TOPIC 1 – DEFINE A PROCESS FOR DESIGNING

SECURITY
DEFINE PLANNING PHASE FOR NETWORK SECURITY DESIGN
When setting out to define a process for the designing of a security system and plan that can be
used to manage network security effectively.
When considering the network security designs for an organization, it will be necessary to
ensure that the specific network that is either currently in place or proposed is known so that a
range of investigations and planning is able to take place based on the actual weaknesses and
strengths of the particular network. The network may include:
• • Data
• • Internet
• • Local area networks (LANs)
• • Large and small LANs
• • Virtual private networks (VPNs)
• • Wide area networks (WANs)
• • Wireless LANs (WLANs)

NETWORK SECURITY IMPLEMENTATION RISK MANAGEMENT PLANS AND PROCEDURES

DEFINE THE PLANNING PHASE
It is important for the organization to define the planning phase of design and management of
the network security plan and these may include the following planning phase tasks:
PLAN DEFINITION
An implementation plan definition will describe the particular implementation that is to take
place. In this case that will include a list of the network security technologies where they will be
implemented and why. It will be important to make a range of notes regarding the role of each
of the specific technologies and how they will achieve these roles. © Sydney City College of Management Pty Ltd RTO:
45203 CRICOS: 03620C Date Revision date Version Page 13 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
OBJECTIVES AND OUTCOMES
The objectives and outcomes portion of the implementation plan will state all of the focuses of
the implementation and what it sets out to achieve.
It is important that these objectives and outcomes are measurable so that they can be used to
evaluate the success of the implementation.
BENEFITS STATEMENT
A benefits statement will need to be included as a part of the implementation plan, and this will
detail the specific benefits that each of the security and network components will provide to
the ICT system and network and then how these features will provide overall benefits to the
information and communication management within the organisation.
EVALUATION METHODOLOGY
It will be necessary to ensure that a set of rules for the evaluation of the implementation and its
outcomes. The evaluation will need to be planned and set out in terms of methods, tools,
resources, roles and measuring capabilities.
GOVERNANCE
The structure of governance involves the rules and guidelines that need to be managed
including the role and responsibilities of all personnel that will be involved in the
implementation of network security.
SCOPE
The scope of the project involves a number of departments and sections within the
organisation that will be affected by the implementation.
It will be necessary to ensure that the complete breadth and depth of the entire
implementation. © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 14 of 63 File
Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
IMPLEMENTATION SCHEDULE
The implementation schedule is a detailed breakdown of all of the actions that need to take
place throughout the implementation including resource needs and timing of each action.
WORK BREAKDOWN STRUCTURE
The Work Breakdown Structure (WBS) sets out and defines the full scope of the work required
to complete the implementation. The WBS displays the full scope of the implementation in a
way that shows how each of the elements relates to the implementation plan and each other.
A WBS illustrates “When” and “Who” where the WBS defines the “What” of the implementation
activities.
A WBS can be used to determine the following:
• • Management requirements
• • Assessing Risk
• • Resources management
• • Performance Management and tracking
• • Resource Acquisition
• • Budgets and financial management
• • Schedule and timeline
• • Roles and responsibilities

RESOURCES
The resources section will set out a range of information in relation to the resources that will
be required for the implementation plan, and this may include:
• • What
• • When
• • From where
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 15 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
• • Quality requirements
• • Quantities
• • Acquisition plans

BUDGET
The budget will need to include all monetary allocations and management plans including any
processes for making amendments to the budget and all roles and responsibilities in relation to
it.
RISK ASSESSMENT AND MANAGEMENT
There will need to be a risk assessment and management plan for all different types of risks
that may pose a threat to the implementation plan.
COMMUNICATION PLAN
It will be necessary to ensure that a full communication plan is created for all of the
communications that will need to take place internally and externally throughout the entire
implementation of the network security.
QUALITY ASSURANCE
A plan for the management of the specific quality requirements of the implementation plan
including, managing improvements, evaluation and reporting needs. © Sydney City College of Management Pty Ltd RTO:
45203 CRICOS: 03620C Date Revision date Version Page 16 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
DEFINE BUILDING PHASE FOR NETWORK SECURITY DESIGN
The building phase of the network security design is the phase where the actual security
components and functions are connected, implemented, configured and tested.
THE BUILDING PHASE
The building phase of the network security design will include the following actions:
DETERMINE NETWORK ARCHITECTURE
It will be necessary to ensure that a full plan of the system architecture is created and assessed
so that this may be used to complete the building phase with.
ACQUIRE THE REQUIRED COMPONENTS
It will be necessary to acquire all of the required network security components, and this may
include:
• • Network components
• • Hardware
• • Software

DETERMINE ALL CONNECTIONS

All of the connections will need to be determined to ensure that security items are
incorporated into the network in an appropriate manner.
DETERMINE SYSTEM DOWNTIME
It will be necessary to ensure that the required system downtime and interruptions that will be
needed in order to allow the security components to be placed into the system. © Sydney City College of
Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 17 of 63 File Name: ICTNWK511_Learner Guide May 2019
May 2020 2.0
TEST ALL COMPONENTS
It will be necessary to ensure that all of the system components are able to be tested and
assessed to ensure that they are suitable for installation and operating correctly.
BUILD SECURITY NETWORK
It will be necessary to ensure that all of the required components are placed into the network
as required ensuring:
• • Compliance with architecture design plan
• • Correct connections
• • Suitability and compatibility with

INSTALL SOFTWARE
All software and management programs for the specific hardware items will need to be
installed.
CONFIGURE ALL SOFTWARE AND HARDWARE
Once all software has been installed it will be necessary to ensure that it is configured and this
will include:
• • Creating accounts
• • Entering information
• • Controlling settings
• • Assigning rules
• • Determining operations
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 18 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
DEFINE MANAGING PHASE FOR NETWORK SECURITY DESIGN
The managing phase for the network security design involves a range of management activities
that will ensure that the network security design is operating correctly and is reviewed and
evaluated as required.
NETWORK MANAGEMENT AND SECURITY PROCESS CONTROLS
There is a range of tasks that will need to be conducted during the managing phase of the
security network design, and these may include:
ASSIGN AND MONITOR ROLES AND RESPONSIBILITIES
It will be necessary to ensure that a range of roles and responsibility in relation to the
managing phase of the network design are able to be identified and assigned accordingly.
PLAN AND CONDUCT MAINTENANCE OPERATIONS
It will be necessary to ensure that a range of maintenance operations are able to are identified
and conducted as required, and these may include:
• • Updating components
• • Updating hardware
• • Manual resetting of devices
• • Configuration
• • Updating software
• • Clearing logs
• • Maintaining information that supports the security system

REVIEW DESIGNS PERFORMANCE

It will be necessary to conduct a range of reviews on the designs expected performance based
on:
• • Performance parameters
• • Benchmarks
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 19 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
• • Performance profiles

USE A RANGE OF REVIEW AND ANALYSIS TOOLS

It will be necessary to use a range of review and analysis tools when reviewing the likely
performance profile that the network design is able to provide:
• • Comparative analysis: Comparative analysis is a type of appraisal which can be
conducted on two similar factors from similar networks are compared, and the data is used to
the determine an estimation of how the network should perform in the current business
environment based on these comparisons.
• • Competitive analysis: In order to determine how the network will perform in
particular circumstances, it is important to determine the performance, strengths and
weaknesses of other networks.

REPORT AND ADJUST

It will be necessary to continually review, report and adjust the network security design as
required in order to ensure that desired outcomes are able to be achieved. © Sydney City College of Management Pty
Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 20 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
TOPIC 2 – IDENTIFY THREATS TO NETWORK
SECURITY
DETERMINE WHY ATTACKS OCCUR
When setting out to manage a network's security needs, it will be necessary in order to
determine why attacks occur. There is a range of different types of attacks that occur within
network security, and these have a range of reasons deepening on a range of variables.
WHAT IS A NETWORK SECURITY ATTACK?
A network security attack is considered to be a deliberate action that is designed to actively
circumvent the security components and protection elements that have been put in place.
TYPES OF NETWORK ATTACKS
There are two main types of attacks that occur, and these are:
PASSIVE
A passive attack is an attack that has the purpose of using the information that is contained
within the system but does not make alterations to the system.
ACTIVE
An active attack has the purpose of altering the resources of the system or affecting the
operation of the system.
Diagram of how attacks work: © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version
Page 21 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
i
DETERMINE WHY ATTACKS OCCUR
When determining why attacks occur it will be necessary to make the following considerations:
• • What types of attacks are occurring?
• • What areas of the organisation are attackers trying to access?
• • What information is contained in these areas?
• • What could this information be used for?
• • How could damage to the network affect the organisation?

In many cases, the answers to these types of questions will provide the organisation with a
strong understanding as to why attacks occur within the specific network.
Attack areas that the Australian Government has reported: © Sydney City College of Management Pty Ltd RTO: 45203
CRICOS: 03620C Date Revision date Version Page 22 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
ii © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 23 of 63 File Name:
ICTNWK511_Learner Guide May 2019 May 2020 2.0
DETERMINE WHO THE ATTACK MAY COME FROM
Once the analysis into the reasons that attacks occur has been completed the next step of the
research phase for planning and managing network security is to determine who the attacks
may come from. Understanding who and why the attacks on the network are being made can
help in the prevention of these attacks.
WHO ATTACKS MAY COME FROM
Attacks may come from within or outside of the organisation and so may be categorised as:
• • Internal: Internal or “Insider Attack” is a network security breach attempt that
originates from within the organisation. These types of attacks usually involve personnel
accessing information, data or areas that they do not have the authorisation for. In these types
of attacks, it is common for the organisation to lose large amounts of protected and valuable
data.
• • External: External or “Outsider attacks” originates from outside the perimeter of the
organisation, these types of attacks may be very varied in their impact or attempt and can
include pranksters, amateur hackers, organised crime, politically motivated attacks, internal or
international terrorists and other hostile government-affiliated agencies.

DETERMINING WHO THE ATTACKS MAY COME FROM

When setting out to determine who the attacks may come from it will be necessary to ensure
that a range of considerations are made, including:
• • What data and systems are within the security networks?
• • What are the implications of these being accessed?
• • Who could benefit from their access?
• • What damage could be done to the business?
• • Who may want to cause this damage?

Answering these questions will allow for the assessment of who may attack the network this
information will aid in selecting appropriate protection methods. © Sydney City College of Management Pty Ltd RTO:
45203 CRICOS: 03620C Date Revision date Version Page 24 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
ANALYSE COMMON TYPES OF NETWORK VULNERABILITIES
Network vulnerabilities are those that may be the focus of an attack, and it is important to
understand how these attacks work in order to be able to manage and mitigate these risks
successfully.
VULNERABILITIES
Vulnerabilities may include:
AUTHENTICATION AND AUTHORISATION
It is important to understand the difference between the following two security components
and to understand how these may become vulnerabilities for the organisation:
• • Authentication: The purpose of authentication is to ensure that a user’s ID is able to be
verified and that the correct person is obtaining access to the system.
• • Authorisation: The purpose of authorisation is to ensure that a user is authorised to
gain the particular type of access that they are requesting.

FIREWALLS
A firewall is a part of the network security system and may be composed of hardware, software
or both types of components and uses a range of rules and parameters in order to control
access and authority of both ingoing and outgoing network traffic. An insufficient firewall will
be a major vulnerability in the system.
A firewall acts as a protective wall or barrier between a trusted network and a network that is
not known or trusted such as the internet.
Firewalls work on what is called the positive control model and what this means is that all
traffic is denied apart from the traffic that has specific approval. © Sydney City College of Management Pty Ltd RTO: 45203
CRICOS: 03620C Date Revision date Version Page 25 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
Firewalls may include:
• • Hardware appliances
• • Individual PC solutions, with varying functionality:
• • Network address translation (NAT) or internet protocol (IP) masquerading
• • Routing to specific machines
• • Proxy servers

OTHER VULNERABILITIES
There is a range of other vulnerabilities that the network may have, and these could be caused
by:
• • Network design
• • Incompatible hardware
• • Outdated script or code
• • Misconfigured or insufficient security
• • Storage facilities
• • Wi-fi attacks
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 26 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
DETERMINE HOW ATTACKS OCCUR
It will be necessary to determine how attacks occur in order to gain a better understanding of
how they may be mitigated and prevented.
ATTACKS MAY OCCUR USING THE FOLLOWING METHODS
DENIAL OF SERVICE AND BY-PASS
A denial of service or bypass attack is a cyber-attack in which attacker seeks to ensure that a
particular machine or server is unavailable, this can result in holes in the security system and
discrediting or hampering to operational procedures of the organisation. A denial of service
attack may be conducted through the flooding of an authentication procedure with requests
that they are aware are going to be denied, but this will result in the system being overloaded
and unable to approve valid requests.
Diagram of a denial of service attack:
iii
A bypass attack occurs when the attacker attempts to bypass the system authentication system
altogether by hitching a ride or manipulating data. © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C
Date Revision date Version Page 27 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
EAVESDROPPING
Eavesdropping is a type of electronic attack that involves the interception of data by an
unauthorised individual. It involves the recording of packets of data that are transferred from
one secure point to another; this data may then need to be decoded using cryptographic
programs.
HACKERS
A hacker is a person that uses a range of computer systems and technology in order to gain
unauthorised access to:
• • Communications
• • Systems
• • Data

Hackers may use a range of techniques to target and access systems, and these may include:
• • Key logging
• • Denial of service
• • Waterhole attacks
• • WAP attack
• • Eavesdropping
• • Phishing
• • Trojans
• • Viruses
• • Clickjacking
• • Stealing cookies
• • Switch baiting

IMPERSONATION
Impersonation is a complex security threat that uses the impersonation of a client to a system
in order to meet the security requirements of the authorising body in order to access tokens
and then divert them in order to gain access to the system. Server process and example of
impersonation: © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 28 of 63 File
Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
iv
MANIPULATION
Data manipulation may involve the altering of coding and scripting in order to confuse the
system and to ensure that the system will find a malicious code as normal and allow it through
the system.
PENETRATION
System penetration is the unauthorised penetration of a system through social attacks such as
phishing, spam, spear phishing and baiting. Other methods also include Trojans and viruses.
Each of these methods is used to bypass the security system and gain unauthorised access to a
system, device or data.
VIRUSES
A virus is a small piece of software that is able to piggyback or attach itself to other pieces of
software. This will enable an executable program to run each time the program that it is
attached to, allowing the virus to conduct the operation within the system that it was designed
for.
EMERGING SECURITY ISSUES
There is a range of emerging security issues, and these include:
• • Cloud computing security
• • Multiple device access requirements
• • Wireless area network security
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 29 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
DESIGN A THREAT MODEL TO CATEGORISE TREATS
It will be necessary to ensure that a suitable threat model is created and used to successfully
and consistently categorise threats.
THREAT MODELLING
Threat modelling is a process that can be used to optimise and plan for network security
through the identification of a range of objectives and vulnerabilities. Threat modelling will
also allow for the defining and categorising of a range of control or preventative risk mitigation
actions that can be undertaken in order to respond to network risks.
v
Another threat model is: © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 30
of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
vi
CATEGORISE THREATS
It will be necessary to ensure that all of the threats that have been assessed that they are
prioritised in terms of:
• • Urgency
• • Severity
• • Importance
• • Level of controls required
• • Level of control that would be able to be achieved

CATEGORY PRIORITISATION MATRIX

A tool that can be used to assist in prioritising threats could be a
prioritisation matrix which can be used to weigh different aspects of the
objectives against each other to give them a rating. In the example below the
priorities measured against each other are Risk Vs Risk level. The higher the
number, the higher the level of risk that the event will cause. Risk Level
Low Med High
Risk High 1 2 3
Med 2 3 4
Low 3 4 5