Do Not Fear Subnetting Your Network. Embrace it!

xxxxxxxxxxThe growth of your business has increased substantially over the last several months; however, the rapid growth has also increased the network congestion resulting in slower speeds and reduced performance which are affecting end-users directly; While maintenance and problem resolution have become extremely time consuming and arduous.
Do not fear; there is a solution- ‘Subnet Your Network.’
Often, the mere mention of subnetting evokes the ‘fight or flight’ response in many individuals or is dismissed too quickly because it is considered ‘too time-consuming,’ or ‘too complicated,’ ‘the math is too difficult,’ or ‘it is only useful for extensive networks.’
In reality, the benefits are wide-ranging for a subnetted network; From the troubleshooting of network issues to having a birdseye-view into the utilization of bandwidth, traffic patterns, network efficiency and atypical activity that can drain resources, it allows for more streamlined allocation of critical resources to vastly improving network security by applying more granular access controls in logical groups.
In contrast, a poorly designed network has higher support costs, diminished services and fewer solutions that can be supported, in addition to less than ideal performance. These issues can quickly become unruly creating a domino-effect potentially resulting in a network outage, which is not only costly and frustrating for your end-users, it can be exceedingly costly for your business as well.

Subnetting is the process of dividing up an extensive network into two or more smaller networks. By doing so, subnetting reduces broadcast traffic by having different devices communicate with different networks rather than all the devices on one network trying to communicate at the same time.
Smaller networks can be efficiently designed to represent logical groups for example as different departments – sales, marketing, and development. Alternatively, they can be divided into hardware devices – VoIP, servers, and workstations. These designs allow for the ability to isolate individual devices within the logical groups which are critical when troubleshooting issues within the network.
Also, a subnetted network allows for better control of the flow of traffic including Quality of Service (QoS) which can be considered the backbone of any successful business. QoS is increasingly vital across today’s’ networks. Not only is it a requisite for voice and video streaming, but it’s also an indispensable element in supporting the ever-expanding domain of the Internet of Things (IoT).
When it comes to security on a subnetted network, the benefits are extensive and extremely underrated.

First, by breaking the network up into multiple smaller networks, it is by far faster and easier to isolate compromised networks thus, containing and targeting current threats, preventing further damage to the remainder of the network. Secondly, today, data is the most critical asset to any company, and the loss or defilement of that data could be devastating to any business. Rather than having all resources on one network, it is safer to have a network with the critical business data isolated, secured from internal users who attains access into areas of the network that they don’t belong in addition to other potential bad actors. Even an unsophisticated attack could not only incapacitate the entire network but could also allow for a data breach with estimates that more than half of small to medium businesses never recover.
In conclusion, subnetting is a cornerstone of a well-defined strategy, an approved best-practice, and a comparatively easy and inexpensive way to reduce risk, gain profitability, improve adaptability and increase security.

Really? Haha, No…

forensics15

Over the weekend, I participated in GoogleCTF2017, my first Capture The Flag (CTF) event. It was both humbling and exciting.  

If you asked me three days ago what was the absolute worst thing someone could say to me, I would have given a completely different answer than today, but today, my answer is ‘Really? Haha, no…’ a phrase I heard way too many times as I worked through the challenges trying to find flags.

In a CTF, each team has a set of challenges that needs to be solved in order to find the flag and grab the points. The flag is usually a piece of code =>CTF{this-is-a-flag}<=.  

CTF competitions touch on many aspects of information security including cryptography, steganography, reverse engineering, forensics, and other topics.

There are three common types of CTFs 

  • Attack and Defend
    • Red Teams (Offense) vs. Blue teams (Defence) actively attacking and defending network infrastructures.
  • Jeopardy.
    • Challenges are broken up into multiple topics ranging from easy to difficult, to insane. 
  • Mixed.
    • Varied formats. Depends upon the host of the event.

GoogleCTF2017 was set up as a Jeopardy-style event, and it turns out that I knew more than I thought; Moreover, it was a wonderful experience competing against peers and picking up mad new skills while expanding upon my security knowledge.

In order to increase my skills in preparation for this CTF (and many others to follow), I used the websites below to practice and train.

As a Front-end developer, knowing how to exploit your own web applications before a cyber criminal can is critical and Google Gruyere is an invaluable resource. You ‘learn by doing’ and in that process, you come to understand how applications can be attacked using cross-site scripting vulnerabilities (XSS) and cross-site request forgeries (XSRF). Additionally, it allows the user(s) to find, fix, and avoid vulnerabilities and other bugs that have an impact on security including

  • Denial-of-service (DoS)
  • Information disclosure.
  • Remote code execution.

However, the greatest part of the weekend I have neglected to mention so far was the elation you feel when you use tactics and exploits to find a flag, and it works, i.e., ‘you have successfully hacked something, and you captured a flag.’ Today, I realized, I belong in this field.

Results:

995 points, six challenges, ten hours, two days.

  • 1 Miscellaneous
    • Start Here (FAQ)
  • 3  Crypto Challenges
    • Crypto Backdoor
    • Introspective CRC
    • Shake it
  • 1 Pwn
    • Inst Prof
  • 1 Web
    • Joe

You don’t have to be an expert in order to compete in a CTF. You just need an unrelenting curiosity and passion to never quit!  The purpose of the competition, besides capturing the flag,  is to recognize your strengths and more importantly your weaknesses. CTFs require a great deal of work and dedication but are highly rewarding. Strive for excellence.

ctf_tools_1_dark_sd