Dear Readers, Welcome to Tunnel Engineering Interview Questions and Answers have been designed specially to get you acquainted with the nature of questions you may encounter during your Job interview for the subject of Tunnel Engineering. These Tunnel Engineering Questions are very important for campus placement test and job interviews. As per my experience good interviewers hardly plan to ask any particular questions during your Job interview and these model questions are asked in the online technical test and interview of many IT & Non IT Industries.
A network gateway joins two networks together and a network firewall protects a computer network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.
The primary function of a firewall is to prevent/control traffic flow from an untrusted network (outside). A firewall is not able to detect an attack in which the data is deviating from its regular
pattern, whereas an IPS can detect and reset that connection as it has inbuilt anomaly detection.
A transparent firewall is considered as Layer 2. Deploying a new firewall into a network can be a complicated process due to various issues (e.g. IP address reconfiguration, network topology
changes, current firewall etc.) because the firewall is not a routed hop and you can easily introduce a transparent firewall into an existing network.
Packet filtering is the process of permitting or blocking ip packets based on source and destination addresses, ports, or protocols. The packet filter examines the header of each packet based
on a specific set of rules, and on that basis, decides to prevent it from passing or allow. Packet filtering is also part of a firewall program for protecting a local network from unwanted access.
Stateful inspection is known as dynamic packet filtering and is a firewall technology that monitors the state of active connections and uses this information to determine which network packets
are allowed through the firewall. Stateful inspection analyses packets down to the application layer
Public key encryption uses public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be
used to decrypt them. To encrypt a message, a sender has to know the recipient’s public key.
Authorization is a security mechanism used to determine user/client privileges or access levels related to network resources, including firewalls, routers, switches and application features.
Authorization is normally preceded by authentication and during authorization. It’s system that verifies an authenticated user’s access rules and either grants or refuses resource access.
Every time a session is created for a flow of traffic on the primary node, it is synced to the secondary node. When the primary node fails, sessions continue to pass traffic through the secondary node without having to re-establish.
A site-to-site VPN allows offices in multiple locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN is different from remote-access VPN as it eliminates the need for each computer to run VPN client software as if it were on a remote-access VPN.
Use following commands to check the status of tunnel phases:
Phase 1 : show crypto isakmp and State : MM_ACTIVE
Phase 2 : show crypto ipsec sa
Note: if you have lot of tunnels and the output is confusing use a ‘show crypto ipsec sa peer 220.127.116.11’ command instead.
SSL VPN provides remote access connectivity from almost any internet enabled location without any special client software at a remote site. You only need a standard web browser and its native SSL encryption.
IPsec is a dedicated point-to-point fixed VPN connection where SSL VPNs provides anywhere connectivity without any configuration or special software at remote site.
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks.
GRE enables a wrapper to be placed around a packet during transmission of the data. A receiving GRE removes the wrapper, enabling the original packet to be processed by the receiving stack.
Advantages of GRE tunnels include the following:
GRE tunnels connect discontinuous sub-networks.
GRE tunnels allow VPNs across wide area networks (WANs).
GRE tunnels encase multiple protocols over a single-protocol backbone.
GRE tunnels provide workarounds for networks with limited hops.
Firewalls work at layer 3, 4 & 7. First generation firewalls provide packet filtering and they generally operate at layer 3 (Network Layer). Second generation firewalls operate up to the Transport layer (layer 4) and records all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection.
Second generation firewall is mainly used for Stateful Inspection.
Third generation firewalls operate at layer 7. The key benefit of application layer filtering is that it can “understand” certain applications and protocols (such as File Transfer Protocol (FTP),
Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)).
DoS (Denial of Service) attack can be generated by sending a flood of data or requests to a target system resulting in a consume/crash of the target system’s resources. The attacker often
uses ip spoofing to conceal his identity when launching a DoS attack.
- The data is split into smaller packets and passed through the tunnel.
- The data passing through the tunnel has 3 layers of encryption. The data is encapsulated.
- Tunneling can be approached by Point to Point tunneling protocol.
- It allows the private network communication to be sent across a public network.
- The encapsulation process allows the data packets to appear as they are of a public nature in the public network.
- It is also known as port forwarding.