Network Defense
higherho
Member Posts: 882
Hello All,
Had some discussions with a fellow manager and we were talking about interview questions for network defense type individuals (IDS / IPS, network border type of stuff). I stated that if an individual cannot describe to me some basic network attacks (SYN flood for example) then I would raise a red flag. To my understanding individuals into network security should really understand proxies, SSL, different type of network attacks, and how your defense works. Don't you agree? What would be some really good network defense type questions?
Respectfully,
H
Had some discussions with a fellow manager and we were talking about interview questions for network defense type individuals (IDS / IPS, network border type of stuff). I stated that if an individual cannot describe to me some basic network attacks (SYN flood for example) then I would raise a red flag. To my understanding individuals into network security should really understand proxies, SSL, different type of network attacks, and how your defense works. Don't you agree? What would be some really good network defense type questions?
Respectfully,
H
Comments
-
markulous Member Posts: 2,394 ■■■■■■■■□□I'd make sure they have a good understanding of just the basics: group policy, AD, switches vs hubs, firewalls, full understanding of OSI model, basic system hardening, etc. If they can't understand how networking itself works, how can they understand how to protect it?
-
higherho Member Posts: 882I agree, my employer thinks my questions are to network focussed and he wants more of a "Security guy" but wants network security (CERT, IRRT team type stuff). I'm just confused because everything we do is Network security centric (at least on this current role) so if the individual cannot explain to me those basics things properly then he should not be considered.
-
xnx Member Posts: 464 ■■■□□□□□□□Also not being able to explain the 3 way TCP handshake and TCP session tear down would be pretty bad.. lolGetting There ...
Lab Equipment: Using Cisco CSRs and 4 Switches currently -
da_vato Member Posts: 445It sounds like you guys are after an individual that is total infrastructure security so he needs to understand actual network security, yes... Information security is really about risk management disaster response as well fixing vulnerabilities. Infosec is way more conceptual than just tell me about the osi model and how do you protect each layer.
I would ask him/her:
What is Information security in your own words?
Whats your experience with making and enforcing policies?
I would also ask about a scenario and see how they would respond. -
MSP-IT Member Posts: 752 ■■■□□□□□□□I think da_vato is on the right track. I would say one of the best skills on the job is critical thinking, problem solving, and analysis. I'd look toward more of these softer skills on top of technical understanding.
-
dmoore44 Member Posts: 646If you're looking for someone to monitor IDS/IPS/SIEM consoles, then I would tell you that someone who has a decent understanding of network flow, as well as a good understanding of OSes is important. Striking the right balance between the sysadmin and netadmin roles is crucial - you want someone that understands how to trace network and can assess the impact on the target.Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
-
philz1982 Member Posts: 978Ask them what Snort is....
Seriously though,
You could ask about ARP poisoning, you could ask about VLAN's, you could ask about Port Security, You could ask about Private SSID's, you could ask about NMAP (give them an NMAP result and ask them to tell you what it tells them), ask them about Wireshark, (ask them to look through a few packets and tell you what they see).Read my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
higherho Member Posts: 882Thanks for the input. On a different topic, if you see someone putting on their resume that they know BGP. Asking them the three well known mandatory attributes is a fair question to ask? (SP level Networking Engineering position). I asked this question and the individual did not know it (had 10 years exp on his resume) and he came back on me asking if I knew it and had a little attitude about it. He also did this to me when I asked about ARP poisoning (which I told him the answer to both questions). I felt that this was a red flag both from a attitude perspective and technical. Thoughts?
-
networker050184 Mod Posts: 11,962 ModDefinitely a fair question. I wouldn't rule someone out for not knowing all three (google is easy) as long as they know that there are different types (well know, transitive etc) and an example or two. Just like I'm not a big fan of questions like protocol timers. The attitude part would be an immediate red flag though.An expert is a man who has made all the mistakes which can be made.
-
lsud00d Member Posts: 1,571Sounds like someone I wouldn't want on my team! If they are getting an attitude in the interview (because they can't answer pretty straightforward questions?!) then don't waste any more time.
-
xnx Member Posts: 464 ■■■□□□□□□□Thanks for the input. On a different topic, if you see someone putting on their resume that they know BGP. Asking them the three well known mandatory attributes is a fair question to ask? (SP level Networking Engineering position). I asked this question and the individual did not know it (had 10 years exp on his resume) and he came back on me asking if I knew it and had a little attitude about it. He also did this to me when I asked about ARP poisoning (which I told him the answer to both questions). I felt that this was a red flag both from a attitude perspective and technical. Thoughts?Getting There ...
Lab Equipment: Using Cisco CSRs and 4 Switches currently