Solution
Amit answered on
Jun 09 2021
59551/Cl_NWDataSec_AE_Pro_2of2.docx
Project Assessment
Criteria
Name of the cluste
Cl_NWDataSec (Network Data Integrity and Network Security)
Unit code, name and release numbe
ICTNWK403 - Manage network and data integrity (1)
ICTNWK421 - Install, configure and test network security (1)
Qualification/Course code, name and release numbe
ICT40418 - Certificate IV in Information Technology Networking (2)
Student details
Student numbe
Student name
Assessment Declaration
· This assessment is my original work and no part of it has been copied from any other source except where due acknowledgement is made.
· No part of this assessment has been written for me by any other person except where such collaboration has been authorised by the assessor concerned.
· I understand that plagiarism is the presentation of the work, idea or creation of another person as though it is your own. Plagiarism occurs when the origin of the material used is not appropriately cited. No part of this assessment is plagiarised.
Student signature and Date
Document title Version 1.0 Page 1 of 3
Disclaimer:Â Printed copies of this document are regarded as uncontrolled. Please check to ensure this is the latest version.
© 2011 Department of Education and Communities, TAFE NSW eLearning Hub | Version: 0.0 | Created: dd/mm/2011
Document title: Cl_NWDataSec_AE_Pro_2of2 Page 8 of 31
Resource ID: TBS_19_003_ Cl_NWDataSec_AE_Pro_2of2 STUDENT NAME:
Version: 20200120
Date created: 27/09/2019
Date modified: 05/05/2020
For queries, please contact:
Technology and Business Services SkillsPoint
Building B, Level G, Corner Ha
is Street and Mary Ann Street, Ultimo NSW 2007
© 2020 TAFE NSW, Sydney
RTO Provider Number 90003 | CRICOS Provider Code: 00591E
This assessment can be found in the: Learning Bank
The contents in this document is copyright © TAFE NSW 2020, and should not be reproduced without the permission of the TAFE NSW. Information contained in this document is co
ect at time of printing: 5 May 2020. For cu
ent information please refer to our website or your teacher as appropriate.
Document title Version 1.0 Page 1 of 3
Disclaimer:Â Printed copies of this document are regarded as uncontrolled. Please check to ensure this is the latest version.
© 2011 Department of Education and Communities, TAFE NSW eLearning Hub | Version: 0.0 | Created: dd/mm/2011
Assessment instructions
Table 1 Assessment instructions
Assessment details
Instructions
Assessment overview
The objective of this clustered assessment is to assess your knowledge and performance in the following units:
· ICTNWK403 Manage network and data integrity
· ICTNWK421 Install, configure and test network security
For ICTNWK403 you would be required to;
· identify user access control issues
· use appropriate tools to conduct audit on system assets
· implement and test antivirus solution
· employ systems to negate environmental threats
· demonstrate features of data backup, restore and system roll back
· perform network monitoring using a variety of cu
ent standard tools
· add network controls according to network and data integrity policies.
For ICTNWK421 you would be required to;
· identify and analyse network security threats and vulnerabilities
· make recommendations to management to address network security deficiencies
· implement perimeter security, network hardening and authentication and user account controls
· design and conduct testing to verify the key function and performance measures of network security
· debug network security according to test results
· review logs and audit reports to identify and record security incidents, intrusions and attempts
· undertake spot checks to ensure that procedures are not being bypassed
Assessment Event numbe
2 of 2
Instructions for this assessment
This is a clustered project-based assessment and will be assessing you on your knowledge and performance of all the units listed in this assessment.
This assessment is in six parts:
1. Product – analyse and document security threats and vulnerabilities
2. Practical – implement network perimeter security
3. Practical – provide systems for monitoring
4. Practical – design and implement a security system
5. Product – prepare a Network Security Analysis report
6. Role play – obtain approval from management
This assessment also contains:
· Observation Checklist
· Assessment Checklist
· Assessment Feedback
Submission instructions
On completion of this assessment, you are required to submit your work to your assessor for marking (as instructed by your assessor).
You are required to submit the following item:
1. Firstname_Lastname_MM_NetSec_Report.docx
where Firstname_Lastname is your full name
It is important that you keep a copy of all electronic and hardcopy assessments submitted to TAFE and complete the assessment declaration when submitting the assessment.
Ensure you have typed your name in the footer of this assessment.
What do I need to do to achieve a satisfactory result?
To achieve a satisfactory result for this assessment all questions must be answered co
ectly.
What do I need to provide?
Equipment
· Personal computer with cu
ent Windows, Linux or Mac operating system
· Home Router with administrative access o
http:
www.adslgeek.com/emulators
Software
· Word processing software (Microsoft WORD)
· Screen capture application (e.g. Snipping Tool)
· Application for
owsing the internet (e.g. Chrome, Firefox, Microsoft Edge)
· Encryption software such as BitLocker (part of the Windows Operating system) or TrueCrypt https:
www.grc.com/misc/truecrypt/truecrypt.htm
· Hardware and software audit tools such as;
· MSINFO32 –available in Microsoft Windows operating system.
· DXdiag - available in any Windows operating system.
· Microsoft Software Inventory Analyzer (MSIA) – This is a free tool that can be downloaded from https:
www.microsoft.com/en-au/download/details.aspx?id=20934.
· E-Z Audit – An evaluation version of this tool can be downloaded for free from http:
www.ezaudit.net/.
Other
· Open DNS available from
http:
store.opendns.com/get/home-free
What the assessor will provide?
· Access to PCs with Word Processing software
· Cl_NWDataSec_AE_Pro_2of2_SR1 Millennium Media report template (Millennium Media report template.docx)
· Cl_NWDataSec_AE_SD1 Assessment scenario document
Due date/time allowed/venue/location
Refer to the Unit Assessment Guide for the due dates
The estimated times for a student to complete each Part of this assessment are as follows:
Part 1 – 1 hou
Part 2 – 2 hours
Part 3 – 2 hours
Part 4 – 1.5 hours
Part 5 – 1 hours
Part 6 – 30 minutes
Part 1 to 5 if this assessment is to be completed out of class.
Part 6 demonstration should be done in class.
Supervision
It is expected that this assessment will be completed as a ‘take-home’ task. If you are unable to complete this assessment as a ‘take-home’ task then contact your assessor immediately so that they can make other a
angements.
Your assessor may ask for additional evidence to verify the authenticity of your submission and confirm that the assessment task was completed by you.
The student may access their referenced text, learning notes and other resources.
Assessment feedback, review or appeals
Appeals are addressed in accordance with Every Student’s Guide to Assessment in TAFE NSW.
Specific task instructions
The instructions and the criteria in the tasks and activities below will be used by the assessor to determine if you have satisfactorily completed this assessment event. Use these instructions as a guide to ensure you demonstrate the required performance evidence.
Refer to the following documents in the Assessment Supporting Documents, folder provided to you.
· Cl_NWDataSec_AE_SD1 – This is the Assessment Scenario document. Refer to this document where relevant to obtain additional information for the tasks to be performed in this assessment.
· Cl_NWDataSec_AE_Pro_2of2_SR1 (Millennium Media report template.docx)
Resource requirements
You will need to provide the following resources in order to complete this assessment.
If you do not have these resources available, then please talk to your assessor about making alternative a
angements in the classroom lab environment.
Equipment
· Personal computer with cu
ent Windows, Linux or Mac operating system
· Home Router with administrative access
Remember to reset the router at the end of each project.
If you cannot access a router you can use the router emulation site http:
www.adslgeek.com/emulators to virtually enter the router's interface.
To provide the screenshot of the restricted site, block it in your
owser instead.
Software
· Word processing software (Microsoft WORD)
· Screen capture application (e.g. Snipping Tool)
· Application for
owsing the internet (e.g. Chrome, Firefox, Microsoft Edge)
· Encryption Software such as:
· BitLocker is part of the Windows Operating system for Windows 7 Pro/Ultimate and 8 onwards.
· If using Mac, Linux or unable to access BitLocker use TrueCrypt from https:
www.grc.com/misc/truecrypt/truecrypt.htm
· Hardware and software audit tools such as;
· MSINFO32 – This is a tool available in Microsoft Windows operating system. Refer to Microsoft’s official website for more details on how to use this tool.
· DXdiag - This is a diagnostics tool available in any Windows operating system. Refer to Microsoft’s official website for more details on how to use this tool.
· Microsoft Software Inventory Analyzer (MSIA) – This is a free tool that can be downloaded from https:
www.microsoft.com/en-au/download/details.aspx?id=20934. Refer to Microsoft’s official website for more details on how to use this tool.
· E-Z Audit – An evaluation version of this tool can be downloaded for free from http:
www.ezaudit.net/. Refer to the manufacturer User Guide (http:
www.ezaudit.net/guide/19/default.asp) to obtain more information as to how this tool can be used.
Other
· OpenDNS
OpenDNS is available from http:
store.opendns.com/get/home-free .
You will need to sign up for a free account. Information for getting started with OpenDNS is available from https:
support.opendns.com/hc/en-us/articles/227988127-Getting-started-About-using-OpenDNS.
·
Part 1: Product – analyse and document security threats and vulnerabilities
Review Millennium Media’s cu
ent network infrastructure and cu
ent system security against their asset security requirements and identify potential security threats and vulnerabilities. Refer to the Assessment Scenario (Cl_NWDataSec_AE_SD1) document for further background details of the company and for specific information on their Asset Security Requirements.
Millennium Media guidelines require that threats and vulnerabilities identified be documented in a formal manner using the Millennium Media report template which will be presented to Millennium Media management at a later stage.
Include the following in your answer:
1. A list of at least two threats and vulnerabilities identified for each of the following categories with explanations of why these threats/vulnerabilities exist in the cu
ent system:
a. Network
. Software
c. Hardware
d. User access to System and data
2. Analyse the above threats and vulnerabilities and prioritise them according to the order in which these deficiencies need to be addressed.
(Answer should be a min. of 150 words and max. of 250.)
Use the following table provided to you in Section 1 of the Millennium Media report template to document your answers.
Asset Categories
Threats and Vulnerabilities
Priority
a. Network
b. Software
c. Hardware
d. User access to System and data
Specific instructions for Part 2, Part 3 and Part 4
Pretend that your home network or your classroom lab environment represents part of the work network at Millennium Media and that the tasks you will be completing in this assessment represents the testing of the Millennium Media network.
Refer to the Assessment Scenario (Cl_NWDataSec_AE_SD1) document for further background details regarding the Millennium Media Company. Millennium Media guidelines require that all new and updated system settings be documented in a formal manner using the Millennium Media report template which will be presented to Millennium Media management at a later stage.
Part 2: Practical - implement network perimeter security
Demonstration Task 1
Please refer to Resource requirements for Equipment – Routers.
On your internet router implement a firewall rule (one perimeter security method) for a website that you think should be blocked, in a workplace, in order to meet organisational assets security requirements and according to the identified threats and vulnerabilities that you have identified in Part 1 of this assessment.
Provide the following evidence to show that you implemented the required firewall rule under Section 2.1 of the Millennium Media report template:
a. documentation of router settings
. screenshot/s showing implementation of the firewall rule
c. screenshot/s showing the site being blocked by the route
d. paragraph explaining why you should block this type of site in a workplace and how it would help mitigate some of the threats and vulnerabilities identified in Part 1.
Demonstration Task 2
Assess and implement three techniques and measures to harden your server and network from vulnerabilities. For each of the three measures taken you must provide the following under Section 2.2 of the Millennium Media report template.
a. documentation of the network and server hardening techniques and measures implemented
. screenshots showing evidence of implementation
c. a paragraph explaining the how the above implementation of measures/controls will prevent previously identified threats and vulnerabilities.
Note: You can use a virtual machine with any version of server for demonstrations.
Demonstration Task 3
Implement secure authentication and user account controls on your serve
workstation by completing the following tasks:
1. Create a new group called ‘Test’.
2. Create a new user with the name ‘Security’
3. Set a secure password for the above user.
4. Make the above user a member of the new group ‘Test’.
5. Create a new folder named ‘Security_YourName’
(where YourName is your actual name e.g. TomSmith).
6. Allow the new group (‘Test’) read/write, but not delete, access to the new folder ‘Security_YourName’.
7. Test the permissions in the Advanced Sharing/Effective Permissions area.
8. Create another user account with the name ‘SecurityAdmin’
9. Set a secure password for the above use
10. Create a new group called ‘TestAdmin’.
11. Make the above user a member of the group ‘TestAdmin’
12. Allow the new group (‘TestAdmin’) full permissions to access the new folder ‘Security_YourName’.
Provide the following evidence that you have created and tested permissions for the groups named ‘Test’ and ‘TestAdmin’ under Section 2.3 of the Millennium Media report template:
a. documentation of the configuration steps
. screenshots showing evidence of the implementation
c. test results of the implementation
· screenshot/s showing that the ‘Security’ user can read/write to the ‘Security_YourName’ directory
· screenshot/s showing that the ‘Security’ user cannot delete from the ‘Security _YourName’ directory
· screenshot/s showing that the ‘SecurityAdmin’ user can read/write to the ‘Security_YourName’ directory
· screenshot/s showing that the ‘SecurityAdmin’ user can delete from the ‘Security _YourName’ directory
d. a paragraph explaining how the above implementation will prevent previously identified threats and vulnerabilities.
Demonstration Task 4
Please refer to Resource requirements for Software – Encryption Software.
Implement data encryption to secure data integrity and transmission on your serve
workstation by completing the following tasks:
1. Using Windows BitLocker or TrueCrypt encryption technologies secure a USB drive using AES 256 encryption.
2. Secure a desktop or server disk with encryption using Windows BitLocker or TrueCrypt encryption technologies. You can create an encrypted volume or partition using AES 256 encryption.
Provide the following evidence to show that you have implemented the required encryption for both the USB and disk (volume or partition) under Section 2.4 of the Millennium Media report template:
a. documentation of the configuration steps
. screenshots showing evidence of the implementation
c. test results of the implementation
· screenshot/s showing the outcome of the changes you made (i.e. the encryption being effective)
d. a paragraph explaining why this encryption method might be used to protect data and how it will prevent previously identified threats and vulnerabilities. Your explanation should include any evaluations of mathematical information embedded in the tasks and texts.
Part 3: Practical - provide systems for monitoring
Please refer to Resource requirements for Other – OpenDNS.
OpenDNS is a service that adds additional security features to the Domain Name System, such as optional content filtering and phishing protection. It is a commonly used tool to setup countermeasures for identified threats and vulnerabilities. For this part of the assessment you are asked to implement, test and verify functionality and performance of various countermeasures.
Demonstration Task 1
Implement (install and configure) OpenDNS to filter your web content by completing the following tasks:
1. Add your home network’s WAN IP using the OpenDNS dashboard.
2. Configure your content filtering settings to block social media sites.
3. Use Facebook as the test site to show that your changes were successful.
Please note any changes to filtering can take up to 5-10 mins to be effective.
Provide the following evidence to show that you have implemented OpenDNS to filter web content under Section 3.1 of the Millennium Media report template:
a. Screenshot showing addition of home network’s IP
. Screenshot showing the changes made in the filtering rules
c. Screenshot showing successful testing of filtering rules.
Demonstration Task 2
Before completing this task make sure that you first take a copy of your original router DNS settings by taking a screenshot or by writing them down.
Configure your router settings as follows:
1. Change your router DNS...