yes
ICANWK503A – Install and Maintain Valid Authentication Processes RTO No: 20829 CRICOS Provider Code: 02044E ABN: 41 085 128 525 STUDENT COPY- CR Version 1.2 Assessment Resources Summary Unit Details ICTNWK511 - Manage network security This unit requires each student to undergo adequate practice and preparation prior to undertaking the assessments in a classroom/simulated environment. Students are required to complete ALL summative assessments listed below in order to be deemed “Competent” in this unit of competency. Assessment Methods Written Assessment Assessment 1 Case Study Assessment 2 Lab Assessment 3 Questions Assessment 4 Issue Date January 2018 a Page 2 of 21 Assessment Resources ICTNWK511 Unit Summary The unit objectives, prerequisites, co-requisites and other pertinent information about this unit is described at https://training.gov.au/Training/Details/ICTNWK511 Resources Students should refer to this unit in Moodle (e-learning.vit.edu.au) to access a list of resources for this unit (see Learner Resources section for relevant articles, links, instructions for labs etc). Lab Resources 1. Topic - Security Scanners (in Learner Resources, use for Lab 1) 2. Topc – Network Protocol Analyzers (for Lab 2) 3. Topic – Logging and security reporting (for Lab 3) For labs 1 and 2, you have the option of using the virtual machine ICTNWK511 that has been set up in the C:\lab-files folder on the machines in the Level 10, Room 4 lab. If you prefer, you can also install the required software on your own computer. For lab 3, you need to set up a trial account at https://www.splunk.com/page/sign_up/es_sandbox?redirecturl=%2Fgetsplunk%2Fes_sandbox This will give you access to a trial account with realistic security reporting such as you would encounter in a medium or large enterprise network. Note you only get the account for seven days, so you should aim to complete the lab as soon as you can after setting up the account. https://www.splunk.com/page/sign_up/es_sandbox?redirecturl=%2Fgetsplunk%2Fes_sandbox a Page 3 of 21 Assessment Resources ICTNWK511 Assessment 1: Written Assessment Student Name: ______________________________________________________________ Student ID No: ______________________________________________________________ Student Instructions: • This is an open book assessment, and you should consult your Learner Resources and other material as needed. • Your answers should be on a separate document using word processing software such as MS Word & or other software (hand written submissions are only acceptable with prior approval from your Trainer) . • Your document should be professionally formatted and include o Your Name o Your Student ID o Unit Code o Assessment Number (i.e. ICTNWK511 Assessment 1) • Please reference to each question number and retype each question with your answers. • This is an open book assessment, you must answer every question and provide enough information to demonstrate sufficient understanding of what has been asked to achieve competency. Please ask your Trainer/Assessor if you are unsure what is sufficient detail for an answer. • Ask your trainer/assessor if you do not understand a question. Whist your trainer/assessor cannot tell you the answer, he/she may be able to re-word the question for you or provide further assistance based on the Institute’s “Reasonable Adjustment Policy”. • Answers should be your own work, in your own words and not plagiarised, nor copied. However, if an answer is cut & pasted (such as a definition), then the source should be referenced a Page 4 of 21 Assessment Resources ICTNWK511 Student information: Answer the questions below. Keep your answers short and to the point – unless specified otherwise, your answers should not exceed 300 words for any individual question (and often can be less – use your judgment). Use your own words in your answers – do not copy large amounts of text from the Internet! 1. Identify the purpose and describe at least one activity performed in each of the following three phases in implementing a network security design: (i) the planning phase; (ii) building phase (iii) managing phase. 2. Describe the purpose of the main elements of risk management, such as (i) risk identification and (ii) risk treatment. Identify at least one activity that is performed in each element. 3. Identify two types of network attacks that could be made on an e-commerce site selling books, and storing credit card information about customers. For each attack, describe the vulnerabilities/weaknesses of network infrastructure that attackers seek to exploit. 4. Give two examples of emerging security threats that have emerged as a result of the popularity of mobile phones. List one example of a countermeasure that can be used to mitigate the threats. 5. Briefly define the purpose of auditing, as it applies to network security. 6. Briefly define the purpose of penetration testing, as it applies to network security. 7. Briefly define how logging analysis can be used to enhance network security 8. List two security measures that can be applied to protect an organisation’s infrastructure of servers and switches. 9. List two capabilities of (i) a hardware firewall and (ii) a software intrusion detection system (IDS) 10. Define what is meant by “defence in depth” in security planning. Describe how could the defence in depth principle be applied to the deployment of hardware and software firewalls in a corporate network a Page 5 of 21 Assessment Resources ICTNWK511 11. Give two examples of network management and security process controls that could be applied to manage the risk represented by BYOD (Bring Your Own Device) to corporate networks. 12. Risk management plans and procedures need to be applied to all stages of network security, including security planning, implementation and budgeting. Give one example of how an understanding of risk can be applied to each of the following phases of a network security implementation (i) the planning phase (ii) the implementation or building phase (iii) the managing or budgeting phase 13. Identify three types of ICT networks (or zones) typically considered in network security planning. Briefly define each of these network zones, and, for each of the three types of network zone, give one example of a configuration I would expect to see in that type of network zone. Assessor Use Only Assessor Comments Satisfactory (S) Not Satisfactory (NS) Assessor Signature: _______________________________ Date: _____________ a Page 6 of 21 Assessment Resources ICTNWK511 Assessment 2: Case Study Information for Students This is a project/report assessment task. You have the option of doing the task as a group (3 students maximum per group). You should use the Case Study Report Template (see Learner Resources for the unit) to help you structure your assignment. Write your report, making sure to list all the students who are in your group in the Introduction to the report. All students need to hand in a copy of the report as part of their assessment submission. Read through the scenario below, and write your report addressing the requirements described below Scenario You have been asked to design a comprehensive network security plan for a small e-commerce web site run by the BuyThisShoe company. The website will be hosted on the company’s internal network (as the site needs to access internal databases for prices etc). The company is a bit nervous about hackers, but it also wants a cost-effective solution, so you need to come up with a plan that is both effective and economical. Interviewing the owners of the business, you have uncovered the following facts: • The company will be taking credit card payments, so needs to comply with any relevant legislation • The company is open to taking out insurance, where required, against reputational damage resulting from hacker events • The company is concerned about conforming with privacy legislation, and wants to know how network security measures can keep the required information confidential, and report on any unauthorised access • The company would also like to know how a procedure could be designed for employees to report any privacy/ethics violations in a secure manner. They want the employee to be able to send anonymous email about the violation, without having to use the corporate email system • The company wants to know what testing/ongoing auditing of the plan will be done to ensure the plan remains relevant and up-to-date • The company wants you to suggest an incident response procedure for reporting of security violations. They are very concerned that, if any security breach does occur, that they are notified immediately. They are suggesting that every Friday the owner of the company meet with the IT manager to review any security breaches that have occurred, and what has been done in response to those breaches • The company wants to know what countermeasures can be employed against threats to the physical security of their server storing the customer’s credit card information a Page 7 of 21 Assessment Resources ICTNWK511 • The company is most worried about hackers who may want to gain the credit card details of its customers. They want to ensure that the database server that will be storing the credit card details is on the most secure part of the network. • The company is also worried about ‘for play’ hackers who may want to compromise their website for ‘fun’, so your network security needs to cater for this. • The company has employed an information auditor as a consultant, who has prepared the following table showing the asset, threat, single loss occurrence (SLO), and annual rate of occurrence (ARO) Asset Threat SLO ($) ARO 1. Network server Fun hackers 400 5 2. Credit card details on database server For profit hackers 20,000 .5 3. Router Fun hackers 1000 .25 4. Web server both 2000 3 5. Malware/trojans both 1000 15 • The company wants to allow web site traffic (HTTP and HTTPS), email traffic (SMTP), remote desktop traffic (RDP), and network support