Tuesday, January 25, 2022

Certified Ethical Hacker

 - Explain TCP/IP and mention its layers.
- Explain layer 2 of the OSI model.
Data Link layer—Layer 2 is known as the Data Link layer. The Data Link layer is responsible for formatting and organizing the data before sending it to the Physical layer. The Data Link layer organizes the data into frames. A frame is a logical structure in which data can be placed; it's a packet on the wire. When a frame reaches the target device, the Data Link layer is responsible for stripping off the data frame and passing the data packet up to the Network layer. The Data Link layer is made up of two sub layers, including the logical link control layer (LLC) and the media access control layer (MAC). You might be familiar with the MAC layer, as it shares its name with the MAC addressing scheme. These 6-byte (48-bit) addresses are used to uniquely identify each device on the local network. A major security concern of the Data Link layer is the Address Resolution Protocol (ARP) process. ARP is used to resolve known Network layer addresses to unknown MAC addresses. ARP is a trusting protocol and, as such, can be used by hackers for APR poisoning, which can allow them access to traffic on switches they should not have.

- Explain layer 3 of the OSI model.
Network layer—Layer 3 is known as the Network layer. This layer is concerned with logical addressing and routing. The Network layer is the home of the Internet Protocol (IP), which makes a best effort at delivery of datagrams from their source to their destination. Security concerns at the network level include route poisoning, DoS, spoofing, and fragmentation attacks. Fragmentation attacks occur when hackers manipulate datagram fragments to overlap in such a way to crash the victim's computer. IPSec is a key security service that is available at this layer.
- Difference between TCP and UDP.
UDP is a datagram protocol, which means it does not have to establish a connection to another machine before sending data.

- Difference between Telnet and SSH.
Telnet—Telnet is a TCP service that operates on port 23. Telnet enables a client at one site to establish a session with a host at another site. The program passes the information typed at the client's keyboard to the host computer system. Although Telnet can be configured to allow anonymous connections, it should be configured to require usernames and passwords. Unfortunately, even then, Telnet sends them in clear text. When a user is logged in, he or she can perform any allowed task. Applications, such as Secure Shell (SSH), should be considered as a replacement. SSH is a secure replacement for Telnet and does not pass cleartext username and passwords.

- How does SSH encrypts the data?
- Explain how fragmentation occurs within a network.
- Define Malware?
- What is a sniffer and what is it used for?
- What is Netcat and what is it used for?
- What is a Buffer Overflow and what is it used for?
- The interviewer drew a diagram on a piece of paper consisting of two machines in a LAN, a Gateway and a Web Server in the Internet hosting a financial site via HTTPS. Explain how an attacker (Machine A) could sniff traffic from victim (Machine B) and is the attacker able to see the encrypted data and how was this accomplished. How can the victim know that he was being attacked by the attacker?