Professional Documents
Culture Documents
SECURITY
DEFINE PLANNING PHASE FOR NETWORK SECURITY DESIGN
When setting out to define a process for the designing of a security system and plan that can be
used to manage network security effectively.
When considering the network security designs for an organization, it will be necessary to
ensure that the specific network that is either currently in place or proposed is known so that a
range of investigations and planning is able to take place based on the actual weaknesses and
strengths of the particular network. The network may include:
• • Data
• • Internet
• • Local area networks (LANs)
• • Large and small LANs
• • Virtual private networks (VPNs)
• • Wide area networks (WANs)
• • Wireless LANs (WLANs)
RESOURCES
The resources section will set out a range of information in relation to the resources that will
be required for the implementation plan, and this may include:
• • What
• • When
• • From where
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 15 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
• • Quality requirements
• • Quantities
• • Acquisition plans
BUDGET
The budget will need to include all monetary allocations and management plans including any
processes for making amendments to the budget and all roles and responsibilities in relation to
it.
RISK ASSESSMENT AND MANAGEMENT
There will need to be a risk assessment and management plan for all different types of risks
that may pose a threat to the implementation plan.
COMMUNICATION PLAN
It will be necessary to ensure that a full communication plan is created for all of the
communications that will need to take place internally and externally throughout the entire
implementation of the network security.
QUALITY ASSURANCE
A plan for the management of the specific quality requirements of the implementation plan
including, managing improvements, evaluation and reporting needs. © Sydney City College of Management Pty Ltd RTO:
45203 CRICOS: 03620C Date Revision date Version Page 16 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
DEFINE BUILDING PHASE FOR NETWORK SECURITY DESIGN
The building phase of the network security design is the phase where the actual security
components and functions are connected, implemented, configured and tested.
THE BUILDING PHASE
The building phase of the network security design will include the following actions:
DETERMINE NETWORK ARCHITECTURE
It will be necessary to ensure that a full plan of the system architecture is created and assessed
so that this may be used to complete the building phase with.
ACQUIRE THE REQUIRED COMPONENTS
It will be necessary to acquire all of the required network security components, and this may
include:
• • Network components
• • Hardware
• • Software
INSTALL SOFTWARE
All software and management programs for the specific hardware items will need to be
installed.
CONFIGURE ALL SOFTWARE AND HARDWARE
Once all software has been installed it will be necessary to ensure that it is configured and this
will include:
• • Creating accounts
• • Entering information
• • Controlling settings
• • Assigning rules
• • Determining operations
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 18 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
DEFINE MANAGING PHASE FOR NETWORK SECURITY DESIGN
The managing phase for the network security design involves a range of management activities
that will ensure that the network security design is operating correctly and is reviewed and
evaluated as required.
NETWORK MANAGEMENT AND SECURITY PROCESS CONTROLS
There is a range of tasks that will need to be conducted during the managing phase of the
security network design, and these may include:
ASSIGN AND MONITOR ROLES AND RESPONSIBILITIES
It will be necessary to ensure that a range of roles and responsibility in relation to the
managing phase of the network design are able to be identified and assigned accordingly.
PLAN AND CONDUCT MAINTENANCE OPERATIONS
It will be necessary to ensure that a range of maintenance operations are able to are identified
and conducted as required, and these may include:
• • Updating components
• • Updating hardware
• • Manual resetting of devices
• • Configuration
• • Updating software
• • Clearing logs
• • Maintaining information that supports the security system
In many cases, the answers to these types of questions will provide the organisation with a
strong understanding as to why attacks occur within the specific network.
Attack areas that the Australian Government has reported: © Sydney City College of Management Pty Ltd RTO: 45203
CRICOS: 03620C Date Revision date Version Page 22 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
ii © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 23 of 63 File Name:
ICTNWK511_Learner Guide May 2019 May 2020 2.0
DETERMINE WHO THE ATTACK MAY COME FROM
Once the analysis into the reasons that attacks occur has been completed the next step of the
research phase for planning and managing network security is to determine who the attacks
may come from. Understanding who and why the attacks on the network are being made can
help in the prevention of these attacks.
WHO ATTACKS MAY COME FROM
Attacks may come from within or outside of the organisation and so may be categorised as:
• • Internal: Internal or “Insider Attack” is a network security breach attempt that
originates from within the organisation. These types of attacks usually involve personnel
accessing information, data or areas that they do not have the authorisation for. In these types
of attacks, it is common for the organisation to lose large amounts of protected and valuable
data.
• • External: External or “Outsider attacks” originates from outside the perimeter of the
organisation, these types of attacks may be very varied in their impact or attempt and can
include pranksters, amateur hackers, organised crime, politically motivated attacks, internal or
international terrorists and other hostile government-affiliated agencies.
Answering these questions will allow for the assessment of who may attack the network this
information will aid in selecting appropriate protection methods. © Sydney City College of Management Pty Ltd RTO:
45203 CRICOS: 03620C Date Revision date Version Page 24 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
ANALYSE COMMON TYPES OF NETWORK VULNERABILITIES
Network vulnerabilities are those that may be the focus of an attack, and it is important to
understand how these attacks work in order to be able to manage and mitigate these risks
successfully.
VULNERABILITIES
Vulnerabilities may include:
AUTHENTICATION AND AUTHORISATION
It is important to understand the difference between the following two security components
and to understand how these may become vulnerabilities for the organisation:
• • Authentication: The purpose of authentication is to ensure that a user’s ID is able to be
verified and that the correct person is obtaining access to the system.
• • Authorisation: The purpose of authorisation is to ensure that a user is authorised to
gain the particular type of access that they are requesting.
FIREWALLS
A firewall is a part of the network security system and may be composed of hardware, software
or both types of components and uses a range of rules and parameters in order to control
access and authority of both ingoing and outgoing network traffic. An insufficient firewall will
be a major vulnerability in the system.
A firewall acts as a protective wall or barrier between a trusted network and a network that is
not known or trusted such as the internet.
Firewalls work on what is called the positive control model and what this means is that all
traffic is denied apart from the traffic that has specific approval. © Sydney City College of Management Pty Ltd RTO: 45203
CRICOS: 03620C Date Revision date Version Page 25 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
Firewalls may include:
• • Hardware appliances
• • Individual PC solutions, with varying functionality:
• • Network address translation (NAT) or internet protocol (IP) masquerading
• • Routing to specific machines
• • Proxy servers
OTHER VULNERABILITIES
There is a range of other vulnerabilities that the network may have, and these could be caused
by:
• • Network design
• • Incompatible hardware
• • Outdated script or code
• • Misconfigured or insufficient security
• • Storage facilities
• • Wi-fi attacks
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 26 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
DETERMINE HOW ATTACKS OCCUR
It will be necessary to determine how attacks occur in order to gain a better understanding of
how they may be mitigated and prevented.
ATTACKS MAY OCCUR USING THE FOLLOWING METHODS
DENIAL OF SERVICE AND BY-PASS
A denial of service or bypass attack is a cyber-attack in which attacker seeks to ensure that a
particular machine or server is unavailable, this can result in holes in the security system and
discrediting or hampering to operational procedures of the organisation. A denial of service
attack may be conducted through the flooding of an authentication procedure with requests
that they are aware are going to be denied, but this will result in the system being overloaded
and unable to approve valid requests.
Diagram of a denial of service attack:
iii
A bypass attack occurs when the attacker attempts to bypass the system authentication system
altogether by hitching a ride or manipulating data. © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C
Date Revision date Version Page 27 of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
EAVESDROPPING
Eavesdropping is a type of electronic attack that involves the interception of data by an
unauthorised individual. It involves the recording of packets of data that are transferred from
one secure point to another; this data may then need to be decoded using cryptographic
programs.
HACKERS
A hacker is a person that uses a range of computer systems and technology in order to gain
unauthorised access to:
• • Communications
• • Systems
• • Data
Hackers may use a range of techniques to target and access systems, and these may include:
• • Key logging
• • Denial of service
• • Waterhole attacks
• • WAP attack
• • Eavesdropping
• • Phishing
• • Trojans
• • Viruses
• • Clickjacking
• • Stealing cookies
• • Switch baiting
IMPERSONATION
Impersonation is a complex security threat that uses the impersonation of a client to a system
in order to meet the security requirements of the authorising body in order to access tokens
and then divert them in order to gain access to the system. Server process and example of
impersonation: © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 28 of 63 File
Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
iv
MANIPULATION
Data manipulation may involve the altering of coding and scripting in order to confuse the
system and to ensure that the system will find a malicious code as normal and allow it through
the system.
PENETRATION
System penetration is the unauthorised penetration of a system through social attacks such as
phishing, spam, spear phishing and baiting. Other methods also include Trojans and viruses.
Each of these methods is used to bypass the security system and gain unauthorised access to a
system, device or data.
VIRUSES
A virus is a small piece of software that is able to piggyback or attach itself to other pieces of
software. This will enable an executable program to run each time the program that it is
attached to, allowing the virus to conduct the operation within the system that it was designed
for.
EMERGING SECURITY ISSUES
There is a range of emerging security issues, and these include:
• • Cloud computing security
• • Multiple device access requirements
• • Wireless area network security
© Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 29 of 63 File Name: ICTNWK511_Learner
Guide May 2019 May 2020 2.0
DESIGN A THREAT MODEL TO CATEGORISE TREATS
It will be necessary to ensure that a suitable threat model is created and used to successfully
and consistently categorise threats.
THREAT MODELLING
Threat modelling is a process that can be used to optimise and plan for network security
through the identification of a range of objectives and vulnerabilities. Threat modelling will
also allow for the defining and categorising of a range of control or preventative risk mitigation
actions that can be undertaken in order to respond to network risks.
v
Another threat model is: © Sydney City College of Management Pty Ltd RTO: 45203 CRICOS: 03620C Date Revision date Version Page 30
of 63 File Name: ICTNWK511_Learner Guide May 2019 May 2020 2.0
vi
CATEGORISE THREATS
It will be necessary to ensure that all of the threats that have been assessed that they are
prioritised in terms of:
• • Urgency
• • Severity
• • Importance
• • Level of controls required
• • Level of control that would be able to be achieved