TUNNEL ENGINEERING Interview Questions :-
1. What is the difference between network gateway and a firewall?
A network gateway joins two networks together and a network firewall protects a computer network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.
2. What is the difference between IPS and a firewall?
The primary function of a firewall is to prevent/control traffic flow from an untrusted network (outside). A firewall is not able to detect an attack in which the data is deviating from its regular pattern, whereas an IPS can detect and reset that connection as it has inbuilt anomaly detection.
3. What is a transparent firewall?
A transparent firewall is considered as Layer 2. Deploying a new firewall into a network can be a complicated process due to various issues (e.g. IP address reconfiguration, network topology changes, current firewall etc.) because the firewall is not a routed hop and you can easily introduce a transparent firewall into an existing network.
4.What is packet filtering?
Packet filtering is the process of permitting or blocking ip packets based on source and destination addresses, ports, or protocols. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing or allow. Packet filtering is also part of a firewall program for protecting a local network from unwanted access.
5. Define stateful inspection?
Stateful inspection is known as dynamic packet filtering and is a firewall technology that monitors the state of active connections and uses this information to determine which network packets
are allowed through the firewall. Stateful inspection analyses packets down to the application layer
6. What is the Public Key Encryption?
Public key encryption uses public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be
used to decrypt them. To encrypt a message, a sender has to know the recipient’s public key.
7. What is Authorization?
Authorization is a security mechanism used to determine user/client privileges or access levels related to network resources, including firewalls, routers, switches and application features.
Authorization is normally preceded by authentication and during authorization. It’s system that verifies an authenticated user’s access rules and either grants or refuses resource access.
8. What is stateful failover?
Every time a session is created for a flow of traffic on the primary node, it is synced to the secondary node. When the primary node fails, sessions continue to pass traffic through the secondary node without having to re-establish.
9. What is Site to Site and remote access VPN?
A site-to-site VPN allows offices in multiple locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN is different from remote-access VPN as it eliminates the need for each computer to run VPN client software as if it were on a remote-access VPN.
10. How do you check the status of the tunnel’s phase 1 & 2 ?
Use following commands to check the status of tunnel phases:
Phase 1 : show crypto isakmp and State : MM_ACTIVE
Phase 2 : show crypto ipsec sa
Note: if you have lot of tunnels and the output is confusing use a ‘show crypto ipsec sa peer 18.104.22.168’ command instead.
11. What is SSL VPN? How it is different from IPsec VPN?
SSL VPN provides remote access connectivity from almost any internet enabled location without any special client software at a remote site. You only need a standard web browser and its native SSL encryption.
IPsec is a dedicated point-to-point fixed VPN connection where SSL VPNs provides anywhere connectivity without any configuration or special software at remote site.
12. What is GRE and why is it required?
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks.
GRE enables a wrapper to be placed around a packet during transmission of the data. A receiving GRE removes the wrapper, enabling the original packet to be processed by the receiving stack.
Advantages of GRE tunnels include the following:
- GRE tunnels connect discontinuous sub-networks.
- GRE tunnels allow VPNs across wide area networks (WANs).
- GRE tunnels encase multiple protocols over a single-protocol backbone.
- GRE tunnels provide workarounds for networks with limited hops.
13. Firewalls work at what layer? Define firewall generations and their roles.
Firewalls work at layer 3, 4 & 7. First generation firewalls provide packet filtering and they generally operate at layer 3 (Network Layer). Second generation firewalls operate up to the Transport layer (layer 4) and records all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection.
Second generation firewall is mainly used for Stateful Inspection.
Third generation firewalls operate at layer 7. The key benefit of application layer filtering is that it can “understand” certain applications and protocols (such as File Transfer Protocol (FTP),
Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)).
14. What is DoS attack? How can it be prevented?
DoS (Denial of Service) attack can be generated by sending a flood of data or requests to a target system resulting in a consume/crash of the target system’s resources. The attacker often
uses ip spoofing to conceal his identity when launching a DoS attack.
- The data is split into smaller packets and passed through the tunnel.
- The data passing through the tunnel has 3 layers of encryption. The data is encapsulated.
- Tunneling can be approached by Point to Point tunneling protocol.
- It allows the private network communication to be sent across a public network.
- The encapsulation process allows the data packets to appear as they are of a public nature in the public network.
- It is also known as port forwarding.