1. What is firewall?
A: It’s a security system designed for the web. A firewall is located at the boundary of any system or network that monitors and controls network traffic. A firewall is usually used to protect a system or network from malware, worms and viruses. Firewalls also prevent content filtering and remote access.
2. What are the five stars in the crontab configuration file of scheduled tasks in Linux?
A: Minute, hour, day, month, day of the week
3. Explain the violent attack. How to prevent it?
Finding the right password or PIN is a matter of trial and error. Hackers repeatedly try to use all combinations of credentials. In many cases, violent attacks are automated, with software running automatically to log in using credentials. There are several ways to prevent brute force attacks. They are:
- Set the password length.
- The password complexity is increased.
- Set a limit on login failures.
4. Briefly describe the role of BP?
A: Configure the browser proxy to penetrate the network and attack the Web application integration platform. It can intercept and modify HTTP packets. Bp also has transcoding and decoding functions (hexadecimal, ASCII, BASse64, etc.); The introder module implements an automated attack or password blast; The Repeater module usually uses this function to capture packets through Proxy and send them. Basically, you modify the parameters of the request and so on and then click go in the upper left corner to send it, and then you receive the request on the right, and the request and the response can be displayed in different forms; The compare module is mainly a comparison function. You can cut packets from the Proxy and send them for comparison or load files directly for comparison
5.SQL injection principle? How to defend?
Because the program developer does not filter user input at compile time, users can make SQL query statements in THE URL into the database
6. How to respond to security incidents?
Answer: determine scope first, do a good job of isolation (network isolation, ACL, etc.), judge the seriousness of the matter, at the same time, contact legal department to see his evidence or public security department evidence, do a good job after the analysis, do a good job of relevant security reinforcement
7. How does a DDOS attack work? How to defend?
Distributed denial of service attacks, in which hackers control chickens to occupy resources and exhaust server resources. For example, many people come to the restaurant and fill the seats. They don’t order food, but only occupy the seats, so that the normal guests can not eat.
Defense: Purchase the anti-D service, traffic cleaning, and bandwidth expansion
8. The principle of reflective XSS vulnerability? How to defend?
One is reflective XSS, which takes input from the outside and fires directly on the browser side
Defense: (1) special character HTML entity transcoding. The best way to filter is to do transcoding with HTML entities on output and secondary calls to prevent script injection.
(2) Blacklist of label event attributes. Because special characters are easily bypassed, labeled events must be blacklisted or whitelisted. Whitelisted events are recommended. Rules can be directly matched using regular expressions.
9. What is the attack principle of request forgery class?
The URL submitted by the user and the information returned by the server need to be filtered otherwise it will be attacked by hackers for request forgery. What happens on the client side is called CSRF and what happens on the server side is called SSRF
10. Principle and defense of file upload vulnerability?
When programmers develop any file upload function, they do not consider the validity check of file format suffix or whether they only check the suffix through JS in the front end. Then an attacker can upload a site scripting language and a malicious code corresponding to the dynamic script, for example (JSP, asp, PHP, aspx file suffix) on the server, in order to access these malicious script contains malicious code, the dynamic analytical eventually achieve the result of execution of malicious code, further affect the server security.
The server is enabled with improper Settings or parsing vulnerabilities (e.g. nginx enables fast-cgi, uploads a one-sentence Trojan file named A.jpg and accesses a.jpg/.php to generate one-sentence Trojan files) or enables unsafe methods such as put and delete. For example, if the file name is abc.x1.x2.x3, Apache will parse from x3. If x3 is not a resolvable extension, apache will parse x2 and repeat until a resolvable file name is found. IIS6.0 has two parsing vulnerabilities in asp, one is if any directory name contains. Asp string, then all files under this directory will be resolved according to ASP, the other is the file name contains asp; It will be resolved as asp in preference.
Iis 7.0/7.5 has nginx-like parsing vulnerabilities for PHP parsing. Just append a string to the url of any filename/any filename. PHP will parse it as PHP does. For example, if you upload test.jpg and then access test.jpg/.php or test.jpg/abc.php in the current directory, it will generate a one-sentence Trojan shell.php
Defense: Strictly checks the file name and file path uploaded by users on the client and server. You also need to check for the %00 truncation, the CONTent-Type of the HTTP header, and the size of the uploaded file. The directory for uploading files is set to unexecutable. As long as the Web container cannot parse the files under that directory, the server itself is not affected even if an attacker uploads a script file.
Determine the file type. When determining the file Type, you can use MIME Type and suffix check. In file type check, use whitelist mode. In addition, for image processing, you can use compression functions or resize functions to destroy the HTML code that may be contained in the image while processing the image.
Rewrite file names and file paths using random numbers. File upload If the code is to be executed, the user needs to be able to access the file. In some environments, users can upload, but not access. If a random number is used to rewrite the file name and path, it will greatly increase the cost of attack. Then there are files like shell.php.rar.rar and crossdomain.xml, which will be invulnerable due to renaming.
The domain name of the file server is set separately. Due to the browser same-origin policy, a number of client-side attacks will be disabled, such as uploading crossdomain.xml, uploading XSS exploits with Javascript, etc.
Use security devices for defense. The essence of file upload attacks is to upload malicious files or scripts to the server. Professional security devices defend against such vulnerabilities by detecting the exploits and uploading process of malicious files. Malicious files are ever-changing, and hiding methods are constantly evolving. Common system administrators can deploy security devices to help prevent malicious files.
11. Does the file contain vulnerability principle and defense?
Principle: When importing files through PHP functions (such as include(), unexpected file leaks and even malicious code injection may occur because the file name passed in is not properly verified.
The following two conditions must be met: 1. Functions such as include() introduce files to be included through dynamic variables. 2. The user can control this dynamic variable.
Defense: Filter code because Include/Require can be used to Include PHP Wrapper addresses (php.ini needs to be configured). /.. / “to bypass the directory, so you need to determine whether the file name is a legitimate PHP file. If the file name can be determined, the code can set the whitelist to compare the parameters passed in when the file is included. The PHP configuration file has the open_basedir option to set the directory in which the user wants to execute. If you set the directory, PHP will only search for files in that directory. Allow_url_include in PHP configuration if enabled, PHP will Include remote files through Include/Require. This option is not allowed in development due to the untrusted and uncertain nature of remote files. PHP is disabled by default.
12. What is the same-origin policy?
The same origin policy checks whether the page is in the same origin as the local browser. Only scripts that are in the same origin as the local browser will be executed. If the script is not in the same origin, the browser will raise an exception in the console when requesting data, indicating that access is denied.
13. Explain the difference between Localstorage and SessionStorage
LocalStorage, like sessionStorage, is an object used to store temporary client information.
They can only store objects of string type (although other native types can be stored in the specification, no browser has implemented them so far).
The localStorage life cycle is permanent, which means that localStorage information will remain forever unless the user displays it on the browser-provided UI and clears it.
The sessionStorage life cycle is the current window or TAB. Once the window or TAB is permanently closed, all data stored through sessionStorage is wiped out
14. What is atomic operation?
Atomic operations are operations that cannot be interrupted by thread scheduling; Once this operation starts, it runs until it ends without any context switch.
15. What are the safety keys in Windows?
CTRL + Alt + DELETE (after the machine receives this command by default, all current processes of the terminal will be activated and the login page will prompt you to enter the user name and password)
16. How to obtain the real NETWORK IP address from CDN?
You can connect to a foreign proxy and ping the domain name. If the IP address remains unchanged, the IP address is the real one. Or search the domain name by shodan, fofa, and try to determine the real IP from the information returned
17. What if the host is hacked?
When the host is invaded, it preferentially sees its own open services. To identify possible points of attack. Open HTTP services, for example, can be infiltrated by the Web. For example, if you open SSH, you may be entered by a weak password. After identifying the service, check the corresponding service logs to see if the attack IP address can be found
18. As the website backstage administrator, how to prevent the backstage page from being searched by others?
Answer: The simplest is to write a filter to determine whether the user is an administrator. If so, you can jump to the administrator page. If not, you can go back to the home page (just add a role field to the Users table to determine this. The second option is to set up a permissions system (based on multiple filters). If you use Java, you can use Spring Security and configure a simple file according to the official documentation. A bit more complex can establish several database tables, user table, permission table, resource table, user – permission table, permission – resource table, permission group table, so you can achieve a very basic permission system
19. Why does SQL injection sometimes have no echo?
Set php.ini to display_errors to off. Also set error_reporting to E_ALL so no errors are displayed.
20. What is APT attack?
APT attack, namely advanced sustainable threat attack, also known as targeted threat attack, refers to an organization’s continuous and effective attack on a specific object.
First, smart phones, tablet computers, USB and other mobile devices as the target and attack object and then invade the enterprise information system.
Ii. Malicious emails of social engineering are one of the key factors for the success of many APT attacks. With the increasingly mature methods of social engineering attacks, it is almost difficult to distinguish the real emails from the fake ones. It can be found from some large enterprises that are subjected to APT attacks that the key factors that threaten these enterprises are all related to ordinary employees being exposed to malicious emails from social engineering. Hackers started by sending phishing emails to specific employees as a source of APT attacks.
Third, the use of firewall, server and other system vulnerabilities to obtain effective credentials to access the enterprise network is another important means to use APT attack
21. Define ARP and its working process.
It is a protocol for finding MAC addresses associated with IPv4 addresses. This protocol acts as an interface between the OSI network and the OSI link layer.
22. Explain botnets.
It is connected by the Internet to many devices, such as servers, mobile devices, IoT devices and PCS controlled by malware.
23. What are the main differences between SSL and TLS?
The main difference between the two is that SSL authenticates the identity of the sender. SSL helps you keep track of who you’re communicating with. TLS provides a secure channel between two clients.
24. What is the abbreviation for CSRF?
CSRF stands for cross-site request forgery.
25. What is 2FA? How to implement it on public web sites?
TFA stands for two-factor authentication. Identifying who is accessing an online account is a security process. Users are granted access only after providing evidence to the authentication device.
26. Explain the difference between asymmetric and symmetric encryption.
Symmetric encryption requires the same key for encryption and decryption. Asymmetric encryption, on the other hand, requires different keys for encryption and decryption.
27. What is the full form of XSS?
XSS stands for cross-site scripting.
28. Explain the WAF
WAF stands for Web application firewall. WAF is used to secure Web applications by filtering and monitoring incoming and outgoing traffic between them and the Internet.
29. What is a hacker?
Hacking is the process of discovering a weakness in a computer or private network in order to exploit it and gain access.
For example, use password cracking techniques to access the system.
30. Who is the hacker?
A hacker is someone who finds and exploits weaknesses in a computer system, smartphone, tablet or network to gain access. Hackers are experienced computer programmers with knowledge of computer security.
31. What is network sniffing?
Network sniffing is a tool for analyzing packets sent over a network. This can be done with dedicated software programs or hardware devices. Sniffing can be used for:
Capture sensitive data, such as passwords.
Eavesdropping on chat messages
Monitor packets over the network
32. What is the importance of DNS monitoring?
Yongyu is susceptible to malware. You need to use DNS monitoring tools to identify malware.
33. Define the marinating process. What’s the use of salt?
Salting is the process of lengthening a password by using special characters. To use salting, it is important to understand the whole mechanism of salting. Salt is used to protect passwords. It also prevents an attacker from testing known words throughout the system.
For example, add Hash (” QxLUF1bgIAdeQX “) to each password to protect your password. It’s called salt.
34. What is SSH?
SSH stands for secure socket shell or security shell. It is a suite of utilities that provide system administrators with a secure way to access data on the network.
35. Is SSL sufficient to ensure network security?
SSL authenticates the identity of the sender, but it does not provide security once the data is transferred to the server. It is best to use server-side encryption and hashing to protect the server from data leaks.
36. What are black box testing and white box testing?
Black box testing: This is a software testing method that hides internal structures or program code.
White-box testing: A method of software testing in which the tester knows its internal structure or procedures.
37. Explain vulnerabilities in network security.
A vulnerability is a weak spot in software code that a threat can exploit. They are most commonly found in applications such as SaaS (software as a service) software.
38. Note TCP three-way handshake.
It is the process used in a network to establish a connection between a local host and a server. This approach requires that the client and server negotiate synchronization and validation of packets before starting communication.
39. Define the term residual risk. What are the three ways to deal with risk?
After the threat has been identified and eliminated, it is a threat to balance risk exposure.
There are three ways to deal with risk:
-
To reduce itCopy the code
-
Avoid itCopy the code
-
Accept it.Copy the code
40. Define penetration.
A data breach is the unauthorized transfer of data from a computer system. The transfer can be manual and can be performed by anyone with physical access to the computer.
41. What is a cyber security vulnerability?
Exploit is a way for hackers to gain unauthorized access to data. It was incorporated into malware.