Answer it
ICTNWK511 Manage network security Student Assessment Tasks © RTO Works 2019 Strathfield College RTO: 91223 CRICOS Provider Code: 02736K Page 2 Assessment Task 2: Network security project Task summary You are required implement and manage security functions throughout a network. This assessment is to be completed in the simulated work environment in the RTO. Required • Access to textbooks and other learning materials • Computer with Microsoft Office and internet access • Access to a network • Network support tools, including network simulation software (such as CISCO packet tracer) • Manufacturer’s recommendations (relevant to the network simulation software). • Network Components Diagram • Network Security Plan Template • Network Security Review Template • Security Incident Form • Security Policy • Security Standards such as at https://www.cisco.com/c/en/us/about/press/internet-protocol- journal/back-issues/table-contents-38/104-standards.html • Sign Off Sheet Timing Your assessor will advise you of the due date of these submissions. Submit • Email with Network Security Review attached • Email with Network Security Plan attached • Email with Revised Network Security Plan attached • Email with the following files attached: o Security Measures Screen Shots o Updated Security Policy o Security Incident Form o Security Incident Response Procedures • Email with the following attached: o Security Incident Screen Shots. o Completed Security Incident Form o Completed Sign Off Sheet. https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-38/104-standards.html https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-38/104-standards.html ICTNWK511 Manage network security Student Assessment Tasks © RTO Works 2019 Strathfield College RTO: 91223 CRICOS Provider Code: 02736K Page 3 Assessment criteria For your performance to be deemed satisfactory in this assessment task, you must satisfactorily address all of the assessment criteria. If part of this task is not satisfactorily completed, you will be asked to complete further assessment to demonstrate competence. Assessment Task 2 Instructions Complete the following activities: 1. Review existing system. Research the range of network threats and attacks that can affect a computer network. Based on your research, review the simulated ICT system and associated networks, as well as the current security system in place. Identify current threats and risks to your RTO’s simulated network. Write a report that includes the following: • A definition of a network threat and descriptions of at least three common threats to a network • A definition of a network attack and descriptions of at least three common attacks to a network • Why attacks occur, where they come from and how they occur. • A definition of a network vulnerabilities and descriptions of at least three common network vulnerabilities. • Current threats and risks to your RTO’s simulated network. Use the Network Security Review Template to guide your work. 2. Send an email to your assessor. The text of the email should be in grammatically correct English, written in an appropriate (polite, business-like) style. It should introduce and summarise the contents of the attachment and ask for their feedback. Attach your Network Security Review to the email. ICTNWK511 Manage network security Student Assessment Tasks © RTO Works 2019 Strathfield College RTO: 91223 CRICOS Provider Code: 02736K Page 4 3. Develop a network security plan. You are required to design a network security plan for the RTO’s simulated network. The plan should mitigate the attacks you described in your network security review. Your network security plan should include the following: • An introduction • A definition of the various phases of the network security design process. • A brief summary of all of the ICT assets that your RTO has in place. Your summary should also include a categorisation of each asset and a calculation of their value. • Threats and risks associated with each asset based on your current asset analysis, and your assessment of the RTO network in your network security review. • Based on identified threats from task 1, categorise the threats and create a threat model. The threat model you create may be updated based on feedback after the meeting. • Proposed risk management plan. • Proposed network diagram, including associated explanation and technical information. • Technical information on the routers configuration and how security measures will be configured based on security policies • Auditing and monitoring arrangements. Use Network Security Plan Template to guide your work. 4. Send an email to your assessor. The text of the email should be in grammatically correct English, written in an appropriate (polite, business-like) style. It should introduce and summarise the contents of the attachment and ask for their feedback. Request a place, date and time when you can discuss Attach your Network Security Plan to the email. 5. Meet your assessor to discuss the security measures. You are required to meet and discuss your Network Security Plan. Carefully go through your plan, explaining all of its components. During the meeting, you are required to demonstrate effective communication skills including: • Speaking clearly and concisely • Asking questions to identify different perspectives on the security design. • Responding to questions as required • Using active listening techniques to confirm and clarify understanding. Your assessor will provide feedback which you will need to input into your plan. Take notes on this. ICTNWK511 Manage network security Student Assessment Tasks © RTO Works 2019 Strathfield College RTO: 91223 CRICOS Provider Code: 02736K Page 5 6. Revise your Network Security Plan Review your plan, making the changes suggested by your assessor. Save this version of your plan as your plan as Revised Network Security Plan 7. Send an email to your assessor. The text of the email should be in grammatically correct English, written in an appropriate (polite, business-like) style. It should introduce and summarise the contents of the attachment and ask for their feedback. Request a place, date and time when you can discuss your security plan. Attach your Revised Network Security Plan to the email. 8. Design security measures Assume that you have been given approval to proceed and you are to design the security measures for the network components. The network components are as included in the Network Component Diagram provided to you and you are required to: • Configure the required IP address (based on the network component diagram provided). • Configure and apply an Access Control List (ACL) that will permit the Admin PC with static IP Address 192.168.1.254 to access the office router resources, while blocking the entire PC from the office route. • Use the network simulation software (e.g. CISCO packet tracer) to create this diagram. Take screen shots of all of your work and save these as Security Measures Screen Shots. 9. Finalise the network security design Following completion of the network security design, assume that you have been asked to develop a security policy to ensure full network security. There is an existing Security Policy in place but you are required to develop an additional security policy that reflects your network design. In developing your Security Policy, you should also take into account relevant Security Standards as per the link provided to you. Save this as Updated Security Policy. ICTNWK511 Manage network security Student Assessment Tasks © RTO Works 2019 Strathfield College RTO: 91223 CRICOS Provider Code: 02736K Page 6 10. Develop an auditing and incident procedure. In the next activity, you are required to respond to a security incident. However, there is currently no procedure in place to address security incidents, and you have been asked to develop a Security Incident Form so that such incidents can be recorded. You are also required to create security incident response procedures, which should be included in the Updated Security Policy. This should address both auditing and incident response. 11. Send an email to your assessor. The text of the email should be in grammatically correct English, written in an appropriate (polite, business-like) style. It should introduce and summarise the contents of the attachments and ask for their feedback. Attach the following files to the email: • Security Measures Screen Shots • Updated Security Policy • Security Incident Form • Security Incident Response Procedures 12. Respond to a security incident. Assume that you have been informed that there has been an incident related to a security breach as follows: Incident: Someone took control of the router, as the password was not configured in the router. It is unclear what damage has been caused or potential problems that may arise. You are required to respond to the security incident appropriately. This must include configuring the password in the router (relevant to the previous network component design you were provided with). You must complete all required steps including commands used to configure the password. At the end of this task, complete the required testing to check that the issue is resolved. Take screenshots of your work to provide to your assessor. Save these as Security Incident Screen Shots. In addition, complete the incident form you created, documenting the security incident. Submit your completed form to your assessor. Sign off on the work by using the Sign off sheet. ICTNWK511 Manage network security Student Assessment Tasks © RTO Works 2019 Strathfield College RTO: 91223 CRICOS Provider Code: 02736K Page 7 13. Send an email to your assessor. The text of the email should be in grammatically correct English, written in an appropriate (polite, business-like) style. It should introduce and summarise the contents of the attachments and ask for their feedback. Attach the following files to the email: • Security Incident Screen Shots. • Completed Security Incident Form • Completed Sign Off Sheet. ICTNWK511 Manage network security Student Assessment Tasks © RTO Works 2019 Strathfield College RTO: 91223 CRICOS Provider Code: 02736K Page 8 Assessment Task 2: Network security project Task summary Required Timing Submit Assessment criteria Assessment Task 2 Instructions 1. Review existing system. 2. Send an email to your assessor. 3