Short answer questions

Student Assessment Pack

Student and Trainer/Assessor Details

Course and Unit Details

Assessment Submission Method

Student Declaration

Assessment Plan

To demonstrate competence in this unit, you must be assessed as satisfactory in each of the following assessment tasks.

Assessment Conditions

This unit describes the skills and knowledge required to use appropriate tools, equipment and software to implement an intrusion prevention system (IPS) on IPS sensors to mitigate network attacks.

It applies to individuals with advanced information and communications technology (ICT) skills who are working as certified IPS specialists, network security specialists and network security managers.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

· Evaluate the ways IPS sensors are used to mitigate network attacks

· Select and install IPS sensors and configure essential system parameters

· Tune IPS sensor advanced system parameters to optimise attack mitigation performance

· Manage security and response of the IPS to network attacks

· Student guide

· PowerPoint presentation

· Unit Assessment Pack (UAP)

· Access to other learning materials such as textbooks

The resources required for these assessment tasks also included:

· Access to a computer, the Internet and word-processing system such as MS Word.

· A site or prototype where network installation may be conducted

· Relevant hardware and software

· Organisational guidelines

· Live network

· An IPS system and its sensors.

Simulated assessment environments must simulate the real-life working environment where these skills and knowledge would be performed, with all the relevant equipment and resources of that working environment.

Your trainer/assessor will confirm assessment submission details for each assessment task.

Academic Integrity

Academic Integrity is about the honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas.

As a student, you are required to:

· undertake studies and research responsibly and with honesty and integrity

· ensure that academic work is in no way falsified

· seek permission to use the work of others, where required

· acknowledge the work of others appropriately

· take reasonable steps to ensure other students cannot copy or misuse your work.

Plagiarism

Plagiarism means to take and use another person's ideas and or manner of expressing them and to pass them off as your own by failing to give appropriate acknowledgement. This includes material sourced from the internet, RTO staff, other students, and from published and unpublished work.

Plagiarism occurs when you fail to acknowledge that the ideas or work of others are being used, which includes:

· Paraphrasing and presenting work or ideas without a reference

· Copying work either in whole or in part

· Presenting designs, codes or images as your own work

· Using phrases and passages verbatim without quotation marks or referencing the author or web page

· Reproducing lecture notes without proper acknowledgement.

Collusion

Collusion means unauthorised collaboration on assessable work (written, oral or practical) with other people. This occurs when a student presents group work as their own or as the work of someone else.

Collusion may be with another RTO student or with individuals or students external to the RTO. This applies to work assessed by any educational and training body in Australia or overseas.

Collusion occurs when you work without the authorisation of the teaching staff to:

· Work with one or more people to prepare and produce work

· Allow others to copy your work or share your answer to an assessment task

· Allow someone else to write or edit your work (without rto approval)

· Write or edit work for another student

· Offer to complete work or seek payment for completing academic work for other students.

Both collusion and plagiarism can occur in group work. For examples of plagiarism, collusion and academic misconduct in group work please refer to the RTO’s policy on Academic integrity, plagiarism and collusion.

Plagiarism and collusion constitute cheating. Disciplinary action will be taken against students who engage in plagiarism and collusion as outlined in RTO’s policy.

Proven involvement in plagiarism or collusion may be recorded on students’ academic file and could lead to disciplinary action.

N/A

· This unit is not graded and the student must complete and submit all requirements for the assessment task for this cluster or unit of competency to be deemed competent.

· Students will receive a 'satisfactorily completed' (S) or 'not yet satisfactorily completed (NS) result for each individual unit assessment task (UAT).

· Final unit result will be recorded as competency achieved/competent (C) or competency not yet achieved/not yet competent (NYC).

Unit Assessment Task (UAT)-1

Assessment Task 1 - Unit Knowledge Test (UKT)

Assessment type:

· Written Questions

Instructions:

· This is an individual assessment.

The purpose of this assessment task is to assess the students’ knowledge required to ensure secure file encryption is selected, implemented and monitored on a computer network or local environment.

· To make full and satisfactory responses you should consult a range of learning resources, other information such as handouts and textbooks, students’ resources and slides.

· All questions must be answered in order to gain competency for this assessment.

You may attach a separate sheet if required.

You must include the following particulars in the footer section of each page of the attached sheets:

· Student ID or Student Name

· Unit ID or Unit Code

· Course ID or Course Code

· Trainer and assessor name

· Page numbers

You must staple the loose sheets together along with the cover page.

You must attach the loose sheets chronologically as per the page numbers.

· Correction fluid and tape are not permitted. Please do any corrections by striking through the incorrect words with one or two lines and rewriting the correct words.

Resources required to complete the assessment task:

Student guide

PowerPoint presentation

Unit Assessment Pack (UAP)

Access to other learning materials such as textbooks

Access to a computer, the Internet and word-processing system such as MS Word.

Question 1: Answer the following questions:

A) Explain the steps to setting up a Cisco Router including configuration and verification/testing.

B) Explain the troubleshooting process for the following issues:

· Console is not responsive

· Traffic does not pass through

Question 2: What are the five (5) key features of deployment schemes? Write your answer in 200-250 words.

Question 3: In order to setup network security to the enterprise level network, firewalls are implemented to mitigate with network attacks. Summarise are the ten (10) steps involved in setting and securing firewall.

Question 4: Explain the following terms each in 150-200 words.

1. Internetwork operating system (iOS)

2. Internet Protocol (IP) Networking Model

Question 5: What are the steps involved in design and implementation of the following?

· Local Area Network (LAN)

· Wide Area Network (WAN)

Question 6: Summarise the following terms each in 130-180 words.

A. IP Addressing

B. Transmission Control Protocol

C. IP stack

Question 7: Summarise the five (5) IPS and IDS deployment strategies to mitigate network attacks. Write your response in 250-300 words

Question 8: Setting up a network for a Network Administrator requires the basic knowledge of network fundamentals, these include the topology, architecture and elements of the network which need to be designed as per the requirements of the enterprise.

A) What do you understand from the term Network Topology? Also, summaries five (5) models of network topology. Write your response in 240-270 words.

B) Explain the following terms, each in 100-150 words.

1. Network Architectures

2. Network Elements

Question 9: While studying computer networks, the student must know the basic terms of network standards and network protocols. Explain these two terms and write 100-150 words for each in your response.

Question 10: What are the six (6) threat mitigation strategies required for network security? Write 30-60 words for each strategy in your response.

Question 11: Summarise the two (2) Intrusion Prevention System sensor technologies. Write 100-150 words for each.

Question 12: What is the network function of Transmission Control Protocol? Write your response in 150-200 words.

Question 13: Summarise virtual private network technologies. Write your response in 150-200 words.

Question 14: Explain the following terms each in 150-200 words.

a) IPS Signatures

b) Meta Signatures

Question 15: Describe two legislation, regulations, standards and codes of practice relevant to the network security? Write your response in 250-350 words.

Question 16: What are the steps involved for the following?

a) Configuration of a Cisco Switch

b) Verify a Switch

c) Troubleshooting of Switch

Question 17: What are the three (3) benefits to deploy an access management on IPS sensor? Write your answer in 150-200 words

Question 18: A) Summarise anomaly detection and its modes. Write your response in 50-100 words.

A) What are the four (4) approaches to monitor the IPS sensor? Write your response in 150-200 words

B) Explain two (2) basic types of IPS signatures, each in 50-80 words.

Question 19: Explain Passive operating system fingerprinting and list the OS fingerprinting tools. Write your response in 200-250 words

Question 20: Summarise the following terms:

A) External Product interfaces

B) Promiscuous vs. Inline Mode

C) VLAN

D) VLAN functionality

E) VLAN group

Unit Assessment Task (UAT)-2

Assessment Task 2 – Unit Project (UP)

Assessment type:

Unit Project (UP)

Instructions to complete this assessment task:

· Please write your responses in the template provided.

· You may attach a separate sheet if required.

· You must include the following particulars in the footer section of each page of the attached sheets:

· Student ID or Student Name

· Unit ID or Unit Code

· Course ID or Course Code

· Trainer and assessor name

· Page numbers

· You must staple the loose sheets together along with the cover page.

· You must attach the loose sheets chronologically as per the page numbers.

· Correction fluid and tape are not permitted. Please do any corrections by striking through the incorrect words with one or two lines and rewriting the correct words.

· The premise of the project must be closely related to the previous assessment task.

· This submission must be well presented and follow the guidelines and instructions provided.

· Please follow the format as indicated in the template section below.

· One of the most important steps that you can take: proofread your project.

· Project must be of 500-800 words in length, using 11-point font, double-spaced, and must include a cover page, table of contents, introduction, body, summary or conclusion, and works cited.

· Appropriate citations are required.

· All RTO policies are in effect, including the plagiarism policy.

Resources required to complete the assessment task:

· Computer

· Internet

· MS Word

· A site where IPS sensor installation may be conducted

· A live network

· Servers

Scenario: -

HTK Bank is one of the emerging banks and provide one of the best banking services to its customers. The bank works in a paperless environment and all the branches are connected to the head office using secured VPNs and thus network security is of immense importance for the bank. In the recent years, the bank has been able to provide latest and updated technology oriented online services. The bank aims to facilitate the customers to their satisfaction. Also, all HTK Bank employees are responsible for the information security. The bank has clearly defined its policy for its information security which includes the following:

· Identify and manage information security risks, while taking into account their impact on banking business.

· Define information security policies, strategies and standards.

· Assist and advise owners of information in evaluating risks and required levels of protection, and in choosing appropriate security measures.

· Make all employees aware of information security and the importance of their involvement.

· To determine the responsibilities and duties towards information security concerning employees, managers, and contractors.

· Classification of the assets of the bank and determine the required levels of protection using international standards. Item No.

· Upgrade security access to bank facilities: Implement additional security protocols of entry and access to bank facilities, including sensitive equipment, information systems and databases.

· Password Management: The establishment of the passwords and other security related responsibilities.

· Physical and environmental security: Identifying facilities to protect and prevent unauthorised access, information theft, equipment theft and disruption of work or eavesdropping. Also, protecting infrastructure equipment such as fire equipment and air conditioners.

· E-Mail Security: The establishment of protocols to protect E-mails and databases. Email is the largest distributor of viruses and spam which needs mechanisms and procedures to make sure data is not corrupted or stolen. Item No.

· Personal security: Introduction of mechanisms to reduce human error, theft, embezzlement and corruption.

· Upgrade Encryption: To upgrade and maintain the confidentiality, creditability, and integrity of the information using the latest encryption software.

· Remote Access: Establishment of security precautions and mechanisms to be taken to prevent access to the bank’s internal network using remote access.

· Systems development and maintenance: Analyse, maintain and upgrade the current system in place to ensure building security. The mechanisms focus on       peacekeeping, security, encryption, data and configuration.

· Antivirus: Analyse the procedures and software for anti-virus and anti-spam software.

· Backup: Establish procedures to backup copies of data, storage media and information security.

· Incident Response: Procedure to learn, monitor and reduce time of security breaches and breakdowns in the system operations to reduce direct or indirect damage to the CBL and the public.

· Security of networks and facilities: Protect networks from eavesdropping, spying, theft, disruption, and unwanted modification.

· Continuity of workflow management: Protection of sensitive business tasks and information in the event of a crisis or disaster such as fires or earthquakes.

· Security of wireless communications: Emphasis on proper mobile network encryption.

· Network Security Monitoring: Allow limited access to the information network through the development of a separate network to the public. This network is separated from the internal network to help protect it from malicious attacks.

In order to ensure the privacy, confidentiality and integrity of the Information which are exchanged, disclosed, shared, stored or otherwise used on our system and the Transactions, whether or not the same belongs or originates from you or otherwise, we have engaged the use of a combination of authentication, encryption and auditing mechanisms which serve as a powerful barrier against all forms of system penetration and abuse.Also, to ensure the information security across the network infrastructure of the bank, Jack-IT Manager has implemented following mechanisms:

· Secure Sockets Layer (SSL) channel;

· 128-bit encryption;

· Username and password protection and authentication;

· Firewalls; and

· Account-locking,

all of which have been thoroughly tested in a series of independent security audits and have been determined, whether used separately or together, to effectively protect and safeguard against known security issues and prevent any form of tampering or theft of Information or Transactions, where applicable.

Even then it has been observed that several attacks are made on regular basis by the hackers to access the transactional and financial information. Therefore, the bank utilise services of the NALES Pvt Ltd.

NALES is a global leader in cyber and network security products and services. Over 1500 highly qualified cyber security experts, handle national security in 50 countries, and critical information systems for over 100 clients. 80% of the largest banks, energy and aerospace organisations around the world rely on security delivered by NALES. With over 40 years of experience in Information Assurance and Security, NALES has an unrivalled understanding of the range of threats that Australian businesses and organisations face. At the heart of what NALES does is the belief that securing people, property and information ensures business continuity and reputation.

George- IT Project Manager has been assigned the task by NALES to implement the IPS sensors on the network of HKT bank. The IT project manager will perform the implementation in coordination and in assistance of the IT Manager of the Bank. The job description of the IT Project Manager is as under:

· Directs, plans and controls all activities and staff of an Information Security area and has full management responsibility for the performance and development of subordinate staff in accordance with corporate strategic direction. May include matrix reporting relationships.

· Directs the design, development, testing and implementation of appropriate information security plans, technologies, capabilities and other detection & response activities.

· Identifies emerging vulnerabilities, evaluates associated risks and threats and provides countermeasures where necessary.

· Manages the reporting, investigation and resolution of data security incidents.

· Maintains contact with industry security standard setting groups, and an awareness of State and Federal legislation and regulations pertaining to data privacy and information security.

· Proposes changes in firm-wide security policy when necessary.

· Directs the Information Security staff in the evaluation of risks and threats, development, implementation, communication, operation, monitoring and maintenance of the IT security policies and procedures which promote a secure and uninterrupted operation of all IT systems.

The job description of the IT Manager at HTK bank is as under:

· Manage information technology and computer systems

· Plan, organize, control and evaluate IT and electronic data operations

· Manage IT staff by recruiting, training and coaching employees, communicating job expectations and appraising their performance

· Design, develop, implement and coordinate systems, policies and procedures

· Ensure security of data, network access and backup systems

· Act in alignment with user needs and system functionality to contribute to organizational policy

· Identify problematic areas and implement strategic solutions in time

· Audit systems and assess their outcomes

· Preserve assets, information security and control structures

· Handle annual budget and ensure cost effectiveness

Activity 1: (Analysing IPS sensor requirements for the mitigation of network attacks)

With reference to the scenario given, and as per the requirements of the bank you need to implement and configure the IPS sensors for optimal network security. Initially you need to analyse the requirements for the IPS Sensor usage, so you need to analyse the following:

· System requirements for along with the requirements to implement IPS sensors for optimal secured performance of the network

· The difference of inline to promiscuous mode sensor operations

· Different evasive techniques used by hackers

· The factors to consider for the selection, placement and deployment of IPS sensors using the feature of IPS signature.

The analysis of the requirements for IPS sensors will not only help in the ways of using the IPS sensors to mitigate network attacks but will also specify how IPS can defeat the attacks on network.

You need to research on internet to find relevant information related to the scenario to complete the given template.

Also, fill the following template for the requirements:

Performance criteria checklist for unit assessment task:

Note: This activity is in continuation of activity 1.

Now, once the analysis of the requirements has been done, considering the above network diagram you need to install and configure the IPS sensor to the network so that the security parameters can be achieved. You will act as George and the trainer will act as Jack and will provide you the following for the successful completion of the project:

· A site where deployment of IPS sensors may be conducted

· A live network (LAN)

· Servers and computers

· Switches and routers

· Hardware and software security technologies

· Security policies (as per scenario)

Now, once the analysis of the requirements has been done, considering the above network diagram you need to install and configure the IPS sensor to the network so that the security parameters can be achieved. You will act as George and the trainer will act as Jack. Your trainer will provide you the following for the successful completion of the project:

· Install the IPS Sensor and initialise the sensor by configuring the sensor interface, interface pairs, VLAN pairs and VLAN groups. The IPS sensor set up will be done on the router connected to the network

· Configuration of the access management system on the IPS sensor to authenticate and authorise the users

· Implementing the IPS sensor for the external communication and manage it using built it tools of the router

· IPS Monitoring provides an overview of the activity identified by the Intrusion Prevention Systems (IPS) on your network. Monitor the IPS sensor, upgrade and maintain the license of the IPS sensor to maintain the security of the network

· Plan the mitigation in correspondence of the trainer for the relevant network vulnerabilities and exploits. Also, fill the given template to plan the mitigation of the network vulnerabilities.

Student must follow vendor instruction for configuration, management and maintenance of the IPS sensor.

Your trainer and assessor will observe you during the activity and complete the performance checklist.

Template to PLAN the mitigation of network vulnerabilities

Performance criteria checklist for unit assessment task:

Unit Assessment Task (UAT)-3

Assessment Task 3 – Unit Project (UP)

Assessment type:

Unit Project (UP)

Instructions to complete this assessment task:

· Please write your responses in the template provided.

· You may attach a separate sheet if required.

· You must include the following particulars in the footer section of each page of the attached sheets:

· Student ID or Student Name

· Unit ID or Unit Code

· Course ID or Course Code

· Trainer and assessor name

· Page numbers

· You must staple the loose sheets together along with the cover page.

· You must attach the loose sheets chronologically as per the page numbers.

· Correction fluid and tape are not permitted. Please do any corrections by striking through the incorrect words with one or two lines and rewriting the correct words.

· The premise of the project must be closely related to the previous assessment task.

· This submission must be well presented and follow the guidelines and instructions provided.

· Please follow the format as indicated in the template section below.

· One of the most important steps that you can take: proofread your project.

· Project must be of 500-800 words in length, using 11-point font, double-spaced, and must include a cover page, table of contents, introduction, body, summary or conclusion, and works cited.

· Appropriate citations are required.

· All RTO policies are in effect, including the plagiarism policy.

Note: For This activity RTO/Assessor will provide you the following:

· A site where deployment of IPS system and sensor may be conducted

· A live network (LAN)

· Servers and computers

· Switches and routers

· Hardware and software security technologies

· Security policies (as per scenario)

Without tuning, you will potentially have thousands of benign events, making it difficult for you to conduct any security research or forensics on your network. Benign events, also known as false positives, exist in all IPS devices, but they happen much less in devices such as Cisco IPS devices, which are stateful and normalised, and use vulnerability signatures for attack evaluation.

Additional Cisco IPS features include risk rating, which identifies high-risk events, and policy-based management, which easily lets you deploy rules that enforce an IPS signature action based on risk rating

Also, you need to perform following tasks:

· Tunning of IPS sensors as per the requirement of the security parameters of the network

· Create IPS signatures and Meta Signatures and test scenarios

· Configure gateway for passive operating system (OS) fingerprinting

· Configure the external products interface for management of external security features and to enhance the sensor configuration information as the external product interface is designed to receive and process information from external security and management products. These external security and management products collect information that can be used to automatically enhance the sensor configuration information. For example, the types of information that can be received from external products include host profiles (the host OS configuration, application configuration, and security posture) and IP addresses that have been identified as causing malicious network activity.

· Configuration of virtual sensor for remote sites of network and anomaly detection

· Monitoring of the IPS events and advanced features. Also complete the template for IPS events summary

· Use of network management tools for the management of IPS sensors.

· Also, fill the template given below for network monitoring and management of IPS sensors.

Template for IPS Monitoring and management

IPS EVENT SUMMARY TEMPLATE

.

Performance criteria checklist for unit assessment task:

End of the Assessment

ICTNWK609 Student Assessment Pack V1.0 September 2019