The Basics

Subnetting the Easy Way

No Comments
Continue Reading

Book/Course Reviews

Course Review: SANS SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH)

No Comments
Continue Reading

Book/Course Reviews

Course Review: SANS SEC401 Security Essential (GSEC)

No Comments
Continue Reading

The Basics

Subnetting the Easy Way

No Comments

I have read post after post on common tech forums regarding new comers having trouble with subnetting and even some veterans who know of subnetting but forget how to do the math manually. So I wanted to share the easiest way that I have found to subnet!

What is subnetting?

Subnetting is the practice of dividing a network into two or more smaller networks.

Why use subnetting?

  • Improves network performance and speed
  • Reduce network congestion
  • Enhance network security
  • Easier to control the growth of your network

Key concept of subnetting

  • IP addresses are made up of 32 bits
    • An IP address is split into 4 octets (4 groups of 8 bits)
      • For example, with the 192.168.1.100 IP address: 192 is the first octet, 168 is the second octet, 1 is the third octet, and 100 is the fourth octet.
  • Like we said earlier, subnetting is the practice of dividing a network into two or more smaller network. That means some bits are reserved for identifying the network and the remaining bits identify the host (this will make more sense in a few minutes).
  • There are 3 main IP address classes. The information below shows the IP address range for the given IP class, along with how the addresses are split in terms of network and host bits (N == network bit, H == host bit).
    • Class A: 1.0.0.0 to 126.255.255.255
      • NNNNNNNN . HHHHHHHH . HHHHHHHH . HHHHHHHH
    • Class B: 128.0.0.0 to 191.255.255.255
      • NNNNNNNN . NNNNNNNN . HHHHHHHH . HHHHHHHH
    • Class C: 192.0.0.0 to 223.255.255.255
      • NNNNNNNN . NNNNNNNN . NNNNNNNN . HHHHHHHH
  • IMPORTANT: at each dot of an IP address, think of it as a boundary. That would mean there are boundaries at 8, 16, 24, and 32 bits.
  • IMPORTANT: The first and last ip addresses of a subnet range cannot be used by a host, they are set aside for the subnet address and broadcast address. The remaining IP addresses can be assigned.

Problem 1: What subnet does 192.168.19.25/27 belong to?

  1. What’s the mask: 27
  2. To get the block size, do the following:
    • What’s the boundary above 27? It’s 32, so we subtract 27 from 32.
      • 32 – 27 = 5
    • Next we calculate 2^ 5, which gives us 32
    • 32 is the block size
  3. Now we can start putting together the subnets
    • 192.168.19.0
    • 192.168.19.32
    • 192.168.19.64
    • 192.168.19.96
    • 192.168.19.128
    • etc…
  4. From looking at the IP ranges above, we can see 192.168.19.25 would fall into the 192.168.19.0 subnet

Problem 2: What subnet does 192.168.131.22/18 belong to?

  1. What’s the mask: 18
  2. To get the block size, do the following:
    • What’s the boundary above 18? It’s 24, so we subtract 18 from 24.
      • 24 – 18 = 6
    • Next we calculate 2^ 6, which gives us 64
    • 64 is the block size
  3. Now we can start putting together the subnets
    • 192.168.0.0
    • 192.168.64.0
    • 192.168.128.0
    • 192.168.192.0
    • 192.168.255.0
  4. From looking at the IP ranges above, we can see 192.168.131.22 would fall into the 192.168.128.0 subnet.

Problem 3: Provide a valid host range of the 3rd subnet of 192.168.144.0/29

  1. What’s the mask: 29
  2. To get the block size, do the following:
    • What’s the boundary above 29? It’s 32, so we subtract 29 from 32.
      • 32 – 29 = 2
    • Next we calculate 2^ 3, which gives us 8
    • 64 is the block size
  3. Now we can start putting together the subnets
    • 192.168.144.0
    • 192.168.144.8
    • 192.168.144.16 (3rd subnet)
    • 192.168.144.24
    • 192.168.144.32
    • 192.168.144.40
    • 192.168.144.48
  4. From looking at the IP ranges above, we can see 192.168.144.16 to 192.168.144.23.
  5. Remember that the subnet address (192.168.144.16) and the broadcast address (192.168.144.23) can not be used by a host.
  6. So the valid host range of the 3rd subnet is: 192.168.144.17 to 192.168.144.22

Book/Course Reviews

Course Review: SANS SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH)

No Comments

With one SANS course and certification under my belt, I had a better idea of what to expect and I changed my study strategy accordingly (see below). Also, this is second course in the SANS Security Engineering Master Program.

Material

I opted to go with the OnDemand option, which came with the following:

  • Official courseware books (sent via USPS)
  • 20+ hours of video training
  • Labs Two practice exams

There are six books, one book for each day of their in-person training.

  • 1: Incident Handling Step-by-Step and Computer Crime Investigation
  • 2: Computer and Network Hacker Exploits – Part 1
  • 3: Computer and Network Hacker Exploits – Part 2
  • 4: Computer and Network Hacker Exploits – Part 3
  • 5: Computer and Network Hacker Exploits – Part 4
  • 6: Hacker Tools Workshop (Lab)

The first book is all about incident response which I found interesting because I haven’t dealt with IR in my career. Books 2-5 are all about attacks and how the IR phases deal with them. Book 6 is one big lab and very interesting, especially if you’re new to the topics.

Studying Strategy

  • Step 1: Watched the videos at 1.25x speed, this took about a week.
  • Step 2: Read through the entire set of books with no note taking or highlighting. This step is solely for reviewing the material and not getting caught up in wanting to take notes.
  • Step 3: Go through the books for a second time but this time I will highlight topics I am not grasping fully and/or topics I feel like will definitely be asked on the exam.
  • Step 4: This will be the third and final time going through the books. I will focus more on what I highlighted rather than actually reading every word. I will only write down topics I am having trouble remembering, my goal is to keep my notes as small as possible.
  • Step 5: Edit SANS index at the back of book 5 (see below).
  • Step 6: Take practice exams (see below).

Index

With this being my second SANS course and certification, I believe this is the area I improved the most. For the first course, I relied more on SANS index and barely made any edits. This led to one major problem…when a topic had multiple pages listed, I didn’t know which page to look at, so I would sometimes waste 2-5 minutes going through 5-10 pages looking for the answer. This time around, I would highlight the page that was the most important on the index. This little change took my testing time from almost 4 hours with the GSEC to 2.5 hours with the GCIH.

Practice Exams

Just like the GSEC practice exams, I scored in the high 80’s and the real exam was very similar to the practice exams. Once again, my only complaint is that we are not able to review the practice exam questions after submitting the exam. I would like to have time to review the questions I got wrong and why…I shouldn’t have to feel rushed to write down what I got wrong and why.

Exam

The exam was fair, and the courseware prepares you well for the exam. I passed with a 89% and found the exam easier than the GSEC.

Labs

I’ll be honest and admit I did not attempt any of the labs for this course.

Thoughts

A few years back I was into ethical hacking, so I feel like I had advantage going into this class and that’s a major reason why I found this certification easier than the GSEC. It’s a fun course and I would recommend it to anyone who wants to get into incident response and/or ethical hacking.

Book/Course Reviews

Course Review: SANS SEC401 Security Essential (GSEC)

No Comments

The first course for the SANS Master of Science in Information Security Engineering program is SEC401 Security Essentials. I have read so many great things about SANS material and how their certification exams are open book, so I was very excited to get started and see what all the fuss was a about.

Material

I opted to go with the OnDemand option, which came with the following:

  • Official courseware books (sent via USPS)
  • 25+ hours of video training
  • Labs
  • Two practice exams

There are six books, one book for each day of their in-person training.

  • 1: Network Security Essentials
  • 2: Defense-In-Depth and Attacks
  • 3: Threat Management
  • 4: Crypto, Risk Management and Response
  • 5: Windows Security
  • 6: Linux Security

Studying Strategy

I pick up material faster by reviewing new topics via video. Once I comprehend the basics, I can pick up material faster through books. I knocked out the 25+ hours of video within the first week (tip: play the video at x1.25 or x1.50 to save you some time). A goal of mine was to study at least 3 hours a day.

Once the videos were done, I moved onto the courseware books. I decided to go with a new approach which included going through the material three times. My first run through of the books was solely reading with no note taking. From my past experiences, when I would take notes right away, I found myself taking forever to get through the material because I wanted to write down everything. During my second run through, I only highlighted information I found hard to grasp or topics I thought would for sure be on the test. Finally, with the third run through, I didn’t necessarily read every word, but I reviewed what I highlighted and decided if it was worth writing down.

Index

The famous SANS index! This idea of an open book certification test is brand new to me but also super intriguing. It’s especially intriguing because with the exams being open book, they are still highly regarded in the information security arena.

What I liked was that SANS provides an index in the back of book 6 so you don’t need to start from scratch. What I decided to do was take the first practice exam with the index SANS provided and tune-it, depending on how I did. I received an 87% on my practice exam, which was good but I was spending too much time looking up topics, so I decided to add to the index.

Practice Exams

The practice exams are of high quality and are similar to the real test, but you won’t see any duplicate questions. If you are scoring in the 80’s on your practice exams, I believe you are definitely ready to take the real thing. One thing I did not like about the practice exams, is that once it was over, you are not able to review the test…you will need to write down what you got wrong while taking the test. It would be more useful if the students could review the questions after the practice exam was over, so we don’t feel rushed trying to write down why we got the questions wrong but still trying to take the test.

Exam

Like I mentioned in the last section, the practice exams are very similar to the real test, so you should not be caught off guard in any way. I passed the exam with an 87%.

Thoughts

If you are new to security, then I would definitely recommend this course if your company is going to foot the bill. If you are paying out of pocket, I would suggest self-studying for CompTIA’s Security+.

Besides the amount of the information in the courseware, I found the real-life experiences and stories from the instructor to be super valuable and interesting. It’s one thing to read the material and understand the topics, but it’s another to have an information security expert tell you stories that involve what you’re learning…it really drives home the point.