There are two types of Internet Protocol (IP) traffic. They are TCP or Transmission Control Protocol and UDP or User Datagram Protocol. TCP is connection oriented – once a connection is established, data can be sent bidirectional. UDP is a simpler, connection-less Internet protocol. Multiple messages are sent as packets in chunks using UDP.
Difference in Transfer Data Features
Which is better depends of the type of application that your building and business needs. Normal text communication through UDP could end up in the wrong order when it comes across, but TCP it will come across the same why sent. Some text could even be lost in translation. There no guarantees with UDP. TCP is the one to go with for text communication. TCP is also the right choice when data loss is not an option. TCP should be used for file transfers and things like remote access or SSH. Another difference is that TCP offers transmittance when UDP does not. UDP is often used in multimedia streaming when transfers are a little less ambiguous. UDP also requires less overhead, no send delay and the data loss can easily be masked. Some firewalls do block UDP so if you have the bandwidth and overhead doesn’t deteriorate performance TCP is the way to go.
Different Applications of TCP and UDP
Web browsing, email and file transfer are common applications that make use of TCP. TCP is used to control segment size, rate of data exchange, flow control and network congestion. TCP is preferred where error correction facilities are required at network interface level. UDP is largely used by time sensitive applications as well as by servers that answer small queries from huge number of clients. UDP is compatible with packet broadcast – sending to all on a network and multicasting – sending to all subscribers. UDP is commonly used in Domain Name System, Voice over IP, Trivial File Transfer Protocol and online games.
Realistically, Information Security has thousands of possible questions at any given interview across many possible topics. On top, Information Security (InfoSec), means different things to different people. For example, Information Security covers everyone from the guy at Geek Squad running a copy of Norton all the way up to the Chief Security Officer at Microsoft. As a result, a single list of questions is not going to cover everything. However, there are definitely layers or tiers of possible questions that you can run into, and we will discuss some of them here.
Layer or Tier 1: Basic Security Tech
Security Tech positions, layer or tier 1 are are the basic fundamentals of what is current right now. Questions you may get for this type of role are customer relationship skills, personality based and to help the interviewer better understand your preferences. These questions would cover simple break fixes, connections, privileges, etc. Here are some example questions:
How would you preform a traceroute to find a break in communication?
You would run the tracert or traceroute command from command prompt, which would allow you to see exactly what routers are touched as you move through the network. When you get to a destination that you can not connect to or where the trace chain stops, there is the break.
Why would you want to use SSH from a Windows PC?
SSH (TCP port 22) is a secure connection and can be used to harden against eavesdropping.
What is the difference between Asymmetric and Symmetric encryption?
Symmetric encryption uses the same key to encrypt and decrypt, where as Asymmetric uses two separate keys. Symmetric is faster, but Asymmetric is easier to implement.
What is SSL and why is it not enough when it comes to encryption?
SSL is identity verification, not hard data encryption. SSL is commonly attacked via its implementation (Heartbleed bug) and can be stripped in certain circumstances. SSL is designed to prove that the person you are talking to on the other end is who they say they are.
Layer or Tier 2: The Break Fixer
Positions like the Break Fixer requires a little more experience and diversified skills. This person would need to be able to think out-side the box and be able to think through a problem. Performing tasks like cleanups and minor forensics are common. Some example question someone interviewing for a Break / Fixer security position would be:
What is XSS?
XSS is cross-site scripting which is a computer vulnerability found in web applications and the easiest way to protect against it is input validation. An example of XSS is an attacker embedding HTML tags in the comments section of a website. This new code will be loaded every time someone loads the page an could lead visitors to another site where accounts and personal information can be captured.
How can you reset a password-protected BIOS configuration on a PC?
Since the BIOS is a pre-boot system it has a storage mechinism for is settings and preferences. Simply removing the battery will result in it losing is settings, thus resetting the password to default. The BIOS factory password would be reset to ‘password’.
What are three ways to authenticate a person?
Using two factor authentication
Something you know (password)
Something you have (token)
Something you are (biometrics)
What is data protection at rest vs data protection in transit?
Data is protected at rest when it in on just sitting there on a database or system. Data is protected in transit while it is moving from server to client.
How can you login to Active Directory from a Mac or Linux box?
Since Active Directory uses SMB protocol, you can access Active Directory from a non-Windows system by using the Samba program.
Layer or Tier 3: The Seasoned
The Seasoned Security professional has spent several years working through both small and large security issues. By now this person would have experienced several environments, security software and diverse implementations. The Seasoned Security professional works as a member of a team and is most likely on a specialized security track. The Seasoned Security professional would be asked these types of interview questions:
What is the difference between and exploit and a vulnerability (this is a very common question)?
A vulnerability is a potential problem where as a exploit is an active one.
How can you configure a network to allow only a single computer to login on a particular jack?
Using sticky ports to configure each port to only allow one computer to connect.
What is the difference between an HIDS and a NIDS?
Both are Intrusion Detection Systems, but one is Host and the other is Network. HISDS run as background utilities on the client and NIDS sniff packets as they cross the network.
What is the CIA triangle?
Confidentiality – keeping data secure, Integrity – keeping data intact, Availability – data accessibility.