IPTABLES / FIREWALL INTERVIEW QUESTIONS AND ANSWERS
PAGE - 4
31..What you mean by lightweight footprint?
Heavily used systems may lack available
resources to deploy an additional userland process for intrusion detection
(such as Snort). In the case of fwsnort, packet inspection takes place directly
within the Linux kernel, and so this usually
places a lightweight usage footprint on system resources
32..What
you mean by Network address translation (NAT)?
Network address translation is a type of
packet mangling that involves overwriting the source and/or destination
addresses and/or port numbers. Connection tracking information is used to
mangle related packets in
specific ways. The term “Source NAT” (or just
S-NAT or SNAT) refers to NAT involving changes to the source address and/or
port, and “Destination NAT” (or just DNAT or DNAT) refers to NAT involving
changes to the destination address and/or port.
33..What
Is IP Filtering?
IP filtering is
simply a mechanism that decides which types of IP packets will be processed normally
and which will be dropped or rejected
34..How
many built in tables in iptables?
iptables comes
with three built-in tables: filter, mangle, and nat. Each of these is
preconfigured
with chains corresponding to one or more of the hook points. iptables arranges for the appropriate chains in these tables to be traversed by
network packets based on the source and destination
35..How
the basic iptables matches working?
iptables has a
small number of built-in matches and targets and a set of extensions that are
loaded if they are referenced. The matches for IP are considered built-in, and
the others are considered match extensions
36..When the firewall is needed?
if you connect to other networks, yes. Ubuntu
Linux, for one famous example, does not include a firewall configuration during
installation because it installs with no running services. No services means no
points of attack. But, an important point: things change, mistakes happen, and
layered defenses are a standard best practice
37..Explain about iptables Policies and Rules?
There are three
built-in tables: filter, NAT, and mangle. You will use the filter table. Each
table contains a number of built-in chains. You may also create custom chains.
A chain is a list of rules that defines the actions applied to packets.
Rules end with a target specification that tells what to do with the packet.
This is done with the jump (-j) command, like this simple example that permits
all loopback traffic with the ACCEPT target:
iptables -A
INPUT -i lo -j ACCEPT
38..How to restore the iptables?
# iptables-restore < /etc/sysconfig/iptables
39..What
are all the iptables rules and target
values?
The iptables rules.
A..Rules contain a criteria and a target.
B..If the criteria is matched, it goes to the
rules specified in the target (or) executes the
special values mentioned in the target.
C..If the criteria is not matached, it moves
on to the next rule.
Target Values
A..ACCEPT – Firewall will accept the packet.
B..DROP – Firewall will drop the packet.
C..QUEUE – Firewall will pass the packet to
the userspace.
D..RETURN – Firewall will stop executing the
next set of rules in the current chain for this packet. The control will be
returned to the calling chain
40..What is the elements of security?
40..What is the elements of security?
Security
itself may be definable, but to measure it, we still need to examine it
further. Separating the asset and the threat is not in itself the most basic
form of security. Separation is actually created by combining three elements:
visibility, access, and trust
41..What
is iptables concepts?
iptables defines
five “hook points” in the kernel’s packet processing pathways:
PREROUTING, INPUT, FORWARD, POSTROUTING, and OUTPUT
No comments:
Post a Comment