# erzadel.net

## Speaking of SecurityJune 7, 2016

### Tags: Internet, Technology

My last post was about security by obscurity and I talked a little about trying to implement security techniques into my projects. This is really great timing.

Last week, various online services ran by my university were down. It was really inconvenient not having access to my e-mail but I took it in stride. I figured it was just the servers acting up or malware or something like that. It turns out that my university was dealing with a ransomware attack. I was half right. Ransomware is malware that basically holds a system hostage until a ransom is paid. My university gave into it and paid \$20 000 to get the systems back.

Honestly, it seems to me like paying the ransom was the smart choice. Thousands of users were affected by this attack and it’s probably costing them a lot more not having their systems than to pay the money. It’s probably the easiest route. I haven’t done much research on it but apparently FBI recommends this. It’s better if you don’t pay the ransom but if you’re not tech savvy or the stakes are too high (but not like top secret government stakes), it’s probably a good idea.

Also, personal anecdote. I’ve had an instance of “ransomeware.” It was more like adware ransomware. I was browsing around and all of a sudden my screen flashed and accused me of a crime and asked me to pay a fine. I read through it several times and I froze a bit. I was innocent of the crime (of course) but I was worried that maybe it was something that could easily look like I commited it (think like authors who joke about being on some kind of list for researching murder methods for a book). But I calmly opened up my phone and looked up the message. Common ransomware. So I safely ignored it. Thank goodness because the amount they were asking was easily ten times more than what’s in my bank account.

## Security By Obscurity: Just Hide It?June 6, 2016

### Tags: Technology , security

Last semester I took an introductory course to information security. One of the concepts we touched on was “security by obscurity.” Basically what that means is if no one is aware of something, they can’t possibly break into it. For example, hiding your diary is a form of security by obscurity. Of course, this has it flaws. There is always the possibility that someone could somehow stumble upon your diary by accident. There might people actively looking for something valuable to you but they won’t know what it is until they find it. Notice I didn’t mention “if” they find it. It’s always a good practice to assume that they will find it. This is one of the reasons why security by obscurity is not ideal.

Truth be told, I use security by obscurity. The diary analogy I used was something that I actually do. Now, my mom loves to poke around and I still live with her. She has read my diaries in the past so it’s not far-fetched that she would find my diary one day and read it. This is why I don’t use it as my only form of security. My journal entries are either about really mundane stuff or encrypted with Elian script. So unless my mother is good at cracking ciphers (which I highly doubt as English is her second language and frequency analysis is probably lost on her), I can safely assume that my secrets are safe with me.

The reason why I suddenly started thinking about this is because I have a project that I’ve been working on. I’ve been trying to build a book management script. Right now I’m just finishing up simple features for the admin panel such as tagging a book, adding a review to a book, editing author names, etc. All of this is currently in a folder with an obscure name. At first I thought that if my admin folder wasn’t named something obvious like “admin,” I would less likely have a security breach. Who would want to hack my tiny and unpopular websites anyway? Then I realized, wait, that’s a really bad idea.

Curious, I looked up if there was a way to discover folders that were not explicitly linked publically. I was not surprised when I saw that such a way does indeed exist. In fact, there are several ways (or programs) to do this. Software like URL Fuzzer and DirBuster utilize a method called fuzzing. In my introductory class, we would classify this as a brute force method. What fuzzing does is try any possible number of combinations in order to find a weakness. In this case, it tries to find out if a folder exists. Specifically, DirBuster goes through a list of words (have not checked if it includes random strings or just common words) and appends them to a URL. Depending on the HTTP status code (things like 404 not found or 403 forbidden), it can determine if a folder exists on the website or not.

So, knowing this, I could still use security by obscurity. However, like my diary, I plan to implement other layers of security. Whether or not it will increase security or just give it security it didn’t have in the first place, I’m not sure (entropy wasn’t my strong point in my information security course). But I am sure that leaving it as a randomly named folder is not the way to go. I know how to do simple PHP sessions with a login but only with matching the submitted password with a plaintext password in a database. That’s a whole other realm of security issues so I’m going to start reading up on hashing passwords in PHP. I’ve poked around some open source scripts and have found MD5 hash functions so that’s probably what I’m aiming for. Honestly, I’m not well-versed in web security specifically (other than SQL injections are bad and you have to sanitize them) but that’s why I’m still learning.

So the next time you think you’re just going to hide something and think you’ll be fine, you probably will be but it’s better if you combine it with some other security technique especially if it contains sensitive information.

## CCNA1 8.2.1.4 Packet Tracer – Designing and Implementing a VLSM Addressing SchemeJune 4, 2016

### Tags: Technology , CCNA

I’m currently taking the CCNA1 course offered by Cisco. I struggled a lot with this activity so I thought it would be good to share how I finally figured it out. If you’re a little lazy and just want the answers, click here to go straight to the addressing table or here to download the PDF. Be aware that the addresses may vary but the process is the same regardless.

I am only human and will make mistakes so do not hesitate to point out any errors!

### Part 1: Examine the Network Requirements

#### Step 1: Determine the number of subnets needed.

You will subnet the network address 192.168.72.0/24. The network has the following requirstrongents:

• ASW-1 LAN will require 7 host IP addresses
• ASW-2 LAN will require 15 host IP addresses
• ASW-3 LAN will require 29 host IP addresses
• ASW-4 LAN will require 58 host IP addresses
##### How many subnets are needed in the network topology?

5 subnets are needed. If you look at the topology, there are 4 LANs (coloured in orange) and 1 serial connection between Building1 and Building2. Therefore, you need 5 subnets.

#### Step 2: Determine the subnet mask information for each subnet.

The original subnet mask of the network address is 255.255.255.0. This comes from the prefix length /24, which indicates that there are 24 bits set in the subnet mask. We will use this as the basis for subnetting.

 11111111 11111111 11111111 00000000 255 255 255 00000000
##### a. Which subnet mask will accommodate the number of IP addresses required for ASW-1?

255.255.255.240 with a prefix length of /28.

First, calculate the number of host bits that will be able to contain at least 7 hosts.

$$2^n-2\\ = 2^4 – 2\\ = 14 usable >= 7 required$$

14 is greater than 7, so this gives 4 bits are not set in the subnet mask.

 255 255 255 240 128+64+32+16+8+2+1 128+64+32+16+8+2+1 128+64+32+16+8+2+1 128+64+32+16 11111111 11111111 11111111 11110000
##### How many usable host addresses will this subnet support?

14. This comes from the formula in the previous question.

##### b. Which subnet mask will accommodate the number of IP addresses required for ASW-2?

255.255.255.224 with a prefix length of /27.

$$2^n-2\\ = 2^5 – 2\\ = 30 usable >= 15 required$$
 255 255 255 224 11111111 11111111 11111111 11100000

30.

##### c. Which subnet mask will accommodate the number of IP addresses required for ASW-3?

255.255.255.224 with a prefix length of /27.

$$2^n-2\\ = 2^5 – 2\\ = 30 usable >= 29 required$$
 255 255 255 224 11111111 11111111 11111111 11100000

30.

##### d. Which subnet mask will accommodate the number of IP addresses required for ASW-4?

255.255.255.192 with a prefix length of /26.

$$2^n-2\\ = 2^6 – 2\\ = 62 usable >= 58 required$$
 255 255 255 224 11111111 11111111 11111111 11000000

62.

##### e. Which subnet mask will accommodate the number of IP addresses required for the connection between Building1 and Building2?

255.255.255.2552 with a prefix length of /30.

We can use one subnet for the WAN. Since there are only two routers involved, we just need two addresses for this subnet.

$$2^n-2\\ = 2^2 – 2\\ = 2 usable >= 2 required$$
 255 255 255 252 11111111 11111111 11111111 11111100

### Part 2: Design the VLSM Addressing Schstronge

#### Step 1: Divide the 192.168.72.0/24 network based on the number of hosts per subnet.

##### a. Use the first subnet to accommodate the largest LAN.

192.168.72.0/26. The largest LAN is ASW-4 with 58 hosts. Subnet 192.168.72.0/24 into 192.168.72.0/26. This will give us 4 subnets ($$2^2 = 4$$) with 64 hosts per subnet.

The subnets are:

• 192.168.72.0
• 192.168.72.64
• 192.168.72.128
• 192.168.72.192

Since the subnets each contain 64 hosts, simple add 64 to the last octet. This method will not be as feasible for subnets with a large number of hosts. Another way is to convert everything to binary. Only the first 2 bits will change while the rstrongaining 6 bits stay the same.

 192.168.72.0 110000.10101000.01001000.00000000 192.168.72.64 110000.10101000.01001000.01000000 192.168.72.128 110000.10101000.01001000.10000000 192.168.72.192 110000.10101000.01001000.11000000
##### b. Use the second subnet to accommodate the second largest LAN.

192.168.72.64/27.. We are using the second subnet because we are reserving the first subnet for the ASW-4 network. The second largest LAN is ASW-3 with 29 hosts. Subnet 192.168.72.62/26 into 192.168.72.62/27. This will give 2 subnets ($$2^1 = 2$$) with 32 hosts per subnet. We use $$2^1$$ because the base is /26 and /27 is only one bit longer.

The subnets are:

• 192.168.72.64
• 192.168.72.96
 192.168.72.64 110000.10101000.01001000.01000000 192.168.72.96 110000.10101000.01001000.01100000
##### c. Use the third subnet to accommodate the third largest LAN.

192.168.72.96/27. The third largest LAN is ASW-2 with 15 hosts. In the previous question, we already have 2 subnets that have 32 addresses each. The second subnet will be able to accomodate ASW-2. So we do not need to subnet further.

##### d. Use the fourth subnet to accommodate the fourth largest LAN.

192.168.72.128/28. Subnet 192.168.72.128/26 into 192.168.72.128/28. This will give 4 subnets ($$2^2 = 4$$) with 16 hosts per subnet. We use $$2^2$$ because the base is /26 and /28 is two bits longer.

The subnets are:

• 192.168.72.128
• 192.168.72.144
• 192.168.72.160
• 192.168.72.176
 192.168.72.128 110000.10101000.01001000.10000000 192.168.72.144 110000.10101000.01001000.10010000 192.168.72.160 110000.10101000.01001000.10100000 192.168.72.176 110000.10101000.01001000.10110000
##### e. Use the fifth subnet to accommodate the connection between Building1 and Building2.

192.168.72.145/30 and 192.168.72.146/30. Subnet 192.168.72.144/28 into 192.168.72.144/30. This will give 4 subnets ($$2^2 = 4$$) with 2 hosts per subnet.

The subnets are:

• 192.168.72.144
• 192.168.72.148
• 192.168.72.152
• 192.168.72.156
 192.168.72.144 110000.10101000.01001000.10010000 192.168.72.148 110000.10101000.01001000.10010100 192.168.72.152 110000.10101000.01001000.10011000 192.168.72.156 110000.10101000.01001000.10011100

#### Step 2: Document the VLSM subnets.

Complete the Subnet Table, listing the subnet descriptions (e.g. ASW-1 LAN), number of hosts needed, then network address for the subnet, the first usable host address, and the broadcast address. Repeat until all addresses are listed.

##### Subnet Table
Subnet Description Number of Hosts Needed Network Address/CIDR First Usable Host Address Broadcast Address
ASW-1 LAN 7 192.168.72.128/28 192.168.128.129 192.168.128.143
ASW-2 LAN 15 192.168.72.64/27 192.168.72.65 192.168.72.95
ASW-3 LAN 29 192.168.72.96/27 192.168.72.97 192.168.72.127
ASW-4 LAN 58 192.168.72.0/26 192.168.72.1 192.168.72.63
Serial WAN 2 192.168.72.144/30 192.168.72.145 192.168.72.147

#### Step 3: Document the addressing schstronge.

##### a. Assign the first usable IP addresses to Building1 for the two LAN links and the WAN link.
• ASW-1 LAN: 192.168.72.129
• ASW-2 LAN: 192.168.72.97
• Serial WAN: 192.168.72.145
##### b. Assign the first usable IP addresses to Building2 for the two LANs links. Assign the last usable IP address for the WAN link.
• ASW-3 LAN: 192.168.72.65
• ASW-4 LAN: 192.168.72.1
• Serial WAN: 192.168.72.146
##### c. Assign the second usable IP addresses to the switches.
• ASW-1: 192.168.72.130
• ASW-2: 192.168.72.98
• ASW-3: 192.168.72.66
• ASW-4: 192.168.72.2
##### d. Assign the last usable IP addresses to the hosts.
• Host-A: 192.168.72.142
• Host-B: 192.168.72.94
• Host-C: 192.168.72.126
• Host-D: 192.168.72.62

### Part 3: Assign IP Addresses to Devices and Verify Connectivity

Now it’s just a matter of plugging in values into Packet Tracer if you haven’t already.

### Addressing Table

Device Interface IP Address Subnet Mask Default Gateway
Remote-Site 1 G0/0 192.168.72.129 255.255.255.240 N/A
G0/1 192.168.72.97 255.255.255.224 N/A
S0/0/0 192.168.72.145 255.255.255.252 N/A
Remote-Site 2 G0/0 192.168.72.65 255.255.255.224 N/A
G0/1 192.168.72.1 255.255.255.192 N/A
S0/0/0 192.168.72.146 255.255.255.252 N/A
SW1 VLAN 1 192.168.72.130 255.255.255.240 192.168.72.129
SW2 VLAN 1 192.168.72.98 255.255.255.224 192.168.72.97
SW3 VLAN 1 192.168.72.66 255.255.255.224 192.168.72.65
SW4 VLAN 1 192.168.72.2 255.255.255.192 192.168.72.1
User-1 NIC 192.168.72.142 255.255.255.240 192.168.72.129
User-2 NIC 192.168.72.126 255.255.255.224 192.168.72.97
User-3 NIC 192.168.72.94 255.255.255.224 192.168.72.65
User-4 NIC 192.168.72.62 255.255.255.192 192.168.72.1

## Blogilates Beginner’s Workout Calendar 2.0: Day 28March 15, 2016

### Tags: Fitness, Life , blogilates, blogilates beginners calendar

Disclaimer: This “review”/blog series is NOT sponsored in any way and all opinions are entirely of my own.

### Day 28: Rest Day

Oh my goodness, today is the last day of the fitness calendar! I can’t believe I made it! I didn’t make this cookie (I haven’t made any of the rest day recipes) but like with the rest of the recipes, I would love to try this eventually!

## Blogilates Beginner’s Workout Calendar 2.0: Day 27March 14, 2016

### Tags: Fitness, Life , blogilates, blogilates beginners calendar

Disclaimer: This “review”/blog series is NOT sponsored in any way and all opinions are entirely of my own.

### Day 27: Total Body

Today is the last day of the beginner’s workout calendar, not including the rest day tomorrow! I think I’ll make a blog post the day after rest day to talk about how the month went. As for today, today was a lot of sweat and groaning! A lot of cardio today, even if it isn’t intensive.

### Video 1: Fat Burning Ladder for Toned Thighs and Abs

There is a couple of basic moves done in 45, 30, and 20 second bursts. Thankfully, the moves are pretty doable. The only time I paused was when I had to position my laptop to see the screen properly between moves.

• Froggy Hop: I did the beginner’s version of this move, solely because I didn’t want to wake up my dad downstairs. This is the least intensive move in this video.
• Push Up Plank: I hate these so much!!! Halfway through, I had to switch from the advanced to beginner’s version. Push ups are not my area of expertise.
• Inner Thigh Lunge: I’m not sure if it’s because of yesterday’s workout, but I felt actual pain doing these. I don’t even remember what yesterday’s workout was and if there were a lot of thighs involved…
• Criss Cross Abs: I’m starting to love and hate this move. There is a lot of this move in today’s workout.

### Video 2: Flat Belly Fat Burner

• In and Out: I just did froggy hop beginner’s version as to not wake up my dad, yet again.
• Roll Ups: This is my favourite move of all time. It’s fun doing them fast. I still can’t do them without lifting up my legs but my feet are little a little lower each time.
• Surfers: This is another move I had to modify to be quieter. I just kind of stepped on one leg and spun around fast.
• Triple Crunch: I really don’t know how to do crunches without straining my neck. In fact, it just feels like I’m straining my neck!
• Burpees: Yet another move I had to modify. I did the silent burpees plus a mini push up.
• Double Leg Lifts: I tried really hard to focus on my abs with this move. I definitely felt it.
• Football Runs: Good thing this move focuses on light feet because I really did not want to wake my dad up.
• Eagle Abs: how do I do these properly? I’m doing them in a way that I really feel my abs but I’m sure that if someone watched me and then watched Cassey, they would laugh at me, haha!
• Criss Cross Abs: There is around 2-3 minutes of this move… It’s so hard to do for such a long time! Cassey does add some variation but of course, it’s to challenge us and not to make it monotonous.

### Video 3: 6 Minutes to a Sexy Booty

Still debating whether or not I want a “booty” or not. I did the video anyway.

• Cross Butt Lift: This move is really interesting… I could feel the burn through the entire thing. I also did not do it properly because I just could not make my knee touch the floor.
• Fire Hydrant: When I first tried this move, it was pretty easy but in this video, after those cross butt lifts, my butt was on fire! Ironic, considering the name of the move, haha.
• Heel Lift: Oh my legs! And more importantly, oh my butt… The pulses are torturous.