Andres - Paez - ICTNWK544 - Task 1-2-3 - Attempt 1

ASSESSMENT COVER SHEET STUDENT DETAILS / DECLARATION
Course Name: Advanced Diploma of Information Technology_105133C

Design and implement a security perimeter for ICT
Unit / Subject
networks_ ICTNWK544_T1 2023
Name:
Assessment
Trainer’s Name: Anisul Choudhory 1
No:
 I fully understand the context and purpose of this assessment.

 I am fully aware of the competency standard/criteria against
which I will be assessed.
 I have been given fair notice of the date, time and venue for the
assessment.
I declare that:
 I am aware of the resources I need and how the assessment will
be conducted.
 I have had the appeals process and confidentiality explained to
me.
 I agree that I am ready to be assessed and that all written work
is my own.
Student Name: Andres David Paez Student ID: 209169
Student’s Submission
29 /01 /23
Signature: Date:
ASSESSOR USE ONLY: (ACADEMIC DEPARTMENT)
o First submission: o Satisfactory

o Not
Result: Satisfactory
o Re-submission:
o Satisfactory
o Not
(Attempt ___ ) Satisfactory
Assessor’s
Feedback:
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 1|Page
Abbey College Australia
National Provider No. 91136| CRICOS Registration No. 02658G
Version V1.0 June 2022
Trainer/Assessor Declaration: I declare that I have conducted a
fair, valid, reliable and flexible assessment with this student, and I
have provided appropriate feedback. Date: /
/
Assessor Signature:
ASSESSMENT SUBMISSION RECEIPT: (CAN BE COMPLETED BY ANY DEPARTMENT.)

It is student’s responsibility to keep the assessment submission receipt as a proof of
submission of assessment tasks.
Student Name: Student ID:
Unit / Subject Assessment

Code: No:
Staff Name: Signature:
Department: Date: / /
ASSESSMENT 1
Provide your response to each question in the box below.
Q1: What are the five (5) latest network security issues? Satisfactory
Write 30-60 words for each network security threat. response
Yes No
1. USB and other external media: It is hard to imagine a world without them, but USB
drives and other external media can pose a substantial risk to your company’s network.
2. Insufficient policies: Staff that use company email and Internet facilities for personal
matters should be educated about the dangers this poses to the security of the
organisation’s information.
3. Wireless access points: You would be hard-pressed to find an organisation that
doesn’t leverage the convenience of wireless technology today.
4. Disgruntled employees: Although difficult for IT to identify and mitigate, a

disgruntled employee can be a very – if not the most – serious risk to your company and
its information.
5. Smartphones and tablets: A lost or stolen handheld device poses some serious risks if
not incorporated into your network security policy.
Q2: What is the importance of the network Satisfactory response
security policy for a networked organisation
along with the four (4) steps involved in Yes No
network security policy? Write your answer
in 150-200 words.
Information is the most important commodity for many business organisations.

Network security policies provide several benefits for organisations that are dependent
on information technology.
There are four steps to protect your network from attacks and they are:
1. Implement: The first step is to create and implement a network security system that
provides protection and has sufficient authorization policies.
2. Analyze: Once the network security system is created and implemented, the system
needs to be analyzed to determine if the current security system is appropriate for the
network it is protecting.
3. Test: When an appropriate network security system is in place, it is time to conduct
tests to make sure all of the securities are working and will completely protect your
network against any threats.
4. Modify: After conducting the tests, collect the data and enhance your protections.
The results will reveal where your security system is effective and where it can be
improved.
Q3: Answer the following questions: Satisfactory
A. What do you mean by penetration testing response
techniques? Write your response in 50-100 words. Yes No
B. What is the importance of penetration testing in
terms of network security? Write your response in
50-100 words.
C. Explain in Network Auditing in 100-150 words.
A. Penetration testing is designed to assess your security before an attacker does.

Penetration testing tools simulate real-world attack scenarios to discover and
exploit security gaps that could lead to stolen records, compromised credentials,
intellectual property, personally identifiable information (PII), cardholder data,
personal, protected health information, data ransom, or other harmful business
outcomes. By exploiting security vulnerabilities, penetration testing helps you
determine how to best mitigate and protect your vital business data from future
cybersecurity attacks.
B. A penetration test is a crucial component to network security. Through these
tests an organisation can identify:
-Security vulnerabilities before a hacker does
-Gaps in information security compliance
-The response time of their information security team, i.e. how long it takes the
team to realize that there is a breach and mitigate the impact
-The potential real-world effect of a data breach or network security attack
-Actionable remediation guidance
Through penetration testing, security professionals can effectively find and test
the security of multi-tier network architectures, custom applications, web
services, and other IT components. These penetration testing tools and services
help you gain fast insight into the areas of highest risk so that you may
effectively plan security budgets and projects.
Network auditing is the collective measures done to analyze, study and

gather data about a network with the purpose of ascertaining its health in accordance
with the network/organisation requirements. Network auditing works through a
systematic process where a computer network is analyzed for:
-Security
-Implementation of control
-Availability
-Management
-Performance
The data is gathered, vulnerabilities and threats are identified, and a formal
audit report is sent to network administrators.
Q4: What are the capabilities of the following: Satisfactory
response
A. Software perimeter solution Yes No
B. Hardware Perimeter solution
Write your response in 200-250 words.
A.
Following are the capabilities of software perimeter solution:
•Configure and control all aspects of your network’s security system.

•Control access using our intelligent identity management tools.
•Protect the network with monitored perimeter security solutions.
Define business policies and enforce compliance across multiple sites.
• Enforce policy and process.
• Manage your workforce.
• Empower personnel.
Ensure compliance and safety.
B.
Hardware Perimeter solution secures networking by protecting the underlying

infrastructure from attack.
1. Platform security ensures that each device is available to perform its intended
function and doesn't become the network's single point of failure. The network
security plan should include antivirus checking and host-based intrusion
detection, along with endpoint compliance, to ensure that security policies
check user devices for required security software.
2. Access security ensures that each user has access to only those network
elements and applications required to perform his job.
Physical security protects the network from physical harm or modification, and
underlies all security practices. The most obvious forms of physical security include
locked doors and alarm systems.
Q5: Explain the reasons for using network Satisfactory response

logging analysis techniques in terms of
network security perimeter issue? Write Yes No
100-150 words for your answer.
Logs are emitted by network devices, operating systems, applications and all manner
of intelligent or programmable device. A stream of messages in time-sequence often
comprise a log. Logs may be directed to files and stored on disk, or directed as a
network stream to a log collector.
Log messages must usually be interpreted with respect to the internal state of its
source (e.g., application) and announce security-relevant or operations-relevant events
(e.g., a user login, or a systems error).
Logs are often created by software developers to aid in the debugging of the operation
of an application or understanding how users are interacting with a system, such as
search engine. The syntax and semantics of data within log messages are usually
application or vendor-specific.
reasons why people use network log analysis techniques are:
3. Compliance with security policies

4. Compliance with audit or regulation
5. System troubleshooting
6. Forensics
7. Security incident response
8. Understanding online user behavior
Q6: What do you mean by organisational Satisfactory response
network infrastructure keeping network
security perimeter in prospect? Write your Yes ✘ No
response in 100-150 words.
Organisational network infrastructure is the hardware and software resources of

an entire network that enable network connectivity, communication, operations
and management of an enterprise network. It provides the communication path and
services between users, processes, applications, services and external
networks/the internet.
Network Security Perimeter addresses network applications such as firewalls and proxy
servers. Somewhere between 70-80% of attacks hit organisations’ internal networks,
so these forms of internal defense are essential.
Properly configured routers can protect against a distributed denial of service (DDoS)
attack, which floods a server and brings operations to a standstill. By blocking packets
with spoofed IPs, network administrators can blunt these attacks. Administrators can
also take steps to prevent their networks from participating in a DDoS attack, in part
through router-based commands.
Other steps include:
-Controlling filter configurations for privileges and use
-Relying on logging that can trace an attack
-Testing filters to ensure that they’re still operating.
ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 10 | P a g e

Q7: What are the five (5) network security Satisfactory response
technologies as per the perimeter design?
Write 30-50 words for each. Yes No
1. Access control: Not every user should have access to your network. To keep out
potential attackers, you need to recognize each user and each device. Then you can
enforce your security policies.
2. Antivirus and antimalware software
"Malware," short for "malicious software," includes viruses, worms, Trojans,

ransomware, and spyware. Sometimes malware will infect a network but lie dormant
for days or even weeks.
3. Firewalls
Firewalls put up a barrier between your trusted internal network and untrusted
outside networks, such as the Internet. They use a set of defined rules to allow or block
traffic.
4. Intrusion prevention systems
An intrusion prevention system (IPS) scans network traffic to actively block attacks.
Cisco Next-Generation IPS(NGIPS) appliances do this by correlating huge amounts of
global threat intelligence to not only block malicious activity but also track the
progression of suspect files and malware across the network to prevent the spread of
outbreaks and reinfection.
5. VPN
A virtual private network encrypts the connection from an endpoint to a network,

often over the Internet.

Q8: What are the weaknesses of the following Satisfactory response
perimeter designs:
Yes No
A. Firewall
B. VPN
Write 50-100 words for each
A. You must also consider the following firewall weaknesses when designing
network security perimeter:
- Firewalls are only as effective as the rules they are configured to enforce. An overly
permissive rule set will diminish the effectiveness of the firewall.
- Firewalls cannot stop social engineering attacks or an authorized user intentionally

using their access for malicious purposes.

- Firewalls cannot enforce security policies that are absent or undefined.
- Firewalls cannot stop attacks If the traffic does not pass through them
B. Of course, no solution is perfect since they can all be weakened by a malicious

hacker, with the VPN is the same, so you must keep in mind the following things: If
the VPN server is compromised by a hacker, this person will be able to see those
that pass through the server, so it is recommended only to trust companies that are
rigorously testing their security.
If someone manages to have the keys to decrypt the packets, another person can
connect between the VPN and you to analyze their movement, this can be
mitigated locally with antivirus and other protection programs, while the VPN
server will have to protect itself once again.
Q9: What are the six (6) best practices for Satisfactory response
deployment of firewalls as network security
perimeter device? Write your answer in Yes No
130-180 words.

1. There are different types of firewalls, and each has its place in the enterprise.
Packet filters are easier to deploy and less expensive, but application layer
gateways provide more robust protection for critical systems.
2. Firewalls cannot protect against application mis-configuration.
3. One firewall is rarely sufficient protection. Firewalls should be deployed to
create "zones" of authorized types of traffic, separating applications into groups
of related security requirements.
4. Firewalls may be useful for protecting internal systems, such as those in the
data center, from internal misuse, in addition to their traditional role of
protecting public servers from the dangers of being accessible from the
Internet.
5. While deploying multiple firewalls generally increases security levels, firewalls
should not be over-deployed. As with other systems and devices, they have a
point of diminishing returns where over-zealous deployments eventually fail to
provide any return on investment.
6. Firewalls should be coupled with other technologies, such as intrusion detection

system (IDS) products.

Q10: Summarise the configuration of the three Satisfactory response
legged firewall in simple words. Also use a
screenshot to explain the three legged Yes No
firewall network.
Three legged firewall means you need an additional network adapter in your firewall
box for your DMZ. The firewall is then configured to route packets between the
outside world and the DMZ differently than between the outside world and the
internal network.

The three-legged setup can also give you the ability to have a DMZ if you're stuck with
the simple topology outlined first (dual homed firewall). Replace "router" with
"modem," and you can see how this is similar to the simple topology (dual homed
firewall), but with a third leg stuck on the side :)
If you're being forced or have chosen to IP masquerade, you can masquerade the
machine or machines in the DMZ too, while keeping them functionally separate from
protected internal machines. People who have cable modems or static PPP connections
can use this system to run various servers within a DMZ as well as an entire internal
network off a single IP address. It's a very economic solution for small businesses or
home offices.

Q11: What are the four (4) best practices for Satisfactory response
firewall rules configuration including allow
access? Write 150-200 words for your Yes No
response.
1. Block by default
Block all traffic by default and explicitly allow only specific traffic to known services.
This strategy provides good control over the traffic and reduces the possibility of a
breach because of service misconfiguration.
2. Allow specific traffic
The rules that you use to define network access should be as specific as possible. This
strategy is referred to as the principle of least privilege, and it forces control over
network traffic. Specify as many parameters as possible in the rules.

A layer 4 firewall uses the following parameters for an access rule:
- Source IP address (or range of IP addresses)

- Destination IP address (or range of IP addresses)
- Destination port (or range of ports)
3.Specify source IP addresses
If the service should be accessible to everyone on the Internet, then any source IP
address is the correct option. In all other cases, you should specify the source address.
4. Specify the destination IP address
The destination IP address is the IP address of the server that runs the service to which
you want to allow access. Always specify which server (or group of servers) can be
accessed.

Q12: What are the four (4) types of controls Satisfactory response
which firewalls provide as their advanced
function? Write your answer in 100-150 Yes No
words.
1. Service control: Determines the types of Internet services that can be accessed,
inbound (packets which are coming inside the network) or outbound(packets which
are going outside the network).
2. Direction control: Determines the direction in which particular service requests
may be initiated and allowed to flow through the firewall.
3. User control: Controls access to a service according to which user is attempting
to access it.This feature is typically applied to users inside the firewall perimeter
(local users).It may also be applied to incoming traffic from external users.
4. Behavior control: Controls how particular services are used.For example,the
firewall may filter e-mail to eliminate spam,or it may enable external access to
only a portion of the information on a local Web server.

Q13: What are the reasons to back up of Satisfactory response
configuration of a firewall? Write 100-150
words for your response. Yes No
Creating configuration backups enables you to later HYPERLINK

"https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/firewall-
administration/restore-a-configuration" \l "_48230"Restore a Configuration. This is
useful when you want to revert the firewall to all the settings of an earlier
configuration because you can perform the restoration as a single operation instead
of manually reconfiguring each setting in the current configuration. You can either
save backups locally on the firewall or export backups to an external host.
When you commit changes, the firewall automatically saves a new version of the
running configuration. If a system event or administrator action causes the firewall to
reboot, it automatically reverts to the current version of the running configuration,
which the firewall stores in a file named running-config.xml.

Q14: What are the eight (8) factors to consider while Satisfactory response
designing and configuring firewall migration in
Yes No
order to continue the service in case of update
or device failure? Write 20-40 words for each
factor.
1. Hire a professional vs staff resource - obviously depends on budget. Even if you

have a 3rd party perform the migration you will still need to manage the new
security infrastructure. Provide vendor training or self-study materials.
2. Audit configuration - This is perhaps the the most important step. A migration is a
project and the configuration defines your connectivity requirements. Do NOT rebuild
the configuration from scratch.
3. Translate configuration - your current configuration needs to be rewritten using the

syntax of the new firewall (assuming changing vendors). How much time will it take?
Can it be done manually or using automated tools? Are the tools reliable?
4. Compose Acceptance Tests - in the past I've written Acceptance Test Plans to just
ensure the basic setup is working fine "post" migration. A laundry list of sorts.
5. Schedule "lock out"period for changes - communicate a "freeze" period for any/all
firewall changes prior to the actual migration. Time period could range between 3 days
to 3 months depending on environment.
6. Define roll back procedure - Imagine things go bad, the maintenance window runs
out, and you are dead tired. You still have to roll back the previous firewall to make
sure everything is working prior to the migration. Make a plan. Hint: Keep the legacy
firewall in the rack.
7. Migration & Testing - This is when your acceptance test checklist is used. Work
closely with your system admins. These are the team members responsible for ALL the

services and they must validate that all applications work as expected.
8. Monitoring - There will likely be problems after a migration. Once a manager

accepts this fact they can manage the stress of any migration more effectively. Its
important to support the operations team after a migration.

Q15: What are the steps involved for configuring site Satisfactory
to site Virtual Private Networks (VPNs)? Write response
your answer in 130-170 words. Yes No
1. Make sure that your Ethernet interfaces, virtual routers, and zones are configured
properly.
2. Create your tunnel interfaces. Ideally, put the tunnel interfaces in a separate zone, so
that tunneled traffic can use different policies.
3. Set up static routes or assign routing protocols to redirect traffic to the VPN tunnels.
To support dynamic routing (OSPF, BGP, RIP are supported), you must assign an IP
address to the tunnel interface.
4. Define IKE gateways for establishing communication between the peers across each
end of the VPN tunnel; also define the cryptographic profile that specifies the protocols
and algorithms for identification, authentication, and encryption to be used for setting
up VPN tunnels in IKEv1 Phase 1.
5. Configure the parameters that are needed to establish the IPSec connection for
transfer of data across the VPN tunnel
6. (Optional) Specify how the firewall will monitor the IPSec tunnels.
7. Define security policies to filter and inspect the traffic.

response
A. What are the two (2) components required to Yes No
configure remote access VPN? Write your answer in
100-150 words.
B. What might be the reason for setup of VPN Tunnel?

Write your response in 50-100 words.
A. There are two components required in a remote-access VPN. The first is

a network access server (NAS, usually pronounced "nazz" conversationally), also
called a media gateway or a remote-access server (RAS). (Note: IT professionals
also use NAS to mean network-attached storage.) A NAS might be a dedicated
server, or it might be one of multiple software applications running on a shared
server. It's a NAS that a user connects to from the HYPERLINK
"https://computer.howstuffworks.com/internet/basics/internet-
infrastructure.htm"Internet in order to use a VPN. The NAS requires that user
to provide valid credentials to sign in to the VPN.
The other required component of remote-access VPNs is client software. In other

words, employees who want to use the VPN from their computers require software
on those computers that can establish and maintain a connection to the VPN.
Most operating systems today have built-in software that can connect to remote-
access VPNs, though some VPNs might require users to install a specific application
instead.

B. There are many reasons you might want to set up a VPN tunnel. The first reason
many people use this for is to encrypt a TCP/IP connection from an application to a
server. Some applications, mainly ones based on a client/server protocol, need to
connect to a database server to access their data. Using a tunnel is an excellent way
to not only make the connection easier for the end user but also to secure the
communications.
The second reason is that you want to encrypt all of your traffic leaving some
location. A tunnel can be set up, by using a regular or transparent proxy, to transfer
all of your Internet data via that tunnel.

response
A. What are the VPN connectivity issues? Yes No
B. List the steps involved in resolving VPN connectivity
issues.
Write your response in 100-150 for the answers.
A. Using a VPN can be a great way to open the internet, but it can also introduce
problems to your usual connection. Some common issues include:
-Your VPN server not responding
- The internet service you are trying to access blocking your VPN
- Old VPN packages interfering with new ones
- Over-protective firewalls halting your connection
B. Steps involved in resolving VPN connectivity issues

-Restart the VPN Software
-Clear your Device of Old VPN Software
-Make Sure Your VPN is Up To Date
-Make Use of the VPN’s Help Function
-Change the VPN Server
-Connect Using a Different VPN Protocol
-Check Your Firewall
-Make Sure Your VPN is Compatible with the Site or Service

Q18: Summarise the following test functionality for the Satisfactory
following: response
Yes No
A. Basic VPN tests
B. Advanced VPN Tests
Write 100-150 words for each test.
A.
Test for VPN leaks
To test for active leaks, simply connect to a VPN server and visit the test site. You are
checking to see how the VPN performs when the tunnel is active and stable.
You can also simulate different interruptions to see how well the VPN does if network
connectivity drops. For example:
1. Connect to a VPN server and load ipleak.net in your internet browser.

2. Manually interrupt your internet connection (disconnect the ethernet cable or
WiFi) while the VPN client is running.
Reconnect to the internet and also load a few different test websites to see if your VPN
is leaking upon reconnection.
B.
Advanced VPN Tests
DNS leaks
The Domain Name System (DNS) is a system for converting URLs, such as
restoreprivacy.com, into a numerical IP address, such as 205.251.197.66.
Without a VPN, this translation process is handled by your internet service provider
(ISP). But this can be problematic because your DNS requests are clear text logs of every
website you visit.

Testing sites:
1. Perfect Privacy DNS Leak Test (This site seems to detect DNS leaks when other
websites do not find problems. Below the tests results you can also find a
detailed explanation of DNS leaks.)
2. IP/DNS Test at ipleak.net (This is another DNS leak test tool that also includes IP
address leak results.)

response
A. What are the six (6) common network security Yes No
breaches and their solution? Write your response in 100-
150 words.

B. What are the different steps involved in documenting
the test results? Write your response in 50-100 words.
A.
1. Type of breach: Theft of hardwarePrevention: Make sure hardware is physically

safeguarded at all times.
2. Type of breach: Insecure storage or transfer of sensitive informationPrevention: Make

sure data remains encrypted during both storage and transfer and maintain control
over who has access to folders.
3. Type of breach: Password hack or leakPrevention: Use only secure, cryptic passwords
and use different passwords for different levels of confidentiality.
4. Type of breach: Missing patches or updatesPrevention: Make sure all systems within
the network are regularly updated with the latest patches.
5. Type of breach: Virus or malwarePrevention: Implement antivirus and anti-malware

software and make sure it’s regularly updated.
6. Type of breach: Risky or ill-configured softwarePrevention: Block the installation of

software that is unapproved for company use.
B.
Documenting Testing involves the following steps:
-Do everything right (bullet points to track what was done for repeatability)

- any failures - record results (screen cap, log files, etc), and stated expected
result
Full pass - record available results
• Make easy errors (wrong password, bad part, hit buttons in the wrong order,
etc)
• record steps and results
• Really bollix things up
• record steps taken, expected results, actual results
• Make report on testing
• Include successful tests

• Unsuccessful tests (results vs expected)
• Recommended fixes for problems
-Risks of leaving error conditions unfixed.

ASSESSMENT COVER SHEET STUDENT DETAILS / DECLARATION:

Design and implement a security perimeter for ICT networks_

Unit / Subject
ICTNWK544_T1 2023
Name:
Assessment
No:

assessment.
I declare that:
be conducted.
me.
is my own.
29 /01 /23
Signature: Date:

o Not
o Re-submission:
o Satisfactory
o Not
Assessor’s
Feedback:
Trainer/Assessor Declaration: I declare that I have conducted a Date:


have provided appropriate feedback. /
Assessor Signature: /


Code: No:

Assessment Task 2: Project
Activity 1:
Task 1: (Role Play on requirements of the Perimeter Security)
The IT department needs to correspond with the management of the organisation to

elaborate the requirement of the design and implementation of the perimeter security.
The IT department will organise a meeting and explain the requirements to the General
Manager Operations and one member from the Board of Directors. After the elaboration
of the requirements, they need to complete the minutes of meetings and get it signed off
by all the attendees including the member of Board of Directors to initiate the
implementation.
You will act as the Network Administrator and will elaborate in the meeting (role play)
about the requirements of the implementation of perimeter device. Your assessor/trainer
will act as the Information Systems Manager and will correspond with the management
and the end users in briefing the requirements. Two of the students will act as the General
Manager Operations and the Member of Board of Directors.
In the role-play you need to discuss the following:
 Requirements of the designing and implementation of the Perimeter Security.
 It will include:
o The nature of the security being required by the Bank’s ICT networki
infrastructure
o Level of Security required for the Network

You are required to complete the following meeting minute’s template and submit to your
trainer/assessor.
Meeting minutes template:
Minutes of Meeting: The IT department will organise a meeting and explain the
requirements to the General Manager Operations and one member from the Board of
Directors.
Roles:
 Gathers, interprets and analyses technical and enterprise information to

determine requirements according to client needs
 Uses information and industry related terminology to convey complex technical

information and notes security breaches for client records to clients on technical,
operational, and business-related matters
 Uses a combination of formal, logical planning processes to plan, prioritise and

monitor own work and coordinate processes in liaison with others and within
different contexts

 Makes decisions in relatively complex situations, taking a range of factors into
consideration
 Uses digital technologies and systems safely and securely when implementing
and monitoring a system, with a growing awareness of the permanence and
transparency of all activities
Meeting Objective:
 Building a high performance, high security, failure resistant security perimeter

for an enterprise Information and Communications Technology (ICT) network.
 Clearly debate the topics in the meeting.
 Discuss any other performance criteria to finish the assessment successfully.
 Ensure each team member fully understand the assessment task requirements.
 Clarify and comprehend each team member’s responsibilities.
Attendees:
-Andres
-Lee
-Michael
-Anisul
Venue:
Online Meeting via “ZOOM”
Date: 15/01/2023
No. Points Discussed Actions Suggested Target Date
Related organisational and

1 industry standard security Investigate 02/2023

threats according to
organisational policies and security standards
procedures and regulations,
within educational
industry.
2 Design security perimeter Do research on 2/2023

according to organisational firewall security
requirements according to
organisational
requirements
3 Back up device Accomplish 32023

configuration according to research and
network security enquire other
requirements network entities.
4 Test required functionality Enquire 3/2023

of advanced features employees,
according to network managers within
security requirements the organization
to expose network
security
5 Each member’s roles and Job roles specific 3/2023

responsibilities based on personal
knowledge and
network security
6 Identifies digital systems Ask the network 03/2023

and tools are used or could security team
be used to achieve work member to give
presentation
about to digital

systems.
7 Discuss and establish the A draft will be 03/2023

policies and procedures prepared for the
about network security person in charge
requirements.
8 Debate the reviewing Prepare programs 03/2023

procedure of training to access and
progress. review the
progress of cyber
security
awareness within
the organization.
9 Discuss any other potential Monitoring 01/2022

performance criteria for continuously
the assessment. reviewing and
training.
Signature of attendee 1: Andres Signature of attendee 2:Lee
Signature of attendee 3: Michael Signature of attendee 4:Anisul
Activity 2:

Template 1: Report on Planning and designing of the Firewall Solution as perimeter
security
Purpose: A perimeter firewall is a security application that defends the boundary

between an organization's private network from public networks such as the internet.
You can implement a perimeter firewall as either software, hardware or both to act as
the first line of defense in enterprise security.
Department: IT Security Network
Stakeholders: Andres, Lee, Michael and Anisul
Supervised by: Anisul
Network Security Threats:
Kinds of Different Network Threats
Logic Attacks
The majority of security professionals group the various threats to network security in
one of two significant categories. Either they are logic attacks or resource attacks.
Logic attacks are famed for taking advantage of already extant vulnerabilities and bugs
in programs with the stated intention of causing a system to crash. There are cyber
criminals who exploit this attack with the intention of willfully gaining illegal access to
the system, or alternatively of downgrading the performance of a given network.
An example of this type of exploiting weaknesses inherent in platforms and software

includes the Microsoft PNP MS05-039 vulnerability to overflow. Such an attack revolves
around the intruder taking advantage of a stack overflow found in the Windows Plug
and Play, or PnP, service. This can be carried out against the Windows 2000 operating
system without possessing a legitimate user account.
A second example of such a threat to network security concerns the notorious ping of
death. In this vile attack, the perpetrator dispatches ICMP packets off to a system which
will be greater in size than the maximum allowed capacity.
The majority of these sorts of assaults are simply avoided by upgrading software which
proves to be vulnerable or by filtering out particular packet sequences.
Resource Attacks
The second classification of network security threats are resource attacks. Such assaults
are primarily meant to overwhelm important system resources, like RAM and CPU
resources. This is principally accomplished via dispatching numerous forged requests or
IP packets to the network in question.
The vile cyber-criminal is capable of launching a greater and more potent assault in
compromising the integrity of a multitude of hosts and then installing malicious forms
of software. This type of exploit typically results in what is well-known as a botnet or a
zombie. Once the botnet attack has been successful, the assailant is then capable of
launching off additional later assaults from literally thousands of these zombie infected
machines, all with the end goal of compromising a single target victim.
Such malicious programs typically hold the code for starting a myriad of different
attacks, along with a typical infrastructure for communications which allows them to
successfully operate under a remote control feature.
Trojan Horse Viruses
A Trojan Horse proves to be malware which is not self-replicating. Typically, such

viruses are terribly cunning, in that they seem like they are performing a desirable task
for the user. In reality though, they are making possible illegal access on to the user in
question’s computer system. The term itself comes from the Trojan Horse story
in Homer’s Illiad from Greek mythology.
These viruses are intended solely to permit the computer hacker the ability to remotely
access the targeted computer. This is accomplished easily after such a Trojan horse is
installed on the computer. Such operations which the cyber hacker is then able to
engage in on the machine are limited by the Trojan horse’s design, as well as by user

privileges on the computer in question. They include the following:
 Stealing of data, such as credit card data or passwords
 Utilization of the computer as a portion of a botnet attack, for spamming or

creating Denial of service attacks
 Uploading or downloading of files
 Software installation, such as additional malware
 Keystroke logging
 Deletion or modification of files
 Wasting of computer storage and memory resources
 Viewing the screen of the user
 Causing the computer to crash
Worms
Computer worms are computer program malware which are self-replicating. They
utilize a computer network in order to dispatch copies of themselves to other
computers using the network. They are different from computer viruses in that they are
not required to be attached to any existing programs.
Worms practically always create some harm for a computer network, even if it is just in
eating-up available bandwidth. This is different from viruses, which typically modify
files or corrupt them entirely on the computer in question.
Worms are far more harmful when they do more than simply replicate themselves onto
other computers. In these cases, they may eliminate files on the host system, as
with ExploreZipworms; execute a crypto-viral extortion attack, in which they encrypt
various files on a computer; or even dispatch out documents using the email system. A
common use for worms lies in their installing back doors on the harmed computer for
the purpose of creating a zombie computer which the worm author then controls.
Seek Out and Destroy
The first thing which must be done in training a person’s employees lies in uncovering
network security threats through attaining network visibility. Although this sounds
intuitive, it is not always. One can not hope to defend against something, or eliminate

something, that he or she is not able to even see. Such a necessary level of visibility in a
network is able to be attained utilizing features which already exist in devices that a
person already possesses.
Alternatively, the individual could develop strategic diagrams which completely

illustrate packet flows, as well as the locations within a network where the user could
succeed in putting into place security mechanisms that will clearly and correctly
ascertain and deal with possible threats to security.
The company or organisation has to set up a baseline for normal patterns and activity of
the network so that unusual and atypical activities may be detected, along with possible
threats to network security.
NetFlow, and other similar types of mechanisms, may be integrated into the
organisation’s infrastructure in order to aid in efficiently and properly ascertaining and
classifying the different types of problems. Before beginning to put this kind of system
into place, the user ought to conduct some form of network traffic analysis in order to
truly appreciate the patterns and rates of typical traffic on his or her network. With a
successful detection system, such learning happens over a significant amount of time
that encompasses both the valleys and the peaks of all network activities.
Perimeter Security Options:
A perimeter is the fortified boundary of the network that might include the following
aspects:
 Border routers
 Firewalls
 IDSs
 IPSs
 VPN devices
 Software architecture
 DMZs and screened subnets
Let's take a look at these perimeter components in closer detail.
Border Routers

Routers are the traffic cops of networks. They direct traffic into, out of, and within our
networks. The border router is the last router you control before an untrusted network
such as the Internet. Because all of an organisation's Internet traffic goes through this
router, it often functions as a network's first and last line of defense through initial and
final filtering.
Firewalls
A firewall is a chokepoint device that has a set of rules specifying what traffic it will
allow or deny to pass through it. A firewall typically picks up where the border router
leaves off and makes a much more thorough pass at filtering traffic. Firewalls come in
several different types, including static packet filters, stateful firewalls, and proxies. You
might use a static packet filter such as a Cisco router to block easily identifiable "noise"
on the Internet, a stateful firewall such as a Check Point FireWall-1 to control allowed
services, or a proxy firewall such as Secure Computing's Sidewinder to control content.
Although firewalls aren't perfect, they do block what we tell them to block and allow
what we tell them to allow.
Intrusion Detection Systems
An IDS is like a burglar alarm system for your network that is used to detect and alert on
malicious events. The system might comprise many different IDS sensors placed at
strategic points in your network. Two basic types of IDS exist: network-based (NIDS),
such as Snort or Cisco Secure IDS, and host-based (HIDS), such as Tripwire or ISS
BlackICE. NIDS sensors monitor network traffic for suspicious activity. NIDS sensors
often reside on subnets that are directly connected to the firewall, as well as at critical
points on the internal network. HIDS sensors reside on and monitor individual hosts.
In general, IDS sensors watch for predefined signatures of malicious events, and they
might perform statistical and anomaly analysis. When IDS sensors detect suspicious
events, they can alert in several different ways, including email, paging, or simply
logging the occurrence. IDS sensors can usually report to a central database that
correlates their information to view the network from multiple points.
Intrusion Prevention Systems
An IPS is a system that automatically detects and thwarts computer attacks against
protected resources. In contrast to a traditional IDS, which focuses on notifying the
administrator of anomalies, an IPS strives to automatically defend the target without
the administrator's direct involvement. Such protection may involve using signature-
based or behavioral techniques to identify an attack and then blocking the malicious
traffic or system call before it causes harm. In this respect, an IPS combines the
functionality of a firewall and IDS to offer a solution that automatically blocks offending

actions as soon as it detects an attack.
As you will learn in Chapter 11, "Intrusion Prevention Systems," some IPS products exist
as standalone systems, such as TippingPoint's UnityOne device. Additionally, leading
firewall and IDS vendors are incorporating IPS functionality into their existing products.
Virtual Private Networks
A VPN is a protected network session formed across an unprotected channel such as the
Internet. Frequently, we reference a VPN in terms of the device on the perimeter that
enables the encrypted session, such as Cisco VPN Concentrator. The intended use might
be for business partners, road warriors, or telecommuters. A VPN allows an outside
user to participate on the internal network as if connected directly to it. Many
organisations have a false sense of security regarding their remote access just because
they have a VPN. However, if an attacker compromises the machine of a legitimate
user, a VPN can give that attacker an encrypted channel into your network. You might
trust the security of your perimeter, but you have little control over your
telecommuters' systems connecting from home, a hotel room, or an Internet café.
Similar issues of trust and control arise with the security of nodes connected over a VPN
from your business partner's network.
Software Architecture
Software architecture refers to applications that are hosted on the organisation's

network, and it defines how they are structured. For example, we might structure an e-
commerce application by splitting it into three distinct tiers:
The web front end that is responsible for how the application is presented to the user
The application code that implements the business logic of the application
The back-end databases that store underlying data for the application
Software architecture plays a significant role in the discussion of a security

infrastructure because the primary purpose of the network's perimeter is to protect the
application's data and services. When securing the application, you should ensure that
the architecture of the software and the network is harmonious.
De-Militarized Zones and Screened Subnets
We typically use the terms DMZ and screened subnet in reference to a small network
containing public services connected directly to and offered protection by the firewall or
other filtering device. A DMZ and a screened subnet are slightly different, even though

many people use the terms interchangeably. The term DMZ originated during the
Korean War when a strip of land at the 38th parallel was off-limits militarily. A DMZ is
an insecure area between secure areas. Just as the DMZ in Korea was in front of any
defenses, the DMZ, when applied to networks, is located outside the firewall. A firewall
or a comparable traffic-screening device protects a screened subnet that is directly
connected to it. Remember this: A DMZ is in front of a firewall, whereas a screened
subnet is behind a firewall. In the context of this book, we will adhere to these
definitions.
A screened subnet is an isolated network that is connected to a dedicated interface of a

firewall or another filtering device. The screened subnet is frequently used to segregate
servers that need to be accessible from the Internet from systems that are used solely
by the organisation's internal users. The screened subnet typically hosts "public"
services, including DNS, mail, and web. We would like to think these servers are bastion
hosts. A bastion is a well-fortified position. When applied to hosts on a network,
fortifying involves hardening the operating system and applications according to best
practices. As attacks over time have shown, these servers are not always well fortified;
in fact, they are sometimes vulnerable despite being protected by a firewall. We must
take extra care fortifying these hosts because they are the target of the majority of
attacks and can bring the attacker closer to accessing even more critical internal
resources.
Security Perimeter as per Organisation’s Requirements:
Firewalls:
The Importance of a Firewall
Few businesses would choose to operate without a series of locks, alarms and security
cameras to protect their premises and inventory from intrusions and theft. Protecting
your computer systems is equally important, to prevent malicious users from disrupting
your operations or -- even worse -- stealing your private data or intellectual property.
One of the key tools used for computer security is a firewall, and few companies can
afford to operate without one.
Potential Intrusions
Any network or standalone computer that's connected to the Internet, or any other
external network, is potentially at risk for an attack. These can take many forms,
depending on the attacker's skills and motivation. Some malicious software, or
malware, diverts a portion of your hardware and bandwidth to its own uses, such as
hosting pirated software or pornography. Other programs might delete crucial data or
bring down your network. Criminals could gain access to your network, then charge

purchases to your company credit cards or siphon money from your accounts.
Unscrupulous competitors could access your proprietary information or vendor and
customer data, gaining a crucial advantage.
Firewall Basics
No single product or service will provide you with complete security, but a firewall is
one of the cornerstones of any network security strategy. Think of it as the electronic
equivalent of a sentry at the gate. It inspects all the data passing in or out of the
network, ensuring that the traffic is legitimate. When properly configured, a firewall
should allow your users access to all the resources they need while still keeping out any
malicious users or programs.
Hardware Firewalls
One way to provide firewall protection is through a separate piece of hardware that's
placed between the network or user and any outside networks such as the Internet.
Hardware firewalls have several advantages. They use their own preinstalled software
and operating system, so malware based on an OS such as Windows can't attack them.
One hardware firewall can protect every device on the network, without the time and
trouble of configuring them individually. That's also a benefit when you need to
upgrade, since updating one firewall is faster and easier than updating a room full of
computers. Many of your existing network routers probably have firewall functions
built in, if you choose to use them.
Software Firewalls
Firewall software on your network servers or individual computers provide an extra

level of security, and they're often used in conjunction with hardware firewalls. They
enable users with different needs to customize their own levels of protection, including
the ability to allow individual programs access to the Internet -- or not -- on a case-by-
case basis. Alternatively, your network administrator can set up firewall permissions for
individual users or groups of users. That strategy can be used to block or control
employees' access to external websites, either in the interest of productivity or to
prevent employees from using company resources for illegal or unapproved purposes.
Setup
Firewall protection needs to be part of your overall plan for computer security. That
might also include a clear set of written policies about the use of external networks,
bringing disks or flash drives from other computers, and the storage of sensitive data.
Your IT staff might also recommend the use of virus and malware scanners, WPA
security for your wireless network, or some form of encryption for your hard drives and

other data-storage devices. If you don't have the expertise in house to set up and
configure your firewalls, consider hiring an outside consultant to do the setup and
periodic updates. A poorly configured firewall can hamper productivity significantly,
without enhancing your security.
_________________________________________________________________________
____________
Demilitarized Zone (DMZ)
What is a demilitarized zone (DMZ) and why are information security policies so
important?
A demilitarized zone (DMZ) is essentially a network designed to protect an

organisation’s internal network from the untrusted public network, primarily the
Internet. It’s essentially a neutral zone or “buffer” that adds another layer of security to
an organisation’s local area network (LAN). Because computing systems that are often
vulnerable to cyber security attacks are those providing services outside of the LAN (i.e.,
web servers being very common), they’re logically isolated in a DMZ and are “facing”
the untrusted public network. Along with web servers, mail servers and FTP servers are
commonly positioned within a DMZ. Additionally, proxy servers (particularly “web
proxies”, revers proxies, etc.) are often found within the DMZ as they serve as an
intermediary, whereby a client connects to a proxy server for purposes of making a
request, for which the proxy server itself evaluates it.
As for architecture of a DMZ, its best viewed as having firewalls and routers exposed to
the untrusted external network, for which these devices filter traffic accordingly to the
DMZ and the internal network. Simply stated, a properly configured DMZ essentially
blocks traffic from the untrusted external network from entering directly into internal
hosts by vetting, filtering, and applying checks and rules to all traffic. It’s about access
along with protecting systems from exposure to untrusted environments.
Just as important as one’s DMZ architecture is having well-documented information

security policies and procedures in place, such as those for network security, web server
security, user access, change management, along with dozens of other areas. Today’s
growing regulatory compliance laws along with the need for establishing clearly defined
best practices make information security policies and procedures a must-have for any
organisation serious about ensuring the confidentiality, integrity, and availability (CIA)
of critical system resources.

ASSESSMENT COVER SHEET STUDENT DETAILS / DECLARATION:
Unit / Subject
Design and implement a security perimeter for ICT networks_
Name:
ICTNWK544_T1 2023
Assessment
No:

assessment.
I declare that:
be conducted.
me.
is my own.
29 /01 /23
Signature: Date:

o Not
o Re-submission:
o Satisfactory
o Not
Assessor’s
Feedback:

Trainer/Assessor Declaration: I declare that I have conducted a
have provided appropriate feedback. Date: /
/
Assessor Signature:


Code: No:
Assessment Task 3: Project
Project:
Activity 1 - (Deployment of the Perimeter security)
This activity is a continuing from the previous assessment task.
After the detailed elaboration of the requirements for the network security perimeter and
completion of the planning phase by completing the Report, you need to deploy the
perimeter security. For this it has been decided by the IT department that they will
implement the Firewall for the better security of the organisation’s network
infrastructure. The Report in the previous task defines its importance. The
Assessor/trainer will act as the Information Systems Manager and will supervise the

deployment of the perimeter security. While, you need to implement the firewall as per
the requirements of the organisation.
1. Configure the Internet connection
Enable IP on the router.
enable ip
Enable remote assignment so that the router can receive an IP address for the eth0
interface
from a DHCP server.
enable ip remoteassign
Add an IP interface to eth0. Either set it to get its IP address by DHCP:
add ip interface=eth0 ipaddress=dhcp

Or, as a variation, assign a static IP address and a static default route to the eth0 interface
and
a DNS address.
add ip interface=eth0 ipaddress=<ip-address>

add ip route=0.0.0.0 interface=eth0 nexthop=<gateway-address>
set ip nameserver=<nameserver-address>
2. Configure the DMZ interface
Create a DMZ VLAN
create vlan=dmz vid=2
containing switch port 4.
add vlan=2 port=4
Assign the DMZ IP address to this VLAN.
add ip interface=vlan2 ipaddress=<dmz ip address>
3. Partition the LAN
Configure separate VLANs for each of switch ports 1, 2 and 3:
create vlan=vlan3 vid=3

add vlan=vlan3 port=1
Or, as a variation, add multiple ports to a single VLAN.
add vlan=vlan3 port=1,2
Assign IP addresses to the VLANs.
add ip interface=vlan3 ipaddress=<vlan3-ip-address>

4. Enable the Firewall
Enable the firewall.
enable firewall
5. Configure a general firewall for LAN traffic
Create a firewall policy for traffic to and from the private LANs, and allow ICMP
forwarding
(PING).

create firewall policy=lans
enable firewall policy=lans icmp_forwarding=ping
Set eth0 and the DMZ VLAN (vlan2) to be public interfaces.
add firewall policy=lans interface=eth0 type=public

add firewall policy=lans interface=vlan2 type=public
Set the private LANs (vlan3, van4, vlan5) to be private interfaces.
add firewall policy=lans interface=vlan3 type=private

Set enhanced Network Address Translation (NAT) to translate IP addresses for traffic
between the private VLANs and the public eth0 interface.
add firewall policy=lans nat=enhanced interface=vlan3

gblinterface=eth0
gblinterface=eth0
gblinterface=eth0
6. Configure a general firewall for DMZ traffic

Create a firewall policy for traffic to and from the DMZ, and allow ICMP forwarding
(PING).
create firewall policy=dmz

enable firewall policy=dmz icmp_forwarding=ping
Set eth0 and the private LANs (vlan3, van4, vlan5) to be public interfaces.
add firewall policy=dmz interface=eth0 type=public

add firewall policy=dmz interface=vlan3 type=public
Set the DMZ VLAN (vlan2) to be a private interface.
add firewall policy=dmz interface=vlan2 type=private
7. Allow selected traffic to DMZ
The default lans and dmz firewall policies allow all traffic to flow between the private
interfaces, and from the private to the public interfaces, but discards all traffic from public
to
private interfaces.
To allow particular kinds of traffic to flow from the public interface through the firewall to
particular services on the DMZ, use one or more of the following firewall rules, or create
other rules.

Allow HTTP traffic to the DMZ.
add firewall policy=dmz rule=1 action=allow interface=eth0 protocol=tcp port=80

ip=<http-server-address>
Allow SMTP traffic to the DMZ.
add firewall policy=dmz rule=2 action=allow interface=eth0 protocol=tcp port=25

ip=<mail-server-address>
Allow FTP traffic to the DMZ.
add firewall policy=dmz rule=3 action=allow interface=eth0 protocol=tcp port=21 ip=<ftp-

server-address>
Allow all traffic from the private LANs to the DMZ.
add firewall policy=dmz rule=10 action=allow interface=vlan3 protocol=all

Activity 2: (Configuration of a VPN Solution)
TASK 1:
Continuation to the previous tasks, you need to implement and configure a VPN solution
for the organisation’s network infrastructure. The VPN solution will help to secure the
connectivity of the HBL Bank’s head office to the regional offices. The assessor/trainer will

supervise the implementation and the configuration of the VPN solution. You will act as
the Network administrator and will implement the VPN solution:
Configuration
1.1 VPN Pool
First we will configure a pool with IP addresses that we will assign to remote VPN users:
ASA1(config)# ip local pool VPN_POOL 192.168.10.100-192.168.10.200

ASA1(config)# vpn-addr-assign local
1.2 NAT Exemption

ASA1(config)# object network LAN
ASA1(config-network-object)# subnet 192.168.1.0 255.255.255.0
ASA1(config)# object network VPN_POOL

ASA1(config-network-object)# subnet 192.168.10.0 255.255.255.0
ASA1(config)# nat (INSIDE,OUTSIDE) source static LAN LAN destination static VPN_POOL
VPN_POOL
1.3 Group policy

ASA1(config)# access-list SPLIT_TUNNEL standard permit 192.168.1.0 255.255.255.0

ASA1(config)# group-policy VPN_POLICY internal
ASA1(config)# group-policy VPN_POLICY attributes
ASA1(config-group-policy)# dns-server value 8.8.8.8
ASA1(config-group-policy)# vpn-idle-timeout 15
ASA1(config-group-policy)# split-tunnel-policy tunnelspecified
ASA1(config-group-policy)# split-tunnel-network-list value SPLIT_TUNNEL
1.4 Username
ASA1(config)# username VPN_USER password MY_PASSWORD
1.5 IPsec Phase 1
ASA1(config)# crypto ikev1 policy 10

ASA1(config-ikev1-policy)# encryption aes
ASA1(config-ikev1-policy)# hash sha
ASA1(config-ikev1-policy)# authentication pre-share
ASA1(config-ikev1-policy)# group 2
ASA1(config-ikev1-policy)# lifetime 86400
ASA1(config)# crypto ikev1 enable OUTSIDE

ASA1(config)# crypto isakmp identity address
1.6 IPsec Phase 2
ASA1(config)# crypto ipsec ikev1 transform-set MY_TRANSFORM_SET esp-aes esp-sha-

hmac

ASA1(config)# crypto dynamic-map MY_DYNA_MAP 10 set ikev1 transform-set
MY_TRANSFORM_SET
ASA1(config)# crypto map MY_CRYPTO_MAP 10 ipsec-isakmp dynamic MY_DYNA_MAP
ASA1(config)# crypto map MY_CRYPTO_MAP interface OUTSIDE
1.7 Tunnel Group
ASA1(config)# tunnel-group MY_TUNNEL type remote-access

ASA1(config)# tunnel-group MY_TUNNEL general-attributes
ASA1(config-tunnel-general)# address-pool VPN_POOL
ASA1(config-tunnel-general)# default-group-policy VPN_POLICY
ASA1(config)# tunnel-group MY_TUNNEL ipsec-attributes

ASA1(config-tunnel-ipsec)# ikev1 pre-shared-key MY_SHARED_KEY
Verification
Install the VPN client and start it.

Click on New
There are a couple of fields we have to enter here:

 Connection Entry and Description: Fill in whatever you like, these are only used as
a general description of the connection.
 Host: This is the outside IP address of the ASA.
 Name: Enter the tunnel group name here, in our example “MY_TUNNEL”.
 Password: This is the pre-shared key under the tunnel group, not the user
password! In our example this is “MY_SHARED_KEY”.
Click Save to save your settings to get back to the main screen:
Hit the Connect button and you should get a pop-up that requests the user credentials:
Now you can enter the username and password that we created. Click on OK and you
should get connected and see this:

In the bottom of the VPN client you will see that it is connected…excellent!
C:UsersVPN-PC>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : VPN-PC

Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Cisco Systems VPN Adapter for 64-bit Windows
Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2815:c8ae:486:fade%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 419431834
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-FF-B9-9F-00-0C-29-E7-0F-2E
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
C:UsersVPN-PC>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=2ms TTL=255
Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 10ms, Average = 3ms
ASA1# show crypto ipsec sa

interface: OUTSIDE
Crypto map tag: MY_DYNA_MAP, seq num: 10, local addr: 10.10.10.1
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

remote ident (addr/mask/prot/port): (192.168.10.100/255.255.255.255/0/0)
current_peer: 10.10.10.2, username: VPN_USER
dynamic allocated peer ip: 192.168.10.100
dynamic allocated peer ip(ipv6): 0.0.0.0
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4

#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 4, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

TASK 2: (Testing of the Perimeter Solution)
In continuation of the Task 1, perform the testing of the VPN solution. The testing will
help to not only resolve the VPN issues but will also help to enhance the performance of
the perimeter device security. The trainer/assessor will act as the Information Systems
Manager and will supervise the testing process. Once the testing is done, you need to
design a report on the tests results. You need to perform the following tasks for the
testing task and also need to complete the template given below for test results
VPN and Firewall features
1. Block by default
Block all traffic by default and explicitly allow only specific traffic to known services. This
strategy provides good control over the traffic and reduces the possibility of a breach
because of service misconfiguration.
2. Allow specific traffic
The rules that you use to define network access should be as specific as possible. This
strategy is referred to as the principle of least privilege, and it forces control over network
traffic. Specify as many parameters as possible in the rules.
A layer 4 firewall uses the following parameters for an access rule:
3.Source IP address (or range of IP addresses)
4.Destination IP address (or range of IP addresses)
5.Destination port (or range of ports)
6.Specify source IP addresses
If the service should be accessible to everyone on the Internet, then any source IP address
is the correct option. In all other cases, you should specify the source address.
7.Specify the destination IP address
The destination IP address is the IP address of the server that runs the service to which
you want to allow access. Always specify which server (or group of servers) can be
accessed.
Test for VPN leaks
To test for active leaks, simply connect to a VPN server and visit the test site. You are
checking to see how the VPN performs when the tunnel is active and stable.
You can also simulate different interruptions to see how well the VPN does if network
connectivity drops. For example:
1. Connect to a VPN server and load ipleak.net in your internet browser.

2. Manually interrupt your internet connection (disconnect the ethernet cable or
WiFi) while the VPN client is running.
Reconnect to the internet and also load a few different test websites to see if your VPN is
leaking upon reconnection.
Advanced VPN Tests
DNS leaks
The Domain Name System (DNS) is a system for converting URLs, such as
restoreprivacy.com, into a numerical IP address, such as 205.251.197.66.
Without a VPN, this translation process is handled by your internet service provider (ISP).
But this can be problematic because your DNS requests are clear text logs of every
website you visit.
Testing sites:
1. Perfect Privacy DNS Leak Test (This site seems to detect DNS leaks when other
websites do not find problems. Below the tests results you can also find a detailed
explanation of DNS leaks.)
IP/DNS Test at ipleak.net (This is another DNS leak test tool that also includes IP address
leak results.)
Monitoring of the security breaches
Common network security breaches and their solution
1. Type of breach: Theft of hardwarePrevention: Make sure hardware is physically

safeguarded at all times.

2. Type of breach: Insecure storage or transfer of sensitive informationPrevention: Make
sure data remains encrypted during both storage and transfer and maintain control over
who has access to folders.
3. Type of breach: Password hack or leakPrevention: Use only secure, cryptic passwords
and use different passwords for different levels of confidentiality.
4. Type of breach: Missing patches or updatesPrevention: Make sure all systems within
the network are regularly updated with the latest patches.
5. Type of breach: Virus or malwarePrevention: Implement antivirus and anti-malware

software and make sure it’s regularly updated.
6. Type of breach: Risky or ill-configured softwarePrevention: Block the installation of

software that is unapproved for company use.
Penetration Testing:
The term penetration testing (pentesting) refers to processes, tools, and services designed
and implemented for the purpose of simulating attacks and data breaches, and finding
security vulnerabilities.
7 Steps and Phases of Penetration Testing
Our internal pentest checklist includes the following 7 phases of penetration testing:
1. Information Gathering

2. Reconnaissance
3. Discovery and Scanning
4. Vulnerability Assessment
5. Exploitation
6. Final Analysis and Review
7. Utilize the Testing Results
1. Information Gathering
The first of the seven stages of penetration testing is information gathering. The
organization being tested will provide the penetration tester with general information
about in-scope targets.
2. Reconnaissance
KirkpatrickPrice uses the information gathered to collect additional details from publicly
accessible sources.
The reconnaissance stage is crucial to thorough security testing because penetration

testers can identify additional information that may have been overlooked, unknown, or
not provided. This step is especially helpful in internal and/or external network
penetration testing.
3. Discovery and Scanning
The information gathered is used to perform discovery activities to determine things like
ports and services that were available for targeted hosts, or subdomains, available for
web applications.
4. Vulnerability Assessment
A vulnerability assessment is conducted in order to gain initial knowledge and identify any
potential security weaknesses that could allow an outside attacker to gain access to the

environment or technology being tested. A vulnerability assessment is never a
replacement for a penetration test, though.
5. Exploitation
This is where the action happens!
After interpreting the results from the vulnerability assessment, our expert penetration
testers will use manual techniques, human intuition, and their backgrounds to validate,
attack, and exploit those vulnerabilities.
6. Final Analysis and Review
When you work with KirkpatrickPrice on security testing, we deliver our findings in a
report format.
This comprehensive report includes narratives of where we started the testing, how we
found vulnerabilities, and how we exploited them. It also includes the scope of the
security testing, testing methodologies, findings, and recommendations for corrections.
Where applicable, it will also state the penetration tester’s opinion of whether or not your
penetration test adheres to applicable framework requirements.
7. Utilize the Testing Results
The last of the seven stages of penetration testing is so important. The organization being
tested must actually use the findings from the security testing to risk rank vulnerabilities,
analyze the potential impact of vulnerabilities found, determine remediation strategies,
and inform decision-making moving forward.
Below are the most significant penetration tools we used for testing security strength in
our new network.
Wireshark:
Wireshark is a fantastic open-source tool available for operating systems like Windows,
Linux, Solaris, etc. This tool helps the penetration tester capture and understand the
network packets without any hassle. It also makes offline analysis easy and provides
multiple options for live capture.

Metasploit Tool:
This is the maximum used penetration testing tool. It is an open-source tool helping users
cross-check and handle security tests, recognize flaws, put up a defense, etc.
NMAP Tool:
This is commonly known as network mapper and is mostly used to look for loopholes in
the network environment of the enterprise. It is also used for auditing.
Nessus:
It is a trustworthy network penetration testing tool used by lots of companies around the
globe. It aids in scanning IP addresses and websites and finishing sensitive data searches.
John The Ripper Password Cracker Tool:
It is an open-source software used for finding out the dangers present in passwords. This
tool automatically recognizes the various password hashes and finds the errors present in
the password within the database. Its advanced version is available for Mac, Linux, Hash
Suite, and Hash Suite Droid.
Penetration Testing:
Case 2
1. Planning and reconnaissance

The first stage involves:
 Defining the scope and goals of a test, including the systems to be addressed and
the testing methods to be used.
 Gathering intelligence (e.g., network and domain names, mail server) to better
understand how a target works and its potential vulnerabilities.
2. Scanning
The next step is to understand how the target application will respond to various intrusion
attempts. This is typically done using:

 Static analysis – Inspecting an application’s code to estimate the way it behaves
while running. These tools can scan the entirety of the code in a single pass.
 Dynamic analysis – Inspecting an application’s code in a running state. This is a
more practical way of scanning, as it provides a real-time view into an application’s
performance.
3. Gaining Access
This stage uses web application attacks, such as cross-site scripting, SQL
injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit
these vulnerabilities, typically by escalating privileges, stealing data, intercepting traffic,
etc., to understand the damage they can cause.
4. Maintaining access
The goal of this stage is to see if the vulnerability can be used to achieve a persistent
presence in the exploited system— long enough for a bad actor to gain in-depth access.
The idea is to imitate advanced persistent threats, which often remain in a system for
months in order to steal an organization’s most sensitive data.
5. Analysis
The results of the penetration test are then compiled into a report detailing:
 Specific vulnerabilities that were exploited

 Sensitive data that was accessed
 The amount of time the pen tester was able to remain in the system undetected
This information is analyzed by security personnel to help configure an enterprise’s WAF

settings and other application security solutions to patch vulnerabilities and protect
against future attacks.
Ref:
https://www.imperva.com/learn/application-security/penetration-testing/
How Nessus Works
To learn how Nessus and other port-scanning security tools work, it is necessary to
understand different services (such as a web server, SMTP server, FTP server, etc) are
accessed on a remote server. Most high-level network traffic, such as email, web pages,

etc reach a server via a high-level protocol that is transmitted reliably by a TCP stream. To
keep different streams from interfering with each other, a computer divides its physical
connection to the network into thousands of logical paths, called ports. So if you want to
talk to a web server on a given machine, you would connect to port #80 (the standard
HTTP port), but if you wanted to connect to an SMTP server on that same machine you
would instead connect to port #25.
Using Nessus (part 1): Running a Scan
To run a scan, you must have the Nessus server running on some machine, then start up a
Nessus client. The client will look something like this:

The two most important tabs are "Nessusd host", which allows you to enter in the IP
address of the Nessus server you will connect to, as well as the username and password
needed to connect to this server. The other critical tab is labeled "Target Selection". This
is where you specify which host(s) you would like to scan. Each tab and field is covered in
depth on this webpage : http://www.nessus.org/demo/second.html.
Once you are ready to scan, hit the "Start the scan" button.
(note: for other clients, the exact behavior of the client my deviate from what is described
here, but the overall concept is the same).
Using Nessus (part 2): Analyzing the Report
After a scan, Nessus clients typically offer to means to analyze the result. The client itself
will often list each vulnerability found, gauging its level of severity and suggesting to the
user how this problem could be fixed. An example screen is shown below:

Template for Report on TEST Results:
Purpose: . The testing will help to not only resolve the VPN issues but will also help to
enhance the performance of the perimeter device security
Stakeholders: Andres, Lee, Michael and Anisul
Roles and Responsibilities: System Manager, Network Administrator

Role Responsibilities Contact Information
Team Lead  Test process setting Anisul1234@mailserver.com

(Information System up and adjusting
Manager)
 Security test plan
creation
 Test strategy
authoring
 Test activities
tracking
 Giving conclusion
about the quality
Network  Running test cases andrespaez@mailserver.com

Administrator
 Defects authoring
 Test results analysis
 Test reports
creation
Scope of Testing
 Test the basic and advanced functionality of the VPN and Firewall features
 Monitor the performance of the perimeter device along with the monitoring of

the security breaches
 Conduct penetration testing in order to confirm the requirements of the security
Assumptions for Test Execution
Before starting to test the following conditions should be met:
 The test environment is ready and configured appropriately
 The version has been launched on the test environment and the version
notification has been sent to a QA Team Lead
 In the built notification all the features planned for the build are claimed to be
ready.
Test Completion
Criteria In case all the conditions that are indicated below are performed the testing
process supposed to be finished:
 All test cases planned for the current build have been run (except blocked ones)
 All the found defects have been posted to the bug tracking system
 A test result report has been sent to all interested parties
 A conclusion on the quality of the version has been done.
Security requirements analysis
Security requirements analysis is a very critical part of the testing process. On this stage
a test engineer should understand what exactly security requirements are on the
project. Also gaps that exist in the requirements are revealed during the process of
analysis. The security properties which are investigated during this process are the
following:
 User management
 Authentication
 Authorization

 Data confidentiality
 Integrity
 Accountability
 Session management
 Transport security
 Tiered System Segregation
 Privacy
Test Results Report Approval Signatures
I have reviewed the Nessus Test Results Report and accept the analysis and findings
within.
_Michael_____Clayton________________________________
__25-01-2023________
_
{Security Control Assessor Full Name} Date
Security Control Assessor
_AndresPaez____________________________________ _25-01-2023_________
{System Owner Full Name} Date
System Owner

__Anisul_____________________________________ _25-01-2023_________
{Information System Security Officer Full Name} Date
Information System Security Officer
_Lee_Liang_____________________________________ 25-01-2023__________
{Privacy Coordinator Full Name} Date 25-01-2023
Privacy Coordinator


Andres - Paez - ICTNWK544 - Task 1-2-3 - Attempt 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Andres - Paez - ICTNWK544 - Task 1-2-3 - Attempt 1

Uploaded by

Copyright:

Available Formats

ASSESSMENT COVER SHEET STUDENT DETAILS / DECLARATION

Course Name: Advanced Diploma of Information Technology_105133C

 I fully understand the context and purpose of this assessment.

ASSESSOR USE ONLY: (ACADEMIC DEPARTMENT)

o First submission: o Satisfactory

ASSESSMENT SUBMISSION RECEIPT: (CAN BE COMPLETED BY ANY DEPARTMENT.)

Unit / Subject Assessment

Staff Name: Signature:

Provide your response to each question in the box below.

4. Disgruntled employees: Although difficult for IT to identify and mitigate, a

Information is the most important commodity for many business organisations.

A. Penetration testing is designed to assess your security before an attacker does.

-Security vulnerabilities before a hacker does

-Gaps in information security compliance

-The potential real-world effect of a data breach or network security attack

-Actionable remediation guidance

Network auditing is the collective measures done to analyze, study and

Write your response in 200-250 words.

Following are the capabilities of software perimeter solution:

•Configure and control all aspects of your network’s security system.

Hardware Perimeter solution secures networking by protecting the underlying

Q5: Explain the reasons for using network Satisfactory response

reasons why people use network log analysis techniques are:

3. Compliance with security policies

Organisational network infrastructure is the hardware and software resources of

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 10 | P a g e

"Malware," short for "malicious software," includes viruses, worms, Trojans,

4. Intrusion prevention systems

A virtual private network encrypts the connection from an endpoint to a network,

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 11 | P a g e

Write 50-100 words for each

- Firewalls cannot stop social engineering attacks or an authorized user intentionally

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 12 | P a g e

B. Of course, no solution is perfect since they can all be weakened by a malicious

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 13 | P a g e

6. Firewalls should be coupled with other technologies, such as intrusion detection

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 14 | P a g e

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 15 | P a g e

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 16 | P a g e

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 17 | P a g e

- Source IP address (or range of IP addresses)

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 18 | P a g e

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 19 | P a g e

Creating configuration backups enables you to later HYPERLINK

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 20 | P a g e

1. Hire a professional vs staff resource - obviously depends on budget. Even if you

3. Translate configuration - your current configuration needs to be rewritten using the

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 21 | P a g e

8. Monitoring - There will likely be problems after a migration. Once a manager

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 22 | P a g e

7. Define security policies to filter and inspect the traffic.

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 23 | P a g e

B. What might be the reason for setup of VPN Tunnel?

A. There are two components required in a remote-access VPN. The first is

The other required component of remote-access VPNs is client software. In other

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 24 | P a g e

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 25 | P a g e

Write your response in 100-150 for the answers.

-Your VPN server not responding

- Old VPN packages interfering with new ones

- Over-protective firewalls halting your connection

B. Steps involved in resolving VPN connectivity issues

ICTNWK544 Design And Implement A Security Perimeter for ICT Networks 26 | P a g e