IT Job Interview

This question is asked to network administrators and security officers in order to test insight of the candidates’ overall knowledge of the various attacks that may affect the organization. You’d better have some real life network security experience to giving a perfect answer. However, if you never dealt with denial-of-service attack and recovery, you can still make yourself familiar with the concept and describe the general process. An example answer could be like:

“Our network could get denial-of-service attack because someone wanted to crash our system or make it perform so poorly and become unusable. Hackers may also want to install Trojan or a root kit through the attack. When a denial-of-service attack is identified, the first thing I would do is to reboot the system. In general I would also need to reprogram the switches and routers in order to drop the offending traffic. I would implement certain security features provided by the vendors to within the system to protect the network from this type of attack. With a Windows server system for example, I can invoke IPSec policies that allow me to limit or forbid traffic from certain hosts.”

This is a hands-on experience question.  The following answer is for UNIX platform.

The first step is to assign a unique internet address to the workstation.  The net-mask has to be assigned the same as other devices in that subnet.  The physical device has to be attached to the network, and the workstation connected.  When attaching the Attachment Unit Interface (AUI), you must make sure that it corresponds with the jumper setting on the unit.

Next, the system should be booted.  At this point, you should ping another workstation or server using its IP address.  If the ping works properly, the next step would be to change the /etc/hosts, /etc/netmasks, /etc/defaultdomain to include all the necessary information required by the system to recognize the network automatically upon booting.  If this system was a client or diskless workstation in an NIS network, then the ‘domainname’ command can be set appropriately or changed in /etc/defaultdomain and rebooted, which will cause it to connect to its NIS master.

Obviously, the interviewer wants to know if you have any hands-on skills on UNIX network troubleshooting.  If you do have the experience, you must have used the following handy tools:

Netstat – Shows the status of the network.
Ping – Sends packets to a destination address and tracks the performance of packets round trip.
Spray – sends packets (like ping_ but, instead of one packet, it sends a burst of packets for greater duration, putting a simulated load on a network component to better test its communications.
Ifconfig – Can be used to ascertain useful network information as well as to configure the network port.
Etherfind – gives network information about all network traffic passing through the network connection.

“Network routes are entirely contained within a single network.  The gateway NCPs, which are responsible for the interface between two networks, also provide virtual route termination services.  NCP translates the session routing from the virtual routes and subarea numbers used in one network to those in another whenever an information from crosses the network boundary.”

“Universally administered addresses are managed by the IEEE and are guaranteed to be unique worldwide.  For those adapters which support universally administered addresses, the adapter’s address is in read-only memory on the adapter and cannot be changed.  This means that if an adapter fails, its replacement will have a different universally administered address, which may impact network management schemes, universally administered addresses do not support any structured assignment which allows identification of the location of a Token-Ring station from its address.”