10 Ways To Measure IT Security Program Effectiveness

original article

The right metrics can make or break a security program (or a budget meeting).

As CISOs try to find ways to prove ROI to higher ups and improve the overall effectiveness of security operations, the right metrics can make or break their efforts. Fortunately, infosec as an industry has matured to the point where many enterprising security leaders have found innovative and concrete measures to track performance and drive toward continual improvement. Dark Reading recently surveyed security practitioners and pundits to find out the best time-tested metrics to prove security effectiveness, ask for greater investment, and push security staff to improve their day-to-day work.

Average Time To Detect And Respond

Also referred to as mean time to know (MTTK), the average time to detect (ATD) measures the delta between an issue occurring—be it a compromise or a configuration gone wonky—and the security team figuring out there’s a problem. 

“By reducing ATD, Security Operations Center (SOC) personnel give themselves more time to assess the situation and decide upon the best course of action that will enable the enterprise to accomplish its mission while preventing damage to enterprise assets,” says Greg Boison, director of cyber and homeland security at Lockheed Martin.

Meanwhile, the mean time to resolution or average time to respond, will measure how long it takes for the security team to appropriately respond to an issue and mitigate its risk.

“Average Time to Respond (ATTR) is a metric that tells SOC management and personnel whether or not they are meeting objectives to quickly and correctly respond to identified violations of the security policy,” Boison says. “By reducing ATR, SOC personnel reduce the impact (including the cost) of security violations.”

Tracking these two metrics continuously over time can show how well a security program is improving or deteriorating. Ideally they should be growing smaller over time.

False Positive Reporting 

Tracking the False Positive Reporting Rate (FPRR) can help put the work of lower-level analysts under the microscope, making sure that the judgments they’re making on automatically filtered security event data is sifting out false positives from indicators of compromise before they escalate to others in the response team.

“Despite the implementation of automated filtering, the SOC team must make the final determination as to whether the events they are alerted to are real threats,” Boison of Lockheed Martin says. “The reporting of false positives to incident handlers and higher-level management increases their already heavy workload and, if excessive, can de-motivate and cause decreased vigilance.”

A high FPRR could indicate better training is needed from Level 1 Analysts or better tuning of analytics tools.

“All too often Level 1 analysts lack a good understanding and visibility to incidents cause and therefore escalate false alerts to Level 3 analysts,” says Lior Div, CEO of Cyberreason. “This causes waste of expensive resources.”

Mean Time To Fix Software Vulnerabilities

Whether for web, mobile, cloud-based, or internal applications, organizations that build custom software should be measuring how long it takes to remediate software vulnerabilities from the time they’re identified, says John Dickson, principal at Denim Group. 

“This measurement helps organizations understand the window of vulnerability in production software,” Dickson says. “Unfortunately, most organizations do not publish this metric internally and as a result, the most serious application vulnerabilities, like SQL injections, remain in production far too long.”

Realistically, this number may be skewed by fixes that don’t ever occur, particularly during the development process. Which is why organizations should also be tracking the number of critical defects fixed against those reported, which will show how effective static analysis is for the organization, says Caroline Wong, director of security initiatives for Cigital.

“To obtain this metric, the software security group must be performing static analysis, counting the number of defects initially found — by classification, during first scan — and counting the number of (critical) defects which are actually fixed by developers,” Wong says. “The quality of the code will not actually increase until the developer performs triage on the findings and fixes the actual software defects. The desired trend for this metric is to increase towards 100 percent.”

Patch Latency

In the same vein, patch latency can also show how effective the program is in reducing risk from the low hanging fruit.

“We need to demonstrate progress in the vulnerability patch process. For many organizations with thousands of devices, this can be a daunting task. Focus on critical vulnerabilities and report patching latency,” says Scott Shedd, security practice leader for consulting firm WGM Associates. “Report what we patched what remains unpatched and how many new vulnerabilities have been identified.”

Incident Response Volume

Tracking the total number of incident response cases opened against those closed and pending will help CISOs identify how well incidents are being found and addressed. 

“This shows that incidents are being identified along with remediation and root cause analysis,” says Shedd of WGM. “This is critical for continuous improvement of an information security program.”

Fully Revealed Incidents Rate 

This metric can also help get a bead on the effectiveness of the incident response and security analyst functions within a program. 

“What is the rate of incidents handled by security team into which they have a full understanding of the reason for the alert, the circumstances causing it, its implications, and effect?” says Div of Cybereason. 

The lower the rate compared to overall volume of opened cases will show gaps in visibility and could trigger an ask for more investment in human resources or tools.

Analytic Production Time

Is your security program suffering from information overload? Measuring the time it takes to collect data compared to when it is analyzed can help answer that question.

“Reducing the analytical timeline allows IT teams to recognize and act more quickly to prevent or detect and addresses breaches, thereby improving the organizations overall security posture,” says Christopher Morgan, president of IKANOW.

“Reducing the time it takes to analyze security data, from either internal firewall or SIEM information or outside threat intelligence feeds, requires giving data scientists the tools and time to focus on data analysis,” he says.

Percent Of Projects Completed On Time And On Budget 

CISOs can show accountability by offering the CEO, board, and CFO visibility into their spending process by offering metrics on the percent of strategic IT security projects completed on time and on budget, says Dan Lohrmann, chief strategist and chief security officer at Security Mentor. 

“This could be a project on encryption, new firewalls, or whatever the top security projects are,” Lohrmann says. “This metric ensures that security is accountable for delivering ever-increasing value and improvements to the executive team.”

Percentage Of Security Incidents Detected By An Automated Control

One way to justify spend on those shiny boxes is to start tracking just how many of the overall security incidents detected by the organizations are done through an automated tool.

“This is a good one because it not only encourages you to become familiar with how incidents are detected, it also focuses you on automation, which reduces the need for ‘humans paying attention’ as a core requirement,” says Dwayne Melancon, CTO of Tripwire. “It also makes it easier to lobby for funding from the business, since you can make the case that automation reduces the cost of security while lowering the risk of harm to the business from an unnoticed incident.”

Employee Behavior Metrics

Just how effective is all of that “soft” spending on security awareness training? Steve Santorelli of Team Cymru says there are ways to track and measure that, primarily through phishing and social engineering stress testing, where you test you staff for phishing awareness and social engineering awareness.

Basically, you run a fake phishing campaign and make a few hoax calls,” says Santorelli, director of analysis and outreach for the research firm. “Reward and publicize good results, help failures to learn from their errors, and you’ll have folks actively watching out for these attacks–for a few weeks at least.”

————–

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Advertisements

Subnetting

ip subnet

Part 6:

Determining Broadcast Addresses And Valid IP Address Ranges For A Given Subnet

No matter the format, you can use your knowledge of binary math to solve this question. You will convert the subnet address into binary, and determine the range of valid addresses as well as the broadcast address at the same time.  Let’s examine how to best answer the “range of valid IP address” question first, and then you’ll see how to quickly determine the broadcast address as well.

address

The question: “What is the range of valid IP addresses for the subnet 210.210.210.0 /25?” As with previous sections, you will use your binary math skills to convert the subnet address and subnet mask into binary. This will allow you to quickly spot the host bits, which are key to answering this question and the broadcast address question. The host bits are those bits set to “0” in the subnet mask.

Octet 1            Octet 2            Octet 3            Octet 4

Subnet Address

210.210.210.0                         11010010        11010010        11010010        00000000

Subnet Mask

255.255.255.128(/25)              11111111        11111111        11111111        10000000

There are three basic rules to remember when determining the subnet address, broadcast address, and range of valid addresses once you’ve identified the host bits as shown above:

1. The address with all 0s for host bits is the subnet address, also referred to as the “all-zeroes” address. This is not a valid host address.

2. The address with all 1s for host bits is the broadcast address, also referred to as the “all-ones” address. This is not a valid host address.

3. All addresses between the all-zeroes and all-ones addresses are valid host addresses, unless the question specifically states otherwise.

You can quickly see that the “all-zeroes” address is 210.210.210.0.  What will the value be if those host bits are set to all 1s? Use your knowledge of binary math to determine this!  The “all-ones” address is 210.210.210.127. If you had trouble making that conversion, review Section Two, “Converting Binary To Decimal”.  This conversion actually answers two different questions. This quick conversion shows you what the range of valid IP addresses is, and also gives you the broadcast, or “all-ones”, address. The second example question, “What is the broadcast address for the subnet 210.210.210.0 /25?”, is answered by using the same method.

Let’s look at another set of examples:

“What is the range of valid IP addresses in the subnet 150.10.64.0 /18?”

“What is the broadcast address of the subnet 150.10.64.0 /18?”

Octet 1            Octet 2            Octet 3            Octet 4

Subnet Address

150.10.64.0                 11010010        00001010        01000000        00000000

Subnet Mask

255.255.192.0 (/18)     11111111        11111111        11000000        00000000

If all the host bits are “zeroes”, the address is 150.10.64.0, the subnet address itself. This is not a valid host address.  If all the host bits are “ones”, the address is 150.10.127.255. That is the broadcast address for this subnet.  All bits between the subnet address and broadcast address are considered valid addresses. This gives you the range 150.10.64.1 – 150.10.127.254. 

Again, the method used to arrive at the range of valid IP addresses is the same as that used to discover the broadcast address of a given subnet.  Let’s take a look at the other question type from the first part of this section:

“Which of the following IP addresses are found on the same subnet as the IP address 210.210.210.130 /25?”

“Which of the following IP addresses are not found on the same subnet as the IP address 210.210.210.130 /25?”

subnet

For some subnetting questions, you’re going to have to determine more than one factor before you can give the correct answer. This question looks simple enough on the surface, but to answer this question type correctly, you must determine two things:

1. On what subnet can this address be found?

2. What is the range of valid IP addresses for this subnet?

In the example, you must first determine the subnet address of the IP address in question, which you learned how to do in Section Six:

Octet 1            Octet 2            Octet 3            Octet 4

IP Address

210.210.210.130                     11010010        11010010        11010010        10000010

Subnet Mask

255.255.255.128 (/25)             11111111        11111111        11111111        10000000

Boolean AND Result              11010010        11010010        11010010        10000000

Converting The Boolean AND Into Dotted Decimal:

128      64        32        16        8          4          2          1          Total

First Octet                   1          1          0          1          0          0          1          0          210

Second Octet              1          1          0          1          0          0          1          0          210

Third Octet                 1          1          0          1          0          0          1          0          210

Fourth Octet               1          0          0          0          0          0          0          0          128

If all the host bits are 0, the all-zeroes address is 210.210.210.128. If all the host bits are 1, the all-ones address is 210.210.210.255. All addresses between these two are valid. You would now look at the different IP addresses presented by the question and then determine which ones fall in the range 210.210.210.129 – 210.210.210.254 (or which ones don’t, if that’s what the question asks for.)

At first, it seems like a lot of work, but as with all other binary math operations, once you practice it, it will become second nature. This question seems longer to solve because it is, since two operations are needed to solve it. Since you’re well-versed in the fundamentals of binary math, this question will present no problems for you.

“Determining Broadcast Addresses” and “Determining Valid IP Address Ranges” Questions What is the valid IP address range for the subnet 222.23.48.64 /26?

Determining The All-Zeroes and All-Ones Subnet Addresses

Octet 1            Octet 2            Octet 3            Octet 4

Subnet Address

222.23.48.64               11011110        00010111        00110000        01000000

Subnet Mask

255.255.255.192         11111111        11111111        11111111        11000000

Identify The Host Bits                                                                            000000

All-Zeroes (Subnet) Address: 222.23.48.64 /26                                                                          

All-Ones (Broadcast) Address: 222.23.48.127 /26                                                                    

Valid IP address range: 222.23.48.65 – 222.23.48.126

EXAMPLE:  What is the valid IP address range for the subnet 140.10.10.0 /23?

Determining The All-Zeroes and All-Ones Subnet Addresses

Octet 1            Octet 2            Octet 3            Octet 4

Subnet Address

140.10.10.0                 10001100        00001010        00001010        00000000

Subnet Mask

255.255.254.0             11111111        11111111        11111110        00000000

All-Zeroes (Subnet) Address: 140.10.10.0 /23                                                                            

All-Ones (Broadcast) Address: 140.10.11.255 /23                                                                    

Valid IP address range: 140.10.10.1 – 140.10.11.254

See also:  Part 1, Part 2, Part 3, Part 4, Part 5, Part 6

Works Cited

Bryant, C. (2007). The Ultimate CCNA Study Package – ICND 1 And 2: Valid Hosts. In C. Bryant, The Bryant Advantage (p. 6).

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

Subnetting

Subnet-Mask2

Part 5:

Determining the Subnet number of a given IP Address

An example of a “determine the subnet number” question:

“What subnet is the address 200.17.49.200 /23 a member of?” or “On what subnet can the address 200.17.49.200 /23 be found?”

Subnet-Mask

This is one of those types of questions that often trips up CCNA candidates. It is because many don’t understand the Boolean AND operation, which is the only way you can properly answer this question. This segment will review the Boolean AND operation and show you how to use it in order to solve this question. As with anything else within this subject matter, once you are used to using the Boolean AND operation, everything else (of similar subject) tends to be easier.

The Boolean AND is, simply put, a bit-by-bit comparison of the IP address and a subnet mask. In this case, the Boolean AND will reveal the subnet upon which this IP address esists.  Your knowledge of binary math will be, and always is, key in you answering this question type as well, since the address and mask must be broken down into binary in order to perform the Boolean AND. 

You must use the skills of “Converting Dotted Decimal To Binary”, to convert the IP address to binary:

128      64       32       16        8         4          2          1

1st Octet: 200                         1          1          0          0          1          0          0          0

2nd Octet: 17             0          0          0          1          0          0          0         1

3rd Octet: 49               0          0          1          1          0          0          0         1

4th Octet: 200                         1          1          0          0          1          0          0         0

The IP address, in binary, is 11001000 00010001 00110001 11001000.  Your knowledge of prefix notation tells you that a subnet mask of /23 is 11111111 11111111 11111110 00000000. (The first 23 bits are ones).  Now that the IP address and subnet mask have been converted to binary, the subnet on which the IP address resides can be found by performing a Boolean AND. Remember, a Boolean AND is simply a bit by-bit comparison of the address and mask.

Bit 1    Bit 2    Bit 3    Bit 4    Bit 5    Bit 6    Bit 7    Bit 8

IP Address      1          1          0          0          1         0         0          0                                       Octet 1

Subnet Mask   1          1          1          1          1         1         1          1                                       Octet 1      

Note that where a bit in the same position is “1” in both the IP address and subnet mask, the Boolean AND result is also “1”. Any other combination results in the Boolean AND resulting in “0”.  And now that we’ve looked at the Boolean AND being run on a single octet, let’s run it on the entire IP address and subnet mask. This is the chart you should use on exam day to answer this question type:

Octet 1                       Octet 2            Octet 3            Octet 4

IP Address                  11001000        00010001        00110001        11001000                      200.17.49.200

Subnet Mask               11111111        11111111        11111110        00000000                      255.255.254.0 (/23)

Boolean AND            11001000        00010001        00110000        00000000                      Result

Subnet-Mask1

Once the Boolean AND result is achieved, it has to be converted into dotted decimal. Using your knowledge of converting binary to dotted decimal, you see that the IP address you were given is found on the 200.17.48.0 /23 subnet.

128      64        32        16        8          4          2          1

First Octet       1          1          0          0         1          0          0          0          200

Second Octet 0          0          0          1          0          0          0          1          17

Third Octet     0          0          1          1          0          0          0          0          48

Fourth Octet   0          0          0          0          0          0          0          0          0

You can now see where the skills you learned in earlier sections come into play in the more complex subnetting questions. When you master the fundamentals of binary math, as you have, you can answer any question Cisco gives you.

See also:  Part 1, Part 2, Part 3, Part 4, Part 5

 

Works Cited

Bryant, C. (2007). The Ultimate CCNA Study Package – ICND 1 And 2: Valid Hosts. In C. Bryant, The Bryant Advantage (p. 6).

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

Subnetting

ip-classes-5

Part 4:

DETERMINING THE VALID NUMBER OF HOSTS

These are examples of a “number of valid hosts” question:

“How many valid hosts exist on the 150.10.0.0 /20 subnet?”

“How many valid hosts exist on the 150.10.0.0 255.255.240.0 subnet ?”

A /20 mask indicates that the first 20 bits are set to “1”, which in expressed in dotted decimal as 255.255.240.0.  The way to determine the number of valid hosts is much like the previous section in determining the number of valid subnets, in that you must first determine how many subnet bits are present. The difference is that when determining the number of valid hosts, it is the number of host bits you’re concerned with, rather than the number of subnet bits.

Once the number of host bits is determined, use this formula to arrive at the number of valid hosts:

The number of valid hosts = (2 raised to the power of the number of host bits) – 2

In the example question, there is a Class B network, with a default mask of /16. The subnet mask is /20, indicating there are four subnet bits. Here’s where the difference comes in. There are 16 network bits and 4 subnet bits. That’s 20 out of 32 bits, meaning that there are 12 host bits. 2 to the 12th power is 4096; subtract 2 from that, and there are 4094 valid host addresses.

Illustrating the masks in binary illustrates where the host bits lie:

Default Network Mask           1st Octet          2nd Octet          3rd Octet          4th Octet

255.255.0.0                             11111111        11111111        00000000        00000000

Subnet Mask

255.255.240.0                         11111111        11111111       11110000        00000000

Remember, previously mentioned, that the bits that are set to “0” in the default mask and “1” in the subnet mask are the subnet bits?  The bits that are set to “0” in both masks are the host bits. That’s the value you need to have for the formula to determine the number of valid hosts.  Note that in both the formula for determining the number of valid hosts and valid subnets, 2 is subtracted at the end. What two hosts are being subtracted? The “all-zeroes” and “all-ones” host addresses, which are considered unusable.

How many valid host addresses exist in the 220.11.10.0 /26 subnet?

This is a Class C network, with a default mask of /24. The subnet mask is /26, indicating that there are 2 subnet bits. With 24 network bits and 2 subnet bits, that leaves 6 host bits:

Default Network Mask           1st Octet          2nd Octet          3rd Octet          4th Octet

255.255.0.0                             11111111        11111111        00000000        00000000

Subnet Mask

255.255.240.0                         11111111        11111111       11110000        00000000

(Boldfaced 11 bits are representative of the Host bits.)  2 to the 11th (211 ) power equals 2048; subtract 2 from that and 2046 valid host addresses remain.

 

See also:  Part 1, Part 2, Part 3, Part 4

Works Cited

Bryant, C. (2007). The Ultimate CCNA Study Package – ICND 1 And 2: Valid Hosts. In C. Bryant, The Bryant Advantage (p. 6).

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

 

 

Subnetting

ipv4-subnetting-sm

Part 3:

DETERMINING THE VALID NUMBER OF SUBNETS

1.  How many valid subnets exist on the 192.168.1.100/27 network?

OR,

2.  How many valid subnets exist on the 192.168.1.100 255.255.255.224 network?

The /27 in question one is called prefix notation and the 255.255.255.224 designation is the dotted decimal mask.  Both questions are the same, just written differently.

The /27 is an indicator as to how many ones (1s) are at the beginning of this network’s mask.  255.255.255.224, or /27, converted to decimal is 11111111 111111111 11111111 11100000.  One nice little tid-bit of information is that the number of network bits never changes.  Subnetting always borrows bits from the host bits, ALWAYS!

1st Octet 2nd Octet 3rd Octet 4th Octet
Default Classs C Network 11111111 11111111 11111111              00000000
This IP’s Subnet Mask 11111111 11111111 11111111 11100000

So, the question remains, how many valid subnets exist on the 192.168.1.100/27 network?

By comparison we can determine that a class C network has 24 network bits and therefore possess only 8 host bits.  On this network, we borrowed (remember) 3 bits from the host bits for our subnet.  [The number of valid subnets = 2x; where x is the number of set subnet bits (1’s)]  Therefore, 23 = 2 x 2 x 2 = 8, which is the number of valid subnets.

See also:  Part 1, Part 2, Part 3, Part 4

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

Subnetting

subnet-adv

Part 2

As mentioned prior to this, one of the key elements to subnetting is Binary, Octal, Decimal, and Hexadecimal conversion.  While I do like the Sybex Study Guide for CCNA by Todd Lammle, I do believe with respect to the subnetting aspect there are other better resources.  For example the Bryant Advantage system, the ICND 1 & 2 Study Guides for CCENT & CCNA by Wendell Odom (especially the Appendicies), and Test King (http://www.testking.com/).  I am certain that there are others, but I have come to an appreciation and an understanding after these; of course, the CCNA Bootcamp was an extreme help as well!

One trick that has stuck with me is this:  Key on the first several digits to the first segment of the IP Address (i.e., 10.0.0.1, 172.10.120.1, 192.168.1.100, 224.10.10.1, & 240.0.0.100)

10   = 00001010 = A first four digits 0000-0111

172 = 10101100 = B first two digits 1000-1011

192 = 11000000 = C first two digits 1100-1101

224 = 11100000 = D first four digits 1110

240 = 11110000 = E first four digits 1111

subnet3

This is a quick assessment trick which can cut off some time while determining to what subnet class the address is a part of.  Of course, it is just as easy to memorize the entire spectrum.

Here are some IPv4 Subnet Cheat Sheets that you may find helpful: http://packetlife.net/library/cheat-sheets/, http://www.subnetonline.com/pages/references/ipv4-cheat-sheet.php, http://www.quest4.org/ccna/subnet_cheat_sheet.htm, http://www.subnetting-secrets.com/subnetting-cheat-sheet.html, http://search.yahoo.com/search?p=subnet+cheat+sheets&ei=UTF-8&fr=moz35, http://search.yahoo.com/r/_ylt=A0oGdVfl9CxRNUgA3GBXNyoA;_ylu=X3oDMTE1ZWJyN2IxBHNlYwNzcgRwb3MDMTcEY29sbwNzazEEdnRpZANRSTAyNl8xMzQ-/SIG=143bk83dn/EXP=1361929573/**https%3a//learningnetwork.cisco.com/servlet/JiveServlet/download/102742-14596/TCPIP-Subnetting%2520cheatsheet.PDF, http://subnetmask.info/

Look through some of these cheat sheets, you may pick something up from them; on the other hand, you may already know it – to which I say GREAT!

homelab

Some questions you need for determining subnets, hosts, etc.:

  1. How many subnets?  2= number of subnets (x is the subnetted masked bits or 1’s; 11000000 2 ones = 22 = 4 subnets)
  2. How many hosts per subnet?  2y-2 where y is the number of unmasked bits or 0’s; 11000000 = 26-2 = 64-2 = 62 hosts.
  3. What are the valid subnets?  256 – subnet mask = block size or increment; 256 – 192 = block size of 64.
  4. What is the broadcast address for each subnet?  Our broadcast address is the last address prior to the next subnet; i.e., our block size is 64 then our starting addresses are 0, 64, 128, 192…therefore, the broadcast address would be the on prior to the last which is 63, 127, 191, & 255.
  5. What are the valid hosts? The valid hosts are all of the addresses in between the subnet and the broadcast addresses; i.e., with the block size of 64 then our valid hosts are: 1-62, 65-126, 129-190, & 193-254.

See also:  Part 1, Part 2, Part 3, Part 4

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

Subnetting

What-Is-Subnetting

Part 1

I have been debating how to approach this subject of Subnetting, there is not much to say other than it really sucks to learn.  But once you learn it, it just gets easier and more understandable.  Unfortunately, every new subject you learn, with which you have no familiarity with is going to be absolute hell unless you can pick it up quickly.  When I started learning subnetting and then relearned and re-familiarized myself, I have to admit it was tough and I just was not getting it.  But the information super highway, Youtube, and many other tid-bits of information out there in the world can make all the difference in the world.  You might not understand what one method teaches there is always another method that may take hold in your brain.  So, take heart…it may be a roller coaster, but it is our roller coaster.  Just keep looking for the method that makes sense to you, it is out there.  Below are some references, which are not all inclusive as there are a multitude more references for your viewing pleasure.

Youtube, as you probably already know, is an underutilized resource and valuablesubnet-study tool in your arsenal of learning.

Look through these references, videos (you won’t need to view all, just until you are comfortable), and the other web-sites.  To really prepare yourself for the test (CCENT or CCNA) use the IPv4 subnetting – random question generator v1.6  as it will generate random IPv4 subnetting questions for you to practice on (makes it easy for you!)

headerfistAlso, keep in mind that you will be tested on IPv4 for subnetting, so that is what we will be using.  IPv6 is being deployed and you may see it on the test for CCNA, but more likely than not you will not receive test questions on the subnetting of IPv6.

Until we meet again in Part 2…

See also:  Part 1, Part 2, Part 3, Part 4

References:

http://www.vaughns-1-pagers.com/computer/powers-of-2.htm

http://infocenter.guardiandigital.com/manuals/IDDS/node9.html

http://whatismyipaddress.com/cidr

http://wiki.samat.org/CheatSheet/IPv4CIDRNotation

http://www.subnet-calculator.com/cidr.php

VIDEOS:

https://www.youtube.com/results?search_query=boolean+algebra+tutorial&oq=boolean+algebra+tutorial&gs_l=youtube.12..0.2938.2938.0.4782.1.1.0.0.0.0.82.82.1.1.0…0.0…1ac.2.IyvT0psNQTI

https://www.youtube.com/results?search_query=subnetting+made+easy&oq=subnetting+made+easy&gs_l=youtube.12..0l8.5848.5848.0.8952.1.1.0.0.0.0.56.56.1.1.0…0.0…1ac.2.HQ7nSkrQ9tk

https://www.youtube.com/results?search_query=subnetting+tutorial+ccna&oq=subnetting&gs_l=youtube.1.4.0l10.25943.25943.0.36475.1.1.0.0.0.0.56.56.1.1.0…0.0…1ac.1.j6HYrKoahwE

https://www.youtube.com/results?search_query=subnetting&oq=subnetting&gs_l=youtube.3..0l10.43020.43020.0.44157.1.1.0.0.0.0.53.53.1.1.0…0.0…1ac.1.wbNxlIPMxB4

http://video.search.yahoo.com/search/video;_ylt=A0S00MtSWBlRFUEAyxb7w8QF;_ylu=X3oDMTBrMWQyNXBmBHNlYwNzZWFyY2gEdnRpZANWMTM2?p=ip%20subnetting&ei=utf-8&fr=moz35&fr2=sg-gac&sado=1

Other Web-Sites:

http://mrwhatis.com/subnetting-box-method.html

http://www.subnetting-secrets.com/easy_way_to_subnet.html

http://orbit-computer-solutions.com/VLSM.php

http://www.gtcc-it.net/billings/VLSM.htm

http://www.subnetting-secrets.com/vlsm.html

http://www.subnetting-secrets.com/easy_way_to_subnet.html

IPv4 subnetting – random question generator v1.6  http://subnetting.org/