Tuesday, September 6, 2016

ASA Interview Question Part1

1.    Adaptive Security Algorithm

Adaptive Security Algorithm (ASA) is a Cisco algorithm for managing stateful connections for PIX Firewalls. ASA controls all traffic flow through the PIX firewall, performs stateful inspection of packets, and creates remembered entries in connection and translations tables. These entries are referenced every time when traffic tries to flow back through from lower security levels to higher security levels. If a match is found, the traffic is allowed through. Finally, the ASA provides an extra level of security by randomizing the TCP sequence numbers of outgoing packets in an effort to make them more difficult to predict by hackers

2. Active FTP vs. Passive FTP, a Definitive Explanation

There are two types of FTP access: 
user or authenticated FTP and anonymous

User or authenticated:
FTP. User FTP requires an account on the server (in general, it is for users who already have accounts on the machine and lets them access any files they could access if they were logged in). 

Anonymous:
Anonymous FTP is for people who don't have an account and is used to provide access to specific files to the world at large.

FTP uses two separate TCP connections: one to carry commands and results between the client and the
server (commonly called the command channel ), and the other to carry any actual files and directory listings transferred (the data channel ).

Normal Mode or Active Mode

To start an FTP session in normal mode, a client first allocates two TCP ports for itself, each of them with a port number above 1024. It uses the first to open the command channel connection to the server and then issues FTP's PORT command to tell the server the number of the second port, which the client wants to use for the data channel. The server then opens the data channel connection. This data channel connection is backwards from most protocols, which open connections from the client to the server.

This backwards open complicates things for sites that are attempting to do start-of-connection packet filtering to ensure that all TCP connections are initiated from the inside, because external FTP servers will attempt to initiate data connections to internal clients, in response to command connections opened from those internal clients. Furthermore, these connections will be going to ports known to be in an unsafe range. 

Passive Mode

To start a connection in passive mode, an FTP client allocates two TCP ports for its own use and uses the first port to contact the FTP server, just as when using normal mode. However, instead of issuing the PORT command to tell the server the client's second port, the client issues the PASV command. This causes the server to allocate a second port of its own for the data channel (for architectural reasons, servers use random ports above 1023 for this, not port 20 as in normal mode; you couldn't have two servers on the same machine simultaneously listening for incoming PASV-mode data connections on port 20) and tell the client the number of that port. The client then opens the data connection from its port to the data port the server has
just told it about.


Passive mode is useful because it allows you to avoid start-of-connection filtering problems. In passive mode, all connections will be opened from the inside, by the client.

(Or)

In passive mode, only the server is required to open up ports for incoming traffic.


3. How Trace route and Ping command working

Ping:

Ping relies on the ICMP protocol, which is used to diagnose transmission conditions. For this reason, it uses two types of protocol messages (out of the 18 offered by ICMP): 

•Type 0, which corresponds to an "echo request" command, sent by the source machine; 
•Type 8, which corresponds to an "echo reply" command, sent by the target machine. 
At regular intervals (by default, every second), the source machine (the one running the ping command) sends an "echo request" to the target machine. When the "echo reply" packet is received, the source machine displays a line containing certain information. If the reply is not received, a line saying "request timed out" will be shown echo=source ip, source mac address

Trace Route:

Tracert works by incrementing the TTL value by one for each ICMP Echo Request it sends, then waiting for an ICMP Time Exceeded message. The TTL values of the Tracert packets start with an initial value of one; the TTL of each trace after the first is incremented by one. A packet sent out by Tracert travels one hop further on each successive trip.
Figure 3.2 shows how Tracert works. Tracert is being run on Host A, and is following the path to Host B. At Router 1 and Router 2, the TTL is decremented to 0, causing each router to send an ICMP Time Exceeded message. When the ICMP Echo Request is received at Host B, it sends back an ICMP Echo Reply.

No comments:

Post a Comment