i know nothing

Let me just begin by saying that I don’t know anything.  There, I said it.  And I truly believe it.  The more I learn, the more I realize I don’t know shit.


Now that I’ve gotten that off my chest, let me talk a little about some things I do know, and I’m OK at (read: not GOOD at, just OK).  I’m OK at reading comprehension, and I’m OK at spelling.  I’m also good at being curious, but that seems more like an innate ability.  I suspect most people in my profession have the same innate curiosity – we all used to take things apart as kids (and much to our parents’ chagrin, not put them back together).


The DefCon 101 talks were excellent, and got me thinking about level setting.  Lostboy gave a talk about baselining knowledge in IT, and I thought I would contribute some of my thoughts.


I have the opportunity in my position to interview people for jobs in IT, including systems administration, network administration, and security.  I often am disappointed in the candidates’ lack of basic knowledge of how systems are put together.


Again, I don’t claim to know anything, but here are some basic things that I always ask candidates.  My belief (and it could be unfounded) is that if you’re going to be in IT, you should know the answers to these questions.  Especially if you’re interviewing for a sysadmin position.


1. How does DNS work?


The answer can be as simple as, well, it maps names to IP addresses, which is true.  But there is so much more to it.  I don’t claim to be a DNS master, or anything like that – I don’t know crap about the inner workings.  However, I do know, and I expect EVERYONE in IT to know what an “A” record is.  If you don’t know, look it up.  Look up what a “PTR” record is while you’re at it, and a CNAME record too.  These are SIMPLE things that you should know if you’re coming to an interview as an IT person.


2. How does DHCP work?


Again, a simple question, with a simple answer.. it assigns IP addresses dynamically.  However, the a real IT person will know HOW DHCP works – the host sends a broadcast message and the DHCP server responds.  If it’s not on the same layer 2 domain (look it up), the router will forward the DHCP request on to the DHCP server if it is configured to do so.


If you want to even think about getting into security as a profession, you should know much more about the above protocols.  Down to specifics on what the packets look like and how to manipulate the protocols to ‘trick’ hosts.


Anyone who interviews for a networking position on my team had better know much more about these protocols than the basics, and they will need to know about other things that are pervasive in today’s networks.  Things like:


1. MTU and Path MTU discovery


What is the MTU?  How does Path MTU discovery work?


2. How does traceroute work?


Not “it traces the route between points on a network”, rather, HOW does this protocol work?  For extra credit, how does a UNIX machine differ from a Windows machine in how it performs the traceroute utility?  And no, the answer isn’t “Windows uses tracert, and UNIX uses traceroute”.


Those of you who are reading this post because you googled my name after seeing that I’ll be interviewing you tomorrow, good on you for doing a little research before coming to the interview.  Just be prepared.