By downloading latest security updates and cover vulnerabilities
Share the password only to the staff to do their job
Encrypt any personal data held electronically that would cause damage if it were stolen or lost
On a regular interval take back-ups of the information on your computer and store them in a separate place
Before disposing off old computers, remove or save all personal information to a secure drive
Install anti-spyware tool
6) Mention what is WEP cracking? What are the types of WEP cracking?
WEP cracking is the method of exploiting security vulnerabilities in wireless networks and gaining unauthorized access. There are basically two types of cracks
Passive cracking: Until the WEP security has been cracked this type of cracking has no effect on the network traffic.
Active cracking: It is easy to detect compared to passive cracking. This type of attack has an increased load effect on the network traffic.
7) List out various WEP cracking tools?
Various tools used for WEP cracking are
8) Explain what is phishing? How it can be prevented?
Phishing is a technique that deceit people to obtain data from users. The social engineer tries to impersonate genuine website webpage like yahoo or Facebook and will ask the user to enter their password and account ID.
It can be prevented by
Having a guard against spam
Communicating personal information through secure websites only
Download files or attachments in emails from unknown senders
Never e-mail financial information
Beware of links in e-mails that ask for personal information
Ignore entering personal information in a pop-up screen
9) Mention what are web server vulnerabilities?
The common weakness or vulnerabilities that the web server can take an advantage of are
Bugs in operating system and web servers
10) List out the techniques used to prevent web server attacks?
Secure installation and configuration of the O.S
Safe installation and configuration of the web server software
Scanning system vulnerability
Anti-virus and firewalls
Remote administration disabling
Removing of unused and default account
Changing of default ports and settings to customs port and settings
11) For security analyst what are the useful certification?
Useful certification for security analyst are
Security Essentials (GSEC): It declares that candidate is expert in handling basic security issues- it is the basic certification in security
Certified Security Leadership: It declares the certification of management abilities and the skills that is required to lead the security team
Certified Forensic Analyst: It certifies the ability of an individual to conduct formal incident investigation and manage advanced incident handling scenarios including external and internal data breach intrusions
Certified Firewall Analyst: It declares that the individual has proficiency in skills and abilities to design, monitor and configure routers, firewalls and perimeter defense systems
12) How can an institute or a company can safeguard himself from SQL injection?
An organization can rely on following methods to guard themselves against SQL injection
Sanitize user input: User input should be never trusted it must be sanitized before it is used
Stored procedures: These can encapsulate the SQL statements and treat all input as parameters
Regular expressions: Detecting and dumping harmful code before executing SQL statements
Database connection user access rights:Only necessary and limited access right should be given to accounts used to connect to the database
Error messages: Error message should not be specific telling where exactly the error occurred it should be more generalized.
These interview questions will also help in your viva(orals)