Professional Documents
Culture Documents
Student Declaration
• I certify that the work submitted for this assessment pack is my own. I have clearly
referenced any sources used in my submission. I understand that a false declaration is a
form of malpractice;
• I have kept a copy of this assessment pack and all relevant notes, attachments, and
reference material that I used in the production of the assessment pack;
• For the purposes of assessment, I give the trainer/assessor of this assessment the
permission to:
o Reproduce this assessment and provide a copy to another member of staff; and
o Take steps to authenticate the assessment, including communicating a copy of
this assessment to a checking service (which may retain a copy of the assessment
on its database for future plagiarism checking).
Date: ____/_____/______________
Assessment Plan
To demonstrate competence in this unit, you must be assessed as satisfactory in each of the
following assessment tasks.
Trainer/Assessor
Signature
Assessment Conditions
Unit purpose/application
This unit describes the skills and knowledge required to use appropriate tools, equipment and
software to implement an intrusion prevention system (IPS) on IPS sensors to mitigate network
attacks.
It applies to individuals with advanced information and communications technology (ICT) skills who
are working as certified IPS specialists, network security specialists and network security managers.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
What the student can expect to learn by studying this unit of competency
• Evaluate the ways IPS sensors are used to mitigate network attacks
• Select and install IPS sensors and configure essential system parameters
• Tune IPS sensor advanced system parameters to optimise attack mitigation performance
• Manage security and response of the IPS to network attacks
Simulated assessment environments must simulate the real-life working environment where these
skills and knowledge would be performed, with all the relevant equipment and resources of that
working environment.
Submission instructions
Your trainer/assessor will confirm assessment submission details for each assessment task.
Academic Integrity
Academic Integrity is about the honest presentation of your academic work. It means acknowledging
the work of others while developing your own insights, knowledge and ideas.
As a student, you are required to:
• undertake studies and research responsibly and with honesty and integrity
• ensure that academic work is in no way falsified
• seek permission to use the work of others, where required
• acknowledge the work of others appropriately
• take reasonable steps to ensure other students cannot copy or misuse your work.
Plagiarism
Plagiarism means to take and use another person's ideas and or manner of expressing them and to
pass them off as your own by failing to give appropriate acknowledgement. This includes material
sourced from the internet, RTO staff, other students, and from published and unpublished work.
Plagiarism occurs when you fail to acknowledge that the ideas or work of others are being used, which
includes:
• Paraphrasing and presenting work or ideas without a reference
• Copying work either in whole or in part
• Presenting designs, codes or images as your own work
Collusion
Collusion means unauthorised collaboration on assessable work (written, oral or practical) with other
people. This occurs when a student presents group work as their own or as the work of someone else.
Collusion may be with another RTO student or with individuals or students external to the RTO. This
applies to work assessed by any educational and training body in Australia or overseas.
Collusion occurs when you work without the authorisation of the teaching staff to:
• Work with one or more people to prepare and produce work
• Allow others to copy your work or share your answer to an assessment task
• Allow someone else to write or edit your work (without rto approval)
• Write or edit work for another student
• Offer to complete work or seek payment for completing academic work for other students.
Both collusion and plagiarism can occur in group work. For examples of plagiarism, collusion and
academic misconduct in group work please refer to the RTO’s policy on Academic integrity, plagiarism
and collusion.
Plagiarism and collusion constitute cheating. Disciplinary action will be taken against students who
engage in plagiarism and collusion as outlined in RTO’s policy.
Proven involvement in plagiarism or collusion may be recorded on students’ academic file and could
lead to disciplinary action.
N/A
Unit outcome
• This unit is not graded and the student must complete and submit all requirements for the
assessment task for this cluster or unit of competency to be deemed competent.
• Students will receive a 'satisfactorily completed' (S) or 'not yet satisfactorily completed (NS)
result for each individual unit assessment task (UAT).
• Final unit result will be recorded as competency achieved/competent (C) or competency not
yet achieved/not yet competent (NYC).
Prerequisite/s
Nil
Co-requisite/s
Nil
The Foundation Skills describe those required skills (learning, oral communication, reading, writing,
numeracy, digital technology and employment skills) that are essential to performance. Foundation skills
essential to performance are explicit in the performance criteria of this unit of competency.
Relevant Legislation
All assessment tasks will ensure that the principles of assessment and rules of evidence are adhered
to.
The principles of assessment are that assessment must be valid, fair, flexible, reliable and consistent.
The rules of evidence state that evidence must be sufficient, valid, current and authentic.
AQF Level
AQF levels and the AQF levels criteria are an indication of the relative complexity and/or depth of
achievement and the autonomy required to demonstrate that achievement.
All assessment tasks must ensure compliance with the requirements of AQF level and the AQF level
criteria. For more information, please visit http://www.aqf.edu.au/
Further Information
Additional Information
• This information will be managed by the provisions of the Privacy Act and the Freedom of
Information Act.)
• Students are required to satisfactorily complete and submit all assessment tasks that
contribute to the assessment for a unit.
• Students will be provided with one more attempt to complete this Unit assessment pack
(UAP) if trainer/assessor deems them not satisfactorily completed (NS) in any Unit
assessment task (UAT).
• Unit Pre-Assessment Checklist (UPAC) will be reviewed by the trainer/assessor to ensure
the student is ready for the assessment.
Feedback to student
Feedback on students’ assessment performance is a vital element in their learning. Its purpose is to
justify to students how their competency was assessed, as well as to identify and reward specific
qualities in their work, to recommend aspects needing improvement, and to guide students on what
steps to take.
Feedback defines for students what their trainer/assessor thinks is important for a topic or a subject.
At its best, feedback should:
• Be provided for each Unit Assessment Task (UAT)
• Guide students to adapt and adjust their learning strategies
• Guide trainers/assessors to adapt and adjust teaching to accommodate students’ learning
needs
• Be a pivotal feature of learning and assessment design, not an add-on ritual
• Focus on course and unit learning outcomes
• Guide students to become independent and self-reflective learners and their own critics
• Acknowledge the developmental nature of learning.
If students have not received proper feedback, they must speak to compliance and quality assurance
department/administration department in the RTO/person responsible for looking after the quality
and compliance services of the RTO.
Assessment type:
• Written Questions
Applicable conditions:
• All knowledge tests are untimed and are conducted as open book tests (this means you are
able to refer to your textbook during the test).
• You must read and respond to all questions.
• You may handwrite/use computers to answer the questions.
• You must complete the task independently.
• No marks or grades are allocated for this assessment task. The outcome of the task will be
Satisfactory or Not Satisfactory.
• As you complete this assessment task you are predominately demonstrating your written skills
and knowledge to your trainer/assessor.
• The trainer/assessor may ask you relevant questions on this assessment task to ensure that
this is your own work.
Location:
• This assessment task may be completed in a learning management system (i.e. Moodle) or
independent learning environment.
• Your trainer/assessor will provide you further information regarding the location for
completing this assessment task.
• The purpose of this assessment task is to assess the students’ knowledge required for the
configuration of the IPS sensors for a secured network.
The purpose of this assessment task is to assess the students’ knowledge required to ensure secure
file encryption is selected, implemented and monitored on a computer network or local
environment.
• To make full and satisfactory responses you should consult a range of learning resources,
other information such as handouts and textbooks, learners’ resources and slides.
• All questions must be answered in order to gain competency for this assessment.
• You may attach a separate sheet if required.
• You must include the following particulars in the footer section of each page of the attached
sheets:
o Student ID or Student Name
o Unit ID or Unit Code
o Course ID or Course Code
o Trainer and assessor name
o Page numbers
• You must staple the loose sheets together along with the cover page.
• You must attach the loose sheets chronologically as per the page numbers.
• Correction fluid and tape are not permitted. Please do any corrections by striking through
the incorrect words with one or two lines and rewriting the correct words.
• Learner guide
• PowerPoint presentation
• Unit Assessment Pack (UAP)
• Access to other learning materials such as textbooks
• Access to a computer, the Internet and word-processing system such as MS Word.
A) Explain the steps to setting up a Cisco Router including configuration and verification/testing.
B) Explain the troubleshooting process for the following issues:
• Console is not responsive
• Traffic does not pass through
Question 5: What are the steps involved in design and implementation of the following?
• Local Area Network (LAN)
• Wide Area Network (WAN)
Question 7: Summarise the five (5) IPS and IDS deployment strategies to mitigate network
attacks. Write your response in 250-300 words
Question 8: Setting up a network for a Network Administrator requires the basic knowledge of
network fundamentals, these include the topology, architecture and elements of the network
which need to be designed as per the requirements of the enterprise.
A) What do you understand from the term Network Topology? Also, summaries five (5)
models of network topology. Write your response in 240-270 words.
B) Explain the following terms, each in 100-150 words.
1. Network Architectures
2. Network Elements
Question 9: While studying computer networks, the student must know the basic terms of
network standards and network protocols. Explain these two terms and write 100-150 words
for each in your response.
Question 10: What are the six (6) threat mitigation strategies required for network security?
Write 30-60 words for each strategy in your response.
Question 11: Summarise the two (2) Intrusion Prevention System sensor technologies. Write 100-
150 words for each.
Question 12: What is the network function of Transmission Control Protocol? Write your response
in 150-200 words.
Question 13: Summarise virtual private network technologies. Write your response in 150-200
words.
Question 15: Describe two legislation, regulations, standards and codes of practice relevant to the
network security? Write your response in 250-350 words.
Question 16: What are the steps involved for the following?
a) Configuration of a Cisco Switch
b) Verify a Switch
c) Troubleshooting of Switch
Question 17: What are the three (3) benefits to deploy an access management on IPS sensor?
Write your answer in 150-200 words
Second attempt:
Second attempt:
Student Declaration • I declare that the answers I have provided are my own work.
Where I have accessed information from other sources, I have
provided references and or links to my sources.
Australian Training School trading as Southern Academy of Business and Technology
Level 1 and 4 Bathurst Street Sydney NSW 2000 | Phone: 1300 852 205 | RTO Code: 31595 | CRICOS Provider Code: 03602E
ICTNWK609 - Configure and manage intrusion prevention system on network sensors: Student Assessment Task
Version : 1.2 Last Updated : 22 December 2017 Next Update: 22 December 2018 Page 39 of 70
ICTNWK609 - Configure and manage intrusion prevention system on network sensors
Date
Trainer/Assessor Name
Trainer/Assessor I hold:
Declaration
Vocational competencies at least to the level being delivered
Trainer/Assessor Signature
Date
Office Use Only Outcome of Assessment has been entered onto the Student
Management System on _________________ (insert date)
by (insert Name) __________________________________
Applicable conditions:
• Activity 1 is untimed and activity 2 is timed.
• You must read and respond to all criteria of the project.
• You may handwrite/use computers to answer the criteria of the project.
• You must complete the task independently.
• No marks or grades are allocated for this assessment task. The outcome of the task will be
Satisfactory or Not Satisfactory.
• As you complete this assessment task you are predominately demonstrating your practical
skills, techniques and knowledge to your trainer/assessor.
• The trainer/assessor may ask you relevant questions on this assessment task to ensure that
this is your own work.
Location:
• This assessment task may be completed in an independent learning environment or learning
management system.
• Your trainer/assessor will provide you further information regarding the location of
completing this assessment task.
This assessment task is designed to evaluate your following skills and abilities:
• Analysing IPS sensor requirements for the mitigation of network attacks
• Installation and configuration of the IPS sensor
• Computer
• Internet
• MS Word
• A live network
• Servers
HTK Bank is one of the emerging banks and provide one of the best banking services to its
customers. The bank works in a paperless environment and all the branches are connected to the
head office using secured VPNs and thus network security is of immense importance for the bank. In
the recent years, the bank has been able to provide latest and updated technology oriented online
services. The bank aims to facilitate the customers to their satisfaction. Also, all HTK Bank employees
are responsible for the information security. The bank has clearly defined its policy for its
information security which includes the following:
• Identify and manage information security risks, while taking into account their impact on
banking business.
• Define information security policies, strategies and standards.
• Assist and advise owners of information in evaluating risks and required levels of protection,
and in choosing appropriate security measures.
• Make all employees aware of information security and the importance of their involvement.
• To determine the responsibilities and duties towards information security concerning
employees, managers, and contractors.
• Classification of the assets of the bank and determine the required levels of protection using
international standards. Item No.
• Upgrade security access to bank facilities: Implement additional security protocols of entry
and access to bank facilities, including sensitive equipment, information systems and
databases.
• Password Management: The establishment of the passwords and other security related
responsibilities.
• Physical and environmental security: Identifying facilities to protect and prevent
unauthorised access, information theft, equipment theft and disruption of work or
eavesdropping. Also, protecting infrastructure equipment such as fire equipment and air
conditioners.
• E-Mail Security: The establishment of protocols to protect E-mails and databases. Email is
the largest distributor of viruses and spam which needs mechanisms and procedures to
make sure data is not corrupted or stolen. Item No.
• Personal security: Introduction of mechanisms to reduce human error, theft, embezzlement
and corruption.
• Upgrade Encryption: To upgrade and maintain the confidentiality, creditability, and integrity
of the information using the latest encryption software.
• Remote Access: Establishment of security precautions and mechanisms to be taken to
prevent access to the bank’s internal network using remote access.
• Systems development and maintenance: Analyse, maintain and upgrade the current system
in place to ensure building security. The mechanisms focus on peacekeeping, security,
encryption, data and configuration.
• Antivirus: Analyse the procedures and software for anti-virus and anti-spam software.
• Backup: Establish procedures to backup copies of data, storage media and information
security.
• Incident Response: Procedure to learn, monitor and reduce time of security breaches and
breakdowns in the system operations to reduce direct or indirect damage to the CBL and the
public.
• Security of networks and facilities: Protect networks from eavesdropping, spying, theft,
disruption, and unwanted modification.
Australian Training School trading as Southern Academy of Business and Technology
Level 1 and 4 Bathurst Street Sydney NSW 2000 | Phone: 1300 852 205 | RTO Code: 31595 | CRICOS Provider Code: 03602E
ICTNWK609 - Configure and manage intrusion prevention system on network sensors: Student Assessment Task
Version : 1.2 Last Updated : 22 December 2017 Next Update: 22 December 2018 Page 47 of 70
ICTNWK609 - Configure and manage intrusion prevention system on network sensors
In order to ensure the privacy, confidentiality and integrity of the Information which are exchanged,
disclosed, shared, stored or otherwise used on our system and the Transactions, whether or not the
same belongs or originates from you or otherwise, we have engaged the use of a combination of
authentication, encryption and auditing mechanisms which serve as a powerful barrier against all
forms of system penetration and abuse.Also, to ensure the information security across the network
infrastructure of the bank, Jack-IT Manager has implemented following mechanisms:
• 128-bit encryption;
• Firewalls; and
• Account-locking,
all of which have been thoroughly tested in a series of independent security audits and have been
determined, whether used separately or together, to effectively protect and safeguard against
known security issues and prevent any form of tampering or theft of Information or Transactions,
where applicable.
Even then it has been observed that several attacks are made on regular basis by the hackers to
access the transactional and financial information. Therefore, the bank utilise services of the NALES
Pvt Ltd.
NALES is a global leader in cyber and network security products and services. Over 1500 highly
qualified cyber security experts, handle national security in 50 countries, and critical information
systems for over 100 clients. 80% of the largest banks, energy and aerospace organisations around
the world rely on security delivered by NALES.
With over 40 years of experience in Information Assurance and Security, NALES has an unrivalled
understanding of the range of threats that Australian businesses and organisations face. At the heart
of what NALES does is the belief that securing people, property and information ensures business
continuity and reputation.
George- IT Project Manager has been assigned the task by NALES to implement the IPS sensors on
the network of HKT bank. The IT project manager will perform the implementation in coordination
and in assistance of the IT Manager of the Bank. The job description of the IT Project Manager is as
under:
• Directs, plans and controls all activities and staff of an Information Security area and has full
management responsibility for the performance and development of subordinate staff in
accordance with corporate strategic direction. May include matrix reporting relationships.
• Directs the design, development, testing and implementation of appropriate information
security plans, technologies, capabilities and other detection & response activities.
Activity 1: (Analysing IPS sensor requirements for the mitigation of network attacks)
With reference to the scenario given, and as per the requirements of the bank you need to
implement and configure the IPS sensors for optimal network security. Initially you need to analyse
the requirements for the IPS Sensor usage, so you need to analyse the following:
• System requirements for along with the requirements to implement IPS sensors for optimal
secured performance of the network
• The difference of inline to promiscuous mode sensor operations
• Different evasive techniques used by hackers
• The factors to consider for the selection, placement and deployment of IPS sensors using the
feature of IPS signature.
The analysis of the requirements for IPS sensors will not only help in the ways of using the IPS
sensors to mitigate network attacks but will also specify how IPS can defeat the attacks on network.
You need to research on internet to find relevant information related to the scenario to complete
the given template.
1 System
Requirements
for IPS Sensor
2 Evasion
techniques
used by
Hackers
3 Difference
between
Inline to
Promiscuous
mode sensor
operations
4 Selection,
placement
Australian Training School trading as Southern Academy of Business and Technology
Level 1 and 4 Bathurst Street Sydney NSW 2000 | Phone: 1300 852 205 | RTO Code: 31595 | CRICOS Provider Code: 03602E
ICTNWK609 - Configure and manage intrusion prevention system on network sensors: Student Assessment Task
Version : 1.2 Last Updated : 22 December 2017 Next Update: 22 December 2018 Page 50 of 70
ICTNWK609 - Configure and manage intrusion prevention system on network sensors
Now, once the analysis of the requirements has been done, considering the above network diagram
you need to install and configure the IPS sensor to the network so that the security parameters can
be achieved. You will act as George and the trainer will act as Jack and will provide you the following
for the successful completion of the project:
Now, once the analysis of the requirements has been done, considering the above network diagram
you need to install and configure the IPS sensor to the network so that the security parameters can
be achieved. You will act as George and the trainer will act as Jack. Your trainer will provide you the
following for the successful completion of the project:
• Install the IPS Sensor and initialise the sensor by configuring the sensor interface, interface
pairs, VLAN pairs and VLAN groups. The IPS sensor set up will be done on the router
connected to the network
Australian Training School trading as Southern Academy of Business and Technology
Level 1 and 4 Bathurst Street Sydney NSW 2000 | Phone: 1300 852 205 | RTO Code: 31595 | CRICOS Provider Code: 03602E
ICTNWK609 - Configure and manage intrusion prevention system on network sensors: Student Assessment Task
Version : 1.2 Last Updated : 22 December 2017 Next Update: 22 December 2018 Page 52 of 70
ICTNWK609 - Configure and manage intrusion prevention system on network sensors
Student must follow vendor instruction for configuration, management and maintenance of the IPS
sensor.
You need to complete this activity in 4-6 hours and additional time may be given on request.
Your trainer and assessor will observe you during the activity and complete the performance
checklist.
Components Details
Purpose Of The
mitigation Plan
Process
Threat/Vulnerability
Identification
Bulnerability
Monitoring,
Controlling, And
Reporting
Signature: Date:
Print Name:
Title:
Role:
Signature: Date:
Print Name:
Title:
Role:
Second attempt:
Second attempt:
Student Declaration • I declare that the answers I have provided are my own work.
Where I have accessed information from other sources, I have
provided references and or links to my sources.
• I have kept a copy of all relevant notes and reference material
that I used as part of my submission.
Date
Trainer/Assessor Name
Trainer/Assessor I hold:
Declaration
Vocational competencies at least to the level being delivered
Trainer/Assessor Signature
Date
Office Use Only Outcome of Assessment has been entered onto the Student
Management System on _________________ (insert date)
by (insert Name) __________________________________
Applicable conditions:
• This project is timed and additional time will be provided to complete the documentation.
• You must read and respond to all criteria of the project.
• You may handwrite/use computers to answer the criteria of the project.
• You must complete the task independently.
• No marks or grades are allocated for this assessment task. The outcome of the task will be
Satisfactory or Not Satisfactory.
• As you complete this assessment task you are predominately demonstrating your practical
skills, techniques and knowledge to your trainer/assessor.
• The trainer/assessor may ask you relevant questions on this assessment task to ensure that
this is your own work.
Location:
• This assessment task may be completed in a simulated learning environment or in a real
workplace.
• Your trainer/assessor will provide you further information regarding the location of
completing this assessment task.
This assessment task is designed to evaluate your following skills and abilities:
• Tunning and Monitoring of IPS Sensors
This activity is continuation of assessment task 2. You are required to participate in a practical
demonstration task. You need to complete this activity in 3 to 5 hours. Additional time will be
provided for analysis and preparing documentation.
Note: For This activity RTO/Assessor will provide you the following:
After the configuration of the IPS sensor and managing it using the built-in tools. You need to tune
up the IPS sensors for optimising its performance against the mitigation of the attacks. You will act
as George- the IT Project Manager from NALES and work with IT manager – Jack (Trainer/assessor)
as per the requirements specified by the HKT Bank. You need to discuss the tunning process with the
trainer as IPS tuning helps ensure that the alerts you are seeing are real, actionable information.
Without tuning, you will potentially have thousands of benign events, making it difficult for you to
conduct any security research or forensics on your network. Benign events, also known as false
positives, exist in all IPS devices, but they happen much less in devices such as Cisco IPS devices,
which are stateful and normalised, and use vulnerability signatures for attack evaluation.
Additional Cisco IPS features include risk rating, which identifies high-risk events, and policy-based
management, which easily lets you deploy rules that enforce an IPS signature action based on risk
rating
• Tunning of IPS sensors as per the requirement of the security parameters of the network
• Create IPS signatures and Meta Signatures and test scenarios
• Configure gateway for passive operating system (OS) fingerprinting
• Configure the external products interface for management of external security features and
to enhance the sensor configuration information as the external product interface is
designed to receive and process information from external security and management
products. These external security and management products collect information that can be
used to automatically enhance the sensor configuration information. For example, the types
of information that can be received from external products include host profiles (the host OS
configuration, application configuration, and security posture) and IP addresses that have
been identified as causing malicious network activity.
• Configuration of virtual sensor for remote sites of network and anomaly detection
• Monitoring of the IPS events and advanced features. Also complete the template for IPS
events summary
• Use of network management tools for the management of IPS sensors.
• Also, fill the template given below for network monitoring and management of IPS sensors.
• Policies
•
• Personnel
•
•
Widget Description
IPS Severities
Top Sources
Top Destinations
Top Reporting/Attacked
Devices
Severity
Event Name
Event Category
Source IP
Source Country
Source Port
Destination IP
Destination Port
Log Source
Application
User Name
Host Name
Protocol ID
Source Zone
Destination Zone
Nested Application
NAT Source IP
NAT Destination IP
Traffic Session ID
Time
Configured Passive OS
fingerprinting
Second attempt:
Second attempt:
Student Declaration • I declare that the answers I have provided are my own work.
Where I have accessed information from other sources, I have
provided references and or links to my sources.
• I have kept a copy of all relevant notes and reference material
that I used as part of my submission.
Australian Training School trading as Southern Academy of Business and Technology
Level 1 and 4 Bathurst Street Sydney NSW 2000 | Phone: 1300 852 205 | RTO Code: 31595 | CRICOS Provider Code: 03602E
ICTNWK609 - Configure and manage intrusion prevention system on network sensors: Student Assessment Task
Version : 1.2 Last Updated : 22 December 2017 Next Update: 22 December 2018 Page 69 of 70
ICTNWK609 - Configure and manage intrusion prevention system on network sensors
Date
Trainer/Assessor Name
Trainer/Assessor I hold:
Declaration
Vocational competencies at least to the level being delivered
Trainer/Assessor Signature
Date
Office Use Only Outcome of Assessment has been entered onto the Student
Management System on _________________ (insert date)
by (insert Name) __________________________________