To access material, start machines and answer questions login.
A team deploys a new backend server. They place it in a subnet named backend-private and assume it is isolated from the internet. Months later, a security scan reveals the instance has a public IP and a direct route to the Internet Gateway. The name on the subnet said "private." The route table said otherwise.
In , a subnet is not private because of its name or tag. It is private because its route table has no route to an Internet Gateway. This is one of the most commonly misunderstood networking concepts in , and it has played a role in multiple real-world breaches.
In this room, you will investigate an internal server running in a subnet intended to be private, but is actually publicly routable. You will identify the misconfiguration, fix it, and build a properly segmented from scratch.
Learning Objectives
- Understand how route tables determine whether a subnet is public or private
- Identify unintended internet routes on subnets using the
- Explain why naming and security groups alone are an insufficient defense in depth
- Remediate a publicly routable private subnet by replacing its route table and disabling public IP auto-assignment
- Design a properly segmented with distinct public and private tiers from scratch
Prerequisites
- Being able to set up your environment (First Steps Into room)
- Basic commands ( Fundamentals room)
- Have a basic understanding of the networking service (Introduction to Cloud Networking room)
Rise and shine. Your subnet has been... waiting.
Ready to learn Cyber Security?
The The Not So Private Subnet room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in
