Cyber Security: Offensive Mindset - Networking and Job Interview
A problem statement from the beginnning of the Cyber Security Studio were ‘How can I a benefit from completing a Cyber Security Credit?’, ‘Can I use what I learnt from this subject to be prepare for future interviews in the Cyber Security World?’ and ‘Where do I see myself in Cyber Security in next 5-10 years?’. These answer to questions are currently what I do not have and trying to solve by the end of the studio.
However, I am slowly solving one of my problem statement by applying for an interview at UTS under the role of Security Analyst Intern and was offered an interview on 22nd of February.
Prior to the interview, I had a help from a friend who knew someone who had previously had the interview in the previous years and was successful. Having no prior industrial experiences with IT and networks, they provided hints and tips of certain topics I should learn. I would need to learn basic networking theory, subnetting and OSI model.
This is going to be artefacts page of evidence I what I have found from researching and watching videos.
- Understanding binary basics
- Converting between number formats
- Default gateway
- Subnet mask value -> 255.255.255.0
- What is a subnet mask?
- Concept to reveal information
- Cider notation. Classless Inter-Domain Routing (CIDR)
- First 2 octets are network bits.
- Second 2 octets are hot bits
- Default subnet mask -> 255.0.0.0
- Introduction to IPv4 addresses
- Three different classes
- A 1-127 (255.0.0.0)
- B 128-191 (255.255.0.0)
- 65,536 addresses
- 172.16.0.0 - 172.31.255.255.16
- C 192-223 (255.255.255.0)
- Popular submask to use
- 256 addresses
- Operates at Layer 3 of the OSI model
- Works closely with Layer 2 Address (Hop-by-hop)
- Subnetting is changing the submask
- 1 equals network
- 0 equals host
Please Do Not Touch Steve’s Pet Alligator
Physical Data-link Network Transport Session Presentation Application
The responses I should have gave instead.
Difference between TCP/UDP
Transmission Control Protocol
User Datagram Protocol
What infrustructure have you implemented at home?
This was a very confusing question, as the only infrustructure I had was setting up the router from our ISP and connecting the home network which include up to various 20 devices such as computers, phones and NAS.
They further asked,
What would you implement in the future?.
I said, I would invest into getting a VPN, a virtual private network, that allow me to surf the net without the ISP and other third party IP tracking my location and all the sites I visit. This has the potential to stop my home network to be DDOS by attackers whom have acquired my IP address. Also, at the time there have been a rise of many sites that uses your location and create virtual profile to create advertisements for you by assessing data that contains word search and previous site history.
This was the extent of my knowledge at the time of how I could improve my home network.
What is the different between Layer 2 and 3?
Layer 2 - Data Link * Frame * Switches, Ethernet, Bridges * MAC Address
Layer 3 - Network * Packet * Routers, IP, ICMP
How many networks are in a /24?
I said 128. It’s not. It’s 1.
Enumerating from my mistake. 11111111.11111111.11111111.00000000
128 | 64 | 32 | 16 | 8 | 4 | 2 | 1
There are 8 bits of host. There are 24 bits of network.
The subnet mask should be: 255.255.255.0
Using the last bit of network which is an increment of 1.
1 host in 1 subnet 0.0.0.0/24 0.0.0.1⁄24 0.0.0.2⁄24
What can this be?
That means there are 1 network per subnetted network.
I said 128 because I got mistaken by how many hosts there are. One octet of bits = 128+64+32+16+8+4+2+1 = 255.
What is a firewall? Do you know what are the last rules in the table?
To be honest. Since I do software engineering at UTS, I only had a very basic understanding how it worked and didn't know any rules that are associated.
Expectation of the Interview
This was the second experience of applying for a job role that was outside of my expertise. As an undergrad engineer, I believe that I should be exposed to new experiences and opportunity by applying to postions outside of my general field. That’s why my first interview I had was a junior/intern IT role and a junior security analyst role.
At UTS, I felt it was strange that software engineer did not have any IT subjects excluding programming fundamentals and application programming. This discipline is focused on group work and how effective you are in setting plans and communcating at a high level. This meant that I felt very under prepared and unskilled compared to the other potential interviewees I was compared to.
My main strategy for the interview was to study a bit on general IT questions like learning about simple networking and routing. I would need to learn how networks are in /24 etc. In addition, I have received help from senior undergrads who are majoring in Networking whom have already gone through similar interivewing questions.
Lyda.com 2019, ‘Learning Subnetting’, Lynda.com, viewed 20 Februrary 2019, https://www.lynda.com/iP-tutorials/Understanding-binary-basics/184143