Student Version

Section A – Program/Course details
Qualification code:	ICT40418	Qualification title:	Certificate IV of Information Technology Networking
Unit code:	ICTNWK403 ICTNWK421 ICTNWK416	Unit title:	Manage network and Data Integrity Install, configure and Test network Security Build security into virtual private networks
Department name:	BDIT, Computer and Information Technology	CRN number:	Enter CRN number

Section B – Assessment task details
Assessment number:	2 of 2	Semester/Year:	1 /2021
Due date:	Session 16	Duration of assessment:	4 Sessions
Assessment method	Project and Observation	Assessment task results	☒Ungraded result
☐Other: Click here to enter text.

Section C – Instructions to students
Task instructions:
Your Project will be given to you on the first day of your commencement. You are required to complete your project on time. Once completed you are required to upload your document to the Assessment folder on Brightspace. In order to be competent you will need to satisfy your project requirements.

Section D – Conditions for assessment
Conditions: Student to complete and attach Assessment Submission Cover Sheet to the completed Assessment Task.
• Project to be completed individually unless otherwise noted • Your project must be uploaded and submitted to BrightSpace. • All files should be zipped (.zip) and named appropriately. E.g. “yourname_NameOfAssessment”. • Submit all your files when appropriate and in a timely manner in accordance with your schedule
Equipment/resources students must supply:	Equipment/resources to be provided by the RTO:
Students attending remote learning must have access to: Computer Internet connection Web browsers Word processor	Computer, VMware Workstation Pro, Windows Server 2016, Windows Client, Anti Virus. Packet Tracer Application.

Section E – Marking Sheet – Student Answer Sheet
Unit code:	ICTNWK403 ICTNWK421 ICTNWK416	Unit title:	Manage network and Data Integrity Install, configure and Test network Security Build security into virtual private networks

Error: Reference source not foundObservation task

Skills to be observed during this task to the required standard	1. Date:	2. Date:	3. Date:	Comment
Satisfactory	Satisfactory	Satisfactory
Yes	No	Yes	No	Yes	No
1.	Learner has demonstrated a secure file and resource access	☐	☐	☐	☐	☐	☐
2.	Learner has demonstrated authentication of user accounts control to ensure secure data integrity	☐	☐	☐	☐	☐	☐
3.	Learner has demonstrated the implement and configuration of an antivirus or anti-malware solution	☐	☐	☐	☐	☐	☐
4.	Learner demonstrated the assessment and implementation of best practice to harden server and network	☐	☐	☐	☐	☐	☐
5.	Learner demonstrated the implementation of a system to protect data from environmental threat	☐	☐	☐	☐	☐	☐
6.	Learner has demonstrated a backup solution they have implemented	☐	☐	☐	☐	☐	☐
7.	Learner has demonstrated the restore the data from a backup	☐	☐	☐	☐	☐	☐
8.	Learner has demonstrated the implement a real time backup and data sync solution	☐	☐	☐	☐	☐	☐
9.	Learner has demonstrated the implementation of network performance monitoring tools to monitor network and reporting,	☐	☐	☐	☐	☐	☐
10.	Learner was able to explain and determine the environment al threats to data.	☐	☐	☐	☐	☐	☐
11.	Learner has demonstrated and conducted function and performance tests to modify and debug countermeasures	☐	☐	☐	☐	☐	☐
12.	Learner has demonstrated the review logs and audit reports to identify and record security incidents, intrusions and attempts	☐	☐	☐	☐	☐	☐
13.	Learner has demonstrated out spot checks and audits to ensure that procedures are not being bypassed	☐	☐	☐	☐	☐	☐

Assessment Submission Cover Sheet (VET)

Student declaration

By submitting this assessment task and signing the below, I acknowledge and agree that: This completed assessment task is my own work. I understand the serious nature of plagiarism and I am aware of the penalties that exist for breaching this. I have kept a copy of this assessment task. The assessor may provide a copy of this assessment task to another member of the Institute for validation and/or benchmarking purposes.

Student ID:

Student name:

Submission or observation date:
Student signature For electronic submissions: By typing your name in the student signature field, you are accepting the above declaration.

Assessment Results and Feedback to Student
Assessment Task Result:	Satisfactory	Not Satisfactory
☐	☐
Assessor’s Feedback:
Resubmission allowed:	Yes ☐	No ☐	Resubmission due date:
Assessor name:
Assessor signature:
Date assessed:

Supporting document

Insert title of supporting document.

Unit code:

ICTNWK403 ICTNWK421 ICTNWK416

Unit title:

Manage network and Data Integrity Install, configure and Test network Security Build security into virtual private networks

Project – Protect data / Install and configure network security

Scenario:

You are the network administrator for a small aged-care not for profit organisation. As the new Security Manager, you are tasked with Modify and creating policies, implementing technologies to mitigate risk, and analysing the processes and systems in place to make them more secure.

The firm has 20 desktop and 20 laptop computers (in total). The head of the firm uses 1 laptop and 1 desktop. Rest of the laptops are shared by other staff for client visits. There is 1 reception desktop, each staff member has their own desktop. Firm uses local email and file server. There are 7 more new laptops that are used by clients when visiting office. They also have one Terminal server that hosts an aged-care software called Carelink+. The organisation has other two offices located 30-80 km apart. Users connect to terminal server that sits in the main office. Their web is hosted with cloud access.

Based on an assessment performed by an external auditor, the following were identified as the top 3 threats:

• Viruses and malicious code inside the network.
• Business Continuity Planning, Disaster Recovery.

• No Site to site VPN and a VPN server to access the terminal server.
• Security Policies are not updated since 2015.
• There is no asset management system in place.

Based on this assessment, the primary issue now concerning the CEO is the development of a distributed and manageable antivirus system for servers, workstations, email filtering and a VPN service. Though Anti-Virus and Disaster Recovery exist to some extent, but no update and testing has been done in some time, no centralized management has taken place, and no policies exist to govern the correct or expected use and implementation of this type of application. The company has been inundated with viruses over the last 2 years, and no one has been able to centrally coordinate a means of controlling the problem.

The company’s security program is in its infancy. No policies exist yet, and no corporate security awareness program has been created. No real processes exist to manage the antivirus system that is in place. Very few controls are in place. When the systems administration team has time, they check to make sure the client definition file updates are pushed out to Desktop clients, and the server-level antivirus software is never checked. No alerts are sent to anyone when a virus is detected.

Further to the security program their security policy Is not been update last 5 years, Still they are using folder mapping from file server with access to every single user, Password change policy is not in place, Windows update goes on anytime since its set to automatic update and hold users to wait while working. Old DC drives are still working and all the computers has got admin permission to install application.

As a network administrator, your task is to:

You are given 6 months to implement your security system. You need to do precise planning and let management know how you will tackle new proposed solution. No company information security policies exist at the moment. With relation to the antivirus system, a total corporate antivirus policy will have to be defined and written. Standards for products to be installed, as well as procedures for the installation, will have to be documented as well. Finally, guidelines for virus detection and “common-sense security” related to viruses and antivirus software will be outlined as part of the corporate security awareness program.

Tasks A: Documentation

Your Document must address the following points listed below in professional level standard. References should be given at the end of the document as per Holmesglen standard.

1. Identify and report the Current security in place.
2. Identify the current Network, Software and Hardware and systemThreats and Vulnerabilities to address. (e.g. hardware are kept in server room and server room are not locked)
3. Report the Security Threats, Vulnerabilities (almost the same as point 2).
4. Review the companies’ security policy (provide feedback on “Information-Security-Policy for Assessment 2.pdf”).
5. Prepare a Risk assessment based on the identified Threats and Vulnerabilities (how risky it is from the threats and vulnerabilities in point 2).
6. Prepare the recommendation to the client to address the security issues based on asset security requirement.
7. Design an assets recording system using Microsoft Excel (document = system hardware requirement, CPU, hard-disk, RAM).
8. Audit the system and software using audit tools and techniques (Microsoft auditing tools…etc. run auditing tool on our virtual machine – run on client machines).
9. Prepare an assets report based on current devices and Audit the system hardware and software for features and capabilities (extension from point 7).
10. Identify and list the Environmental Threats to Data (e.g. power issue, natural disaster, physical access to our resources).
11. Research on Three AV and select one based on customer requirement (compare three anti-virus product…etc. bit defender, Norton, Kaspersky).
12. Research the appropriate backup model& media for client need (right backup types, and media types = USB, cloud backup, optical drive).
13. Implement an inventory control mechanism with the audited information (provide checklist of who access resource, who given permission and the signature => from point 8)
14. Identify available network and system monitoring tools (Winsolar… so on and so forth).
15. Create functional and Performance test cases to verify security requirements (once this has been implemented, checking backups…backups are configured to run 9:00pm on a daily basis… you can include permission types test case if possible).
16. Document the current system settings.
17. Document possible breaches newly discovered with recommendations (documents other source of attacks… etc. zero-day-attack, social engineering, video camera …etc.).

Part B (Implementation)

In this part you have to implement the findings from your Part A documentation. To do the implementation you must use virtual machines using domain controllers and Active Directory.

Once the system is implemented you are going to build a packet Tracer (PT) network to simulate the site to site VPN between Branches. In addition to PT design you also need to implement a VPN server for users to connect securely to do remote desktop in to terminal server.

Implementation on Virtual Machine:

1. Configure GPOs to protect files and resources
   1. Display warning message before user loges in.
   2. Enforce password policy (after 3 failed logons lock user).
2. Create and Configure user with different account permission to shared Folders (Read only, Read and Write permissions to a folder).
3. Install and test antivirus software on all appropriate systems (install and test recommended anti-virus on both servers and clients).
4. Close all the unused ports and open https port outbound for Myob ATO reporting at the domain level in Firewall (open new firewall rules => 443 is enabled => http ports must always be opened).
5. Build Cloud backup for data security from environmental threat (sign up to google backup => install this backup).
6. Implement and demonstrate backup solution to do daily backup on company data (normal back before cloud backup).
7. Restore the backup date to check test the business continuity (How to know my backup is the right backup… check backup by restoring again by deleting the files => this is the testing phase of backup).
8. Sync the cloud backup to every 5 min with real time.
9. Implement a network performance monitoring tool from your research finding in par A and prepare a report on performance (download and install PRPG => configure it with all notifications => notification requires email service however).
10. Install and Configure VPN service on Terminal Server (install VPN services).
11. Test the systems for performance and Functions.
12. Review the logs to find minimum 5 the incidents and intrusion attempts using event viewer.
13. Monitor logon events to the domain
14. Carry out minimum three spot checks /

Part C (Packet Tracer Implementation) – Site to Site VPN – Go to session 15 for this

In this part you are going to demonstrate the branch connectivity with head office using packet tracer simulator. To do this create a network with minimum three routers and do the routing of your own choice of routing protocol. Once the routing is configured you have to configure VPN between branches and head office using site to site VPN.

1. Configure Security on the Router / Switch and networking devices using Putty console
2. Make sure the sites are reachable
3. Configure IKE and IPsec
4. Configure Site-to-Site VON using pre-shared key
5. Replace pre-shared key with digital certificate.
6. Document the configuration and save the file securely
7. Monitor and manage the security breach to see the security attempts
8. Enable debug to do the continues monitoring on routers for VPN connections

Your solution must clearly meet the needs of the organisation and you must understand and be able to demonstrate in front of your teacher.

No Fields Found.