Professional Documents
Culture Documents
Assessment Details
Qualification Code/Title ICT50415 Diploma of Information Technology Networking
Assessment Type Assessment -01 ( Project) Time allowed
Due Date Location AHIC Term / Year
Unit of Competency
National Code/Title ICTNWK503 Install and maintain valid authentication processes
Student Details
Student Name Student ID
Assessor Details
Assessor’s Name
RESULTS (Please Circle) SATISFACTORY NOT SATISFACTORY
Feedback to student:
..................................................................................................................................................................................................
..................................................................................................................................................................................................
...............................................................................................................................................................................................
This is Individual Assessments. Once you have completed the assessment, please upload the softcopy of the
Assessment into AHIC Moodle.
Plagiarism is copying someone else’s work and submitting it as your own. Any Plagiarism will result in a mark
of Zero.
Currently, there are 30 Desktop computers with One Server. All of desktop computers has installed Windows 7
Operating System and Server has installed Windows Server 2008.
Hardware requirements for Server has been given below:
Processor: 2 GHz (for x64 processors)
RAM: 32 GB
DVD-ROM drive
Super VGA (800 x 600)
Keyboard and mouse
Internet access
Internet access.
The problem with current infrastructure is computer is very slow, No Group policy has not been configured, and
all of the users are using generic password
In this Regards, Nubex has requested you to do the following tasks:
Each entity must have in place a security plan approved by the accountable authority to manage the entity's
security risks. The security plan details the:
a. security goals and strategic objectives of the entity, including how security risk management intersects with
and supports broader business objectives and priorities
b. threats, risks and vulnerabilities that impact the protection of an entity's people, information and assets
c. entity's tolerance to security risks
d. maturity of the entity's capability to manage security risks
e. entity's strategies to implement security risk management, maintain a positive risk culture and deliver against
the PSPF.
Where a single security plan is not practicable due to an entity's size or complexity of business, the accountable
authority may approve a strategic-level overarching security plan that addresses the core requirements.
Security plan
Entities develop a security plan to articulate how their security risks will be managed and how security aligns
with their priorities and objectives. Where a single security plan is not practicable due to the entity's size or
complexity of business, the Attorney-General's Department recommends developing an overarching security
plan supported by more detailed plans (referred to as supporting security plans).
Each entity's security plan will be different. The security plan reflects an entity's protective security
requirements and mitigation strategies appropriate to the levels of threat, risks to its assets and risk tolerances.
Entities are encouraged to use approaches that manage risks for the Australian Government and best meet their
operational environment.
Requirement 1 mandates security plans (and supporting security plans) are reviewed at least every two years. A
security plan is a 'living' document and requires review and adjustment to ensure the goals and management of
security risks keeps pace with changes in the entity and with emerging threats. This could include, for example, a
change in the National Terrorism Threat Level or an emerging threat that alters the entity's business impact
level. It is recommended the security plan also be reviewed when there are significant shifts in the entity's risk
or operating environment.
Entities determine how the review of the security plan (and supporting security plans) is conducted. Security
plans may be reviewed by the CSO or appointed security advisor, an external security consultant or through a
security governance oversight committee for larger or more complex business operations.
Security plans are best developed by a person who also has an understanding of the entity's strategic goals and
objectives and the appropriate level of security risk management knowledge and expertise.
Entities are encouraged to make the security plan (and supporting security plans) available across the entity,
particularly for those with obligations or responsibilities identified in the plan, helps to build a positive security
culture based on a common understanding of security.
Identify and analyse authentication options according to user and enterprise requirements
Authentication Options
There are a number of components involved in accomplishing these objectives. One way is to assign access
permissions to resources that specify which users can or cannot access those resources and under what
circumstances.
Access permissions, however, work only if you are able to verify the identity of the user who is attempting to
access the resources. That’s where authentication comes in. We will look at the role played by authentication in
a network security plan, popular types of authentication, how authentication works, and the most commonly
used authentication methods and protocols.
Every organisations have different core infrastructure, and along with that, different requirements for
authenticating against their IT Systems.
Single Sign-On, using your Active Directory credentials, is available for Windows PCs joined to the domain. When
used, users are automatically authenticated to Active Directory and the Passwordstate web site, without the
need for them to specify their username and password.
Based on either the TOTP (Time-Based) or HOTP (Counter-Based) algorithms, you can use either hardware or
software tokens for additional two-factor authentication. Can be used with most authentication services which
support TOTP and HOTP, like Microsoft Azure MFA.
Make use of the leading cloud-based two-factor authentication solution, and choose Duo Security's
Authentication - either Push, SMS or Phone Call
Google Authenticator
Google provides a free two-factor authentication solution called Google Authenticator, with authentication
software available for most mobile clients
Setting limits on a computers’ Control Panel creates a safer business environment. Through Control Panel, you
can control all aspects of your computer. So, by moderating who has access to the computer, you can keep data
and other resources safe.
When you give users the freedom to install software, they may install unwanted apps that compromise your
system. System admins will usually have to routinely do maintenance and cleaning of such systems. To be on the
safe side, it’s advisable to prevent software installations through Group Policy,
Removable media drives are very prone to infection, and they may also contain a virus or malware. If a user
plugs an infected drive to a network computer, it can affect the entire network. Similarly, DVDs, CDs and Floppy
Drives are prone to infection.
Command Prompts can be used to run commands that give high-level access to users and evade other
restrictions on the system. So, to ensure system resources’ security, it’s wise to disable Command Prompt.
After you have disabled Command Prompt and someone tries to open a command window, the system will
display a message stating that some settings are preventing this action.
Forced system restarts are common. For example, you may face a situation where you were working on your
computer and Windows displays a message stating that your system needs to restart because of a security
update.
In many cases, if you fail to notice the message or take some time to respond, the computer restarts
automatically, and you lose important, unsaved work.
1. Kerberos
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server
applications by using secret-key cryptography. A free implementation of this protocol is available from the
Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
2. Oauth 2
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an
HTTP service, such as Facebook, GitHub, and DigitalOcean.
3. RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized
Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a
network service.
Required Software:
Task 1:
Make sure that Windows 2008 server and Windows 7 in virtual machine is working in your PC. Logon as
administrator to begin.
Task 2:
Change the TCP/IP properties of the network card to use a static class C IP address of 192.168.10. xx.
Task 3:
Install active directory with ahic.com as domain name. Make sure that you add Windows 7 in a domain.
Task 4:
Set up password policy as password complexity disabled and minimum password length zero in Windows 2008
Server. Update password policy. Which command did you use?
Task 5:
Create two new users. One is John Black and the other is Teresa Green using simple password such as ahic1234
User:
John Black
User:
Teresa Green
Create a network folder called test and allow John full permission and deny access to Teresa.
Task 6:
AHIC has three Organizational units under domain such as IT and Marketing and Admin. As a Network
administrator you need to format the system for Admin department by this weekend. Make a group
policy that when the users of IT department log on the System they will get the Message that “C Drive
will be formatted soon. Please take a backup in other drive”.
Task 7:
Make a GPO that user can’t access the Control Panel
REFERENCES
1. https://www.protectivesecurity.gov.au/governance/security-planning-risk-
management/Pages/default.aspx
2. https://www.clickstudios.com.au/about/authentication-options.aspx
3. https://www.techrepublic.com/article/understanding-and-selecting-authentication-methods/
4. https://www.lepide.com/blog/top-10-most-important-group-policy-settings-for-preventing-security-
breaches/
5. https://www.getkisi.com/blog/authentication-protocols-overview
Submission Requirements:
PART A:
Written Report ( Approximately 800 Words)
Presentation Slide ( at least 10 slides)
PART B:
Screen Shot of all practical tasks (Task 1 – Task 7) and paste in Microsoft Words