settings in Linux/Windows?


1. Go to Control Panel > Network and Internet > Network and Sharing Center > (on the left bar) Change Adapter Settings

2. Right-click the adapter you want to configure and choose Properties

3. Double-Click Internet Protocol Version4 (TCP/IPv4)

4. You can set your DNS servers' address on the bottom half.


1. Simply edit the following file: /etc/resolv.conf

2. You add "nameserver", where the x's are the IP addresses for your DNS server

4. What’s the difference between encoding, encryption, and hashing?

Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn't primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.

5. Who do you look up to within the field of Information Security? Why?

A standard question type. All we're looking for here is to see if they pay attention to the industry leaders and to possibly glean some more insight into how they approach security. If they name a bunch of hackers/criminals that'll tell you one thing, and if they name a few of the pioneers that'll say another. If they don't know anyone in Security, we'll consider closely what position you're hiring them for. Hopefully, it isn't a junior position.

6. What's the difference between symmetric and public-key cryptography

Standard stuff here: single key vs. two keys, etc, etc.

7. In public-key cryptography, you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?

You encrypt with the other person's public key, and you sign with your own private. If they confuse the two, don't put them in charge of your PKI project.

8. What port does ping work over?

A trick question, to be sure, but an important one. If he starts throwing out port numbers you may want to immediately move to the next candidate. Hint: ICMP is a layer 3 protocol (it does not work over a port) A good variation of this question is to ask whether ping uses TCP or UDP. An answer of either is a fail, as those are layer 4 protocols.

9. How exactly does traceroute/tracert work at the protocol level?

This is a fairly technical question but it is an important concept to understand. It's not natively a security question really, but it shows the hiring manager whether or not you like to understand how things work, which is crucial for an Infosec professional.

The key point people usually miss is that each packet that is sent out does not go to a different place. Many people think that it first sends a packet to the first hop, gets a time. Then it sends a packet to the second hop, gets a time, and keeps going until it gets done. That is incorrect. It actually keeps sending packets to the final destination; the only change is the TTL that is used. The extra credit is the fact that Windows uses ICMP by default while Linux uses UDP.

10. Cryptographically speaking, what is the main method of building a shared secret over a public medium?

Diffie-Hellman. And if they get that right you can follow-up with the next one.

11. What’s the difference between Diffie-Hellman and RSA?

Diffie-Hellman is a key exchange protocol, and RSA is an encryption/signing protocol. If they get that far, make sure they can elaborate on the actual difference, which is that one requires you to have key material beforehand (RSA), while the other does not (DH). Blank stares are undesirable.


Post a Comment