What is this (X) IDS signature mean?
Submitted by: AdministratorPull some random URL from a log, or show them an actual snort signature to see if they really understand what the IDS system (if they are going to be a packet head as part of their job). Most good IDS folks will be able to answer this one. My favorite example is one that everyone has seen for years now, Code Red:
u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Or my other favorite one is NetBIOS, right, unless you see a lot of winnuke anyone running a NetBIOS IDS signature on their network is looking at a mushroom cloud of activity, because windows works that way. This is a good leading question on when this signature would be used, where it would be used, and can give the interviewer a lot of good information on how the person thinks about IDS and what the IDS system is showing them. The leading part of this is that many of the windows vulnerabilities like MS06-040 should be monitored by a NetBIOS rule, and the trick is getting the interviewer down to the point where they are actually thinking about the ramifications and architectures of the rule. As an interview question this one can not be beat, but the interviewer must understand enough about how it works to keep the conversation going, otherwise the interviewer is going to get stuck really quickly if the interviewee knows what they are talking about.
Submitted by: Administrator
u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Or my other favorite one is NetBIOS, right, unless you see a lot of winnuke anyone running a NetBIOS IDS signature on their network is looking at a mushroom cloud of activity, because windows works that way. This is a good leading question on when this signature would be used, where it would be used, and can give the interviewer a lot of good information on how the person thinks about IDS and what the IDS system is showing them. The leading part of this is that many of the windows vulnerabilities like MS06-040 should be monitored by a NetBIOS rule, and the trick is getting the interviewer down to the point where they are actually thinking about the ramifications and architectures of the rule. As an interview question this one can not be beat, but the interviewer must understand enough about how it works to keep the conversation going, otherwise the interviewer is going to get stuck really quickly if the interviewee knows what they are talking about.
Submitted by: Administrator
Read Online Computer security Job Interview Questions And Answers
Top Computer security Questions
☺ | What is a Firewall? |
☺ | Disaster Recovery Planning questions |
☺ | What is an ACL (Access Control List)? |
☺ | What is computer impersonation? |
☺ | What is Spyware? |
Top Basic Job Categories
☺ | Targeted Selection Interview Questions. |
☺ | Business intelligence Interview Questions. |
☺ | Puzzles Interview Questions. |
☺ | Behavioral Interview Questions. |
☺ | Freshers Graduate Interview Questions. |