ICTNWK608 – Configure Network Devices for a Secure Network InfrastructureStudent Assessment Pack Student and Trainer/Assessor Details Student ID Student name Contact number Email address Trainer/Assessor name .Course and Unit Details Course code ICT60215 Course name Advanced Diploma of Network Security Unit code ICTNWK608 Unit name Configure network devices for a secure network infrastructure Assessment Submission Method ☐ By hand to trainer/assessor ☐ By email to trainer/assessor ☐ Online submission via Learning Management System (LMS) Student Declaration · I certify that the work submitted for this assessment pack is my own. I have clearly referenced any sources used in my submission. I understand that a false declaration is a form of malpractice; · I have kept a copy of this assessment pack and all relevant notes, attachments, and reference material that I used in the production of the assessment pack; · For the purposes of assessment, I give the trainer/assessor of this assessment the permission to: · Reproduce this assessment and provide a copy to another member of staff; and · Take steps to authenticate the assessment, including communicating a copy of this assessment to a checking service (which may retain a copy of the assessment on its database for future plagiarism checking). Student signature: ________________________________ Date: ____/_____/______________Assessment Plan To demonstrate competence in this unit, you must be assessed as satisfactory in each of the following assessment tasks. Evidence recorded Evidence Type/ Method of assessment Sufficient evidence recorded/Outcome Unit Assessment Task 1 Unit Knowledge Test (UKT) S / NS (First Attempt) S / NS (Second Attempt) Unit Assessment Task 2 Unit Project (UP) S / NS (First Attempt) S / NS (Second Attempt) Unit Assessment Task 3 Unit Project (UP) S / NS (First Attempt) S / NS (Second Attempt) Final result C/NYC Date assessed Trainer/Assessor Signature Assessment Conditions Unit purpose/application This unit describes the skills and knowledge required to use software tools, equipment and protocols to configure network devices in the design of the infrastructure of a secure network. It applies to individuals with advanced information and communications technology (ICT) skills who adapt router and switch operating system capabilities to mitigate attacks. No licensing, legislative or certification requirements apply to this unit at the time of publication What the student can expect to learn by studying this unit of competency · Implement layer 2 security · Configure router OS intrusion prevention system (OS-IPS) to mitigate threats to network resources · Configure virtual private networks (VPNs) to provide secure connectivity for site-to-site and remote access communications · Implement network foundation protection (NFP) Training and assessment resources required for this unit of competency The student will ...

1. ICTNWK608 – Configure Network Devices for a Secure
Network InfrastructureStudent Assessment Pack Student and
Trainer/Assessor Details
Student ID
Student name
Contact number
Email address
Trainer/Assessor name
.Course and Unit Details
Course code
ICT60215
Course name
Advanced Diploma of Network Security
Unit code
ICTNWK608
Unit name
Configure network devices for a secure network infrastructure
Assessment Submission Method
☐ By hand to trainer/assessor
☐ By email to trainer/assessor
☐ Online submission via Learning Management System
(LMS)
Student Declaration

2. · I certify that the work submitted for this assessment pack is
my own. I have clearly referenced any sources used in my
submission. I understand that a false declaration is a form of
malpractice;
· I have kept a copy of this assessment pack and all relevant
notes, attachments, and reference material that I used in the
production of the assessment pack;
· For the purposes of assessment, I give the trainer/assessor of
this assessment the permission to:
· Reproduce this assessment and provide a copy to another
member of staff; and
· Take steps to authenticate the assessment, including
communicating a copy of this assessment to a checking service
(which may retain a copy of the assessment on its database for
future plagiarism checking).
Student signature: ________________________________
Date: ____/_____/______________Assessment Plan
To demonstrate competence in this unit, you must be assessed
as satisfactory in each of the following assessment tasks.
Evidence recorded
Evidence Type/ Method of assessment
Sufficient evidence recorded/Outcome
Unit Assessment Task 1
Unit Knowledge Test (UKT)
S / NS (First Attempt)
S / NS (Second Attempt)
Unit Assessment Task 2
Unit Project (UP)
S / NS (First Attempt)
S / NS (Second Attempt)
Unit Assessment Task 3
Unit Project (UP)
S / NS (First Attempt)

3. S / NS (Second Attempt)
Final result
C/NYC
Date assessed
Trainer/Assessor Signature
Assessment Conditions
Unit purpose/application
This unit describes the skills and knowledge required to use
software tools, equipment and protocols to configure network
devices in the design of the infrastructure of a secure network.
It applies to individuals with advanced information and
communications technology (ICT) skills who adapt router and
switch operating system capabilities to mitigate attacks.
No licensing, legislative or certification requirements apply to
this unit at the time of publication
What the student can expect to learn by studying this unit of
competency
· Implement layer 2 security
· Configure router OS intrusion prevention system (OS-IPS) to
mitigate threats to network resources
· Configure virtual private networks (VPNs) to provide secure
connectivity for site-to-site and remote access communications
· Implement network foundation protection (NFP)
Training and assessment resources required for this unit of
competency
The student will have access to the following:
· Learner guide
· PowerPoint presentation
· Unit Assessment Pack (UAP)

4. · Access to other learning materials such as textbooks
The resources required for these assessment tasks also included:
· Access to a computer, the Internet and word-processing system
such as MS Word.
· A site where deployment of network security solution may be
conducted
· A live network (LAN)
· Servers and computers
· Switches and routers
· Hardware and software security technologies
· Security policies and guidelines (as per scenario)
Simulated assessment environments must simulate the real-life
working environment where these skills and knowledge would
be performed, with all the relevant equipment and resources of
that working environment.
Submission instructions
Your trainer/assessor will confirm assessment submission
details for each assessment task.
Academic integrity, plagiarism and collusion
Academic Integrity
Academic Integrity is about the honest presentation of your
academic work. It means acknowledging the work of others
while developing your own insights, knowledge and ideas.
As a student, you are required to:
· undertake studies and research responsibly and with honesty
and integrity
· ensure that academic work is in no way falsified
· seek permission to use the work of others, where required
· acknowledge the work of others appropriately
· take reasonable steps to ensure other students cannot copy or
misuse your work.
Plagiarism
Plagiarism means to take and use another person's ideas and or

5. manner of expressing them and to pass them off as your own by
failing to give appropriate acknowledgement. This includes
material sourced from the internet, RTO staff, other students,
and from published and unpublished work.
Plagiarism occurs when you fail to acknowledge that the ideas
or work of others are being used, which includes:
· Paraphrasing and presenting work or ideas without a reference
· Copying work either in whole or in part
· Presenting designs, codes or images as your own work
· Using phrases and passages verbatim without quotation marks
or referencing the author or web page
· Reproducing lecture notes without proper acknowledgement.
Collusion
Collusion means unauthorised collaboration on assessable work
(written, oral or practical) with other people. This occurs when
a student presents group work as their own or as the work of
someone else.
Collusion may be with another RTO student or with individuals
or students external to the RTO. This applies to work assessed
by any educational and training body in Australia or overseas.
Collusion occurs when you work without the authorisation of
the teaching staff to:
· Work with one or more people to prepare and produce work
· Allow others to copy your work or share your answer to an
assessment task
· Allow someone else to write or edit your work (without rto
approval)
· Write or edit work for another student
· Offer to complete work or seek payment for completing
academic work for other students.
Both collusion and plagiarism can occur in group work. For
examples of plagiarism, collusion and academic misconduct in
group work please refer to the RTO’s policy on Academic
integrity, plagiarism and collusion.
Plagiarism and collusion constitute cheating. Disciplinary

6. action will be taken against students who engage in plagiarism
and collusion as outlined in RTO’s policy.
Proven involvement in plagiarism or collusion may be recorded
on students’ academic file and could lead to disciplinary action.
Other Important unit specific Information
N/A
Unit outcome
· This unit is not graded and the student must complete and
submit all requirements for the assessment task for this cluster
or unit of competency to be deemed competent.
· Students will receive a 'satisfactorily completed' (S) or 'not
yet satisfactorily completed (NS) result for each individual unit
assessment task (UAT).
· Final unit result will be recorded as competency
achieved/competent (C) or competency not yet achieved/not yet
competent (NYC).
Unit Assessment Task (UAT) -1Assessment Task 1 - Unit
Knowledge Test (UKT)
Assessment type:
· Written Questions
Instructions:
· This is an individual assessment.
The purpose of this assessment task is to assess the students’
knowledge required to ensure secure file encryption is selected,
implemented and monitored on a computer network or local
environment.
· To make full and satisfactory responses you should consult a
range of learning resources, other information such as handouts
and textbooks, learners’ resources and slides.
· All questions must be answered in order to gain competency

7. for this assessment.
You may attach a separate sheet if required.
You must include the following particulars in the footer section
of each page of the attached sheets:
· Student ID or Student Name
· Unit ID or Unit Code
· Course ID or Course Code
· Trainer and assessor name
· Page numbers
You must staple the loose sheets together along with the cover
page.
You must attach the loose sheets chronologically as per the
page numbers.
· Correction fluid and tape are not permitted. Please do any
corrections by striking through the incorrect words with one or
two lines and rewriting the correct words.
Resources required to complete the assessment task:
Learner guide
PowerPoint presentation
Unit Assessment Pack (UAP)
Access to other learning materials such as textbooks
Access to a computer, the Internet and word-processing system
such as MS Word.
1. Answer the following questions.
(A). What is VLAN and how will you configure VLAN? Write
basic commands to configure the VLAN.
(B). What are the steps involved in the verification and
troubleshooting for the virtual local area (VLAN) switching?
Use screenshots if required to explain the steps.

8. Question 1: What are the steps involved in the configuration,
verification and troubleshooting for inter-switching
communications? Use screenshots if required to explain the
steps.
1. Explain the five (5) key features of deployment schemes.
Write your answer in 200-250 words.

9. 1. What are the ten (10) steps involved in setting and securing a
firewall?
1. Summarise the following each in 150-200 words.
1. iDevice operating system (iOS)
1. Internet Protocol (IP) Networking Model

10. 1. Explain the steps involved in implementation of the
following.
1. Local Area Network (LAN)
1. Wide Area Network (WAN)
1. A)What is your understanding of Network Address
Translation (NAT)? Write your response in 140-170 words.

11. B) Based on the following figure, write configuration
commends for NAT.
1. Answer the following questions.
A) What is Network Topology? Also, summaries five (5)
models of network topology. Write your response in 240-270
words.
B) Explain the following terms, each in 100-150 words.
1. Network Architectures
2. Network Elements

12. 1. Summarise the following terms use 100-150 words for each.
1. Network Standards
1. Network protocols
1. Explain the following terms using 100-150 words for each.
1. Secure Connectivity

13. 1. Remote Access Communication
1. Answer the following questions.
A) Explain Security Protocol in 130-160 words
B) Summarise Secure Socket Layer (SSL) in detail. Write your
response in 100-150 words.
1. Summarise the threat mitigation strategies in 50-100 words.

14. 1. What is a tunneling protocol? Explain the different types of
tunneling protocols. Write your response in 250-300 words.
1. Summarise the following:
1. VPN
1. EasyVPN
1. Dynamic Multipoint VPN (DMVPN)
1. Virtual Private Network technologies.

15. 1. Answer the following questions.
A) Summarise the process of configuration, verification and
troubleshooting of a Cisco router operation.
B) What are the steps involved in configuring, verifying and
troubleshoot routing.

16. 1. Explain Identity-based networking services (IBNS) in terms
of network security and write down the advantages of IBNS as
well. Write your response in 100-150 words.
1. What are the three (3) benefits of deploying an identity and
access management solution? Write your answer in 150-200
words

17. 1. Answer the following questions.
A) Summarise the term Router’s operating system and its two
(2) types. Write your response in 100-150 words
B) What are the four (4) types of approaches used by IPS for
securing the network from intrusions? Write your response in
150-200 words
C) Summarise two (2) basic types of IPS signatures, each in
50-80 words.
1. Answer the following questions.

18. A) What is your understanding of Context-Based Access
Control (CBAC)? Write your response in 100-150 words.
(B) What is the importance of Network Address Translation to
mitigate the threats to the network? Write your response in 100-
150 words.
(C) Summarise the benefits of implementing a Zone Based
Firewall in 50-100 words.
1. Answer the following questions.
A) Summarise Network Foundation Protection (NFP) and its
features. Write your response in 100-150 words.
(B)What are the benefits of management plane, data plane and
control plane in terms of network security? Write your answer
in 180-220 words.

19. Unit Assessment Task (UAT) -2Assessment Task 2 – Unit
Project (UP)
Assessment type:
Unit Project (UP)
Instructions to complete this assessment task:
· Please write your responses in the template provided.
· You may attach a separate sheet if required.
· You must include the following particulars in the footer
section of each page of the attached sheets:
· Student ID or Student Name
· Unit ID or Unit Code
· Course ID or Course Code
· Trainer and assessor name
· Page numbers
· You must staple the loose sheets together along with the cover
page.
· You must attach the loose sheets chronologically as per the
page numbers.
· Correction fluid and tape are not permitted. Please do any
corrections by striking through the incorrect words with one or
two lines and rewriting the correct words.
· The premise of the project must be closely related to the
previous assessment task.
· This submission must be well presented and follow the
guidelines and instructions provided.
· Please follow the format as indicated in the template section

20. below.
· One of the most important steps that you can take: proofread
your project.
· Project must be of 500-800 words in length, using 11-point
font, double-spaced, and must include a cover page, table of
contents, introduction, body, summary or conclusion, and works
cited.
· Appropriate citations are required.
· All RTO policies are in effect, including the plagiarism
policy.
Scenario: -
HELMA Finance Company is one of the leading finance
companies in Australia and provides its services to a number of
corporate clients. The information relating to the financial
activities of all the clients is of immense importance for the
company and the business relies on the trust developed for
customers in regard of the integrity of the information. HELMA
has always tried to provide best possible solutions to protect its
information. The company’s head office is situated in the CBD
while it has regional offices in Geelong and Ballarat. All the
employees know the importance of the information on which
they are working, along with the integrity and the security
implemented on the information system and the network. All the
employees and users accessing the information work on the
following principles:
· Consider the sensitivity of the information they handle
· Protect information in proportion to its sensitivity by ensuring
that information, whatever its format, is secured by physical or
approved electronic means
· Ensure that they take appropriate action within the appropriate
procedures when there is a breach of policy
For the security and integrity of the information substantial
information security measures have been implemented. The

21. company also have well defined Information Security policies
and procedures and all the employees are obliged to follow
these policies and procedures. Information security is of great
importance to the company to ensure compliance with
legislation and demonstrate that the Company understands and
applies proportionate guidance and process to recording,
storing, processing, exchanging and deleting information.
Should this not be achieved the Company can risk, at worst, the
safety of individuals, loss of financial information, breach of
commercial confidentiality and subsequent financial penalties
from the clients.
There are three main principles to the information security
policy:
All staff must consider the sensitivity of the information they
handle.
All staff must protect information in proportion to its
sensitivity by ensuring that information, whatever its format, is
secured by physical means (such as locking paperwork away or
appropriately archiving it when no longer current) or by using
approved electronic means (such as only using Company IT
equipment).
Managers must ensure this policy is applied within their areas
of work and should also lead by example. This policy is
mandatory.
Any breach of the policy may result in disciplinary action
being taken under the Company’s Disciplinary Procedure. Any
breaches of security (non-compliance with this Policy) must be
reported to the Information Technology Department.
The mandatory requirements of this core policy is based on the
three elements of information security as per the Australian
Information Security legislation:
· Confidentiality: ensuring that information is only accessible to
those authorised to access it
· Integrity: safeguarding the accuracy and integrity of
information and processing methods
· Availability: ensuring that authorised users have access to

22. information and associated assets when required.
It is the policy of the company to ensure:
· Information is protected against unauthorised access.
· Confidentiality of information is maintained.
· Information is not disclosed to unauthorised persons through
deliberate or negligent action.
· The integrity of information is maintained by protection from
unauthorised modification
· Information is available to authorised users when needed.
· Regulatory and legislative requirements are met.
· Contingency plans are produced and tested as far as is
practicable to ensure business continuity is maintained.
· Information Security training is provided for all staff.
· All breaches of information security and suspected weaknesses
are reported, investigated and appropriate action taken.
· Sharing of information with other organisations/agencies is
permitted providing it is done within the remit of a formally
agreed information sharing protocol.
· That there is a fair and consistent approach to the enforcement
of standards of conduct expected from employees when using
social media sites.
· Security incidents must be reported within two business days
· Incident report must be completed if you lose or damage any
ICT equipments
The IT infrastructure is updated according to the requirements
of the information security. But the main threat is to the
network of the information system. The information system
comprises of Data Servers, Server for Financial ERP suite,
desktops, Laptops, Cisco Routers and Switches all connected in
LAN at head office and also a WAN is established for the
connectivity across the head office and regional office. The IT
department is responsible for managing the whole network and

23. Allen-Network Engineer specialises in the implementation of
the IT resources across the network.
The Information Security Officer along with the Network
Engineer ensures that all the users follow the policies and
procedures related to network security. The Users/Employers
are supposed to oblige by the personal device policy especially
those who use their personal hand-held devices or laptops
should not bypass the network security policies.
Personal device policy includes:
· Home worker strictly use home network or pocket Wi-Fi
provided by the organisation
· Do not download unauthorised software’s and files
· Do antivirus check for all the external data storage devices
· Do not write your password in the computer
· Do not share your password with anyone
· Change computer and other devices password within 60 days
Also, no such personal email IDs to be used, social network
sites have already been blocked also downloads to any personal
drives or torrents are strictly prohibited. System policies to
prevent these personal downloads and uploads have already
been implemented on the networked resources using the
authentication server. Failure to oblige information security
policy will result in strict actions. Also, if any user/employee
comes to know about any information leakage or breach, he/she
needs to inform the IT department or by filling the online form
of security incident reporting.
For better security across the network and information system
along with the mitigation of the attacks at Layer 2 and 3, the
services of Mcgrath have been acquired. He is the new
Information Security Officer-ISO. Mcgrath will be responsible
for implementing information security and maintaining the
secure network environment.
The job description of Mcgrath includes the following:
· Actively ensure appropriate administrative, physical and

24. technical safeguards are in place to protect network from
internal and external threats
· Meticulously identify, introduce and implement appropriate
procedures, including checks and balances, are in place to test
these safeguards on a regular basis
· Make it a priority to see that disaster recovery and emergency
operating procedures are in place on network and tested on a
regular basis
· Act as the committed owner of the network security incident
and vulnerability management processes from design to
implementation and beyond
· Define and implement secure network configuration baseline
standards
· Support and administer firewall environments in line with
Network security policy
While the Job description of Allen the Network Engineer
includes:
· Establish the networking environment by designing system
configuration, directing system installation and defining,
documenting and enforcing system standards
· Design and implement new solutions and improve resilience of
the current environment
· Maximise network performance by monitoring performance,
troubleshooting network problems and outages, scheduling
upgrades and collaborating with network architects on network
optimisation
· Undertake data network fault investigations in local and wide
area environments using information from multiple sources
Activity 1: (Analysing Network Security System Requirements)
After having the detail look at the scenario given above, you
need to analyse the requirements for the Network Security
System requirements for the company including the following:
· Purpose

25. · Network security requirements
· Physical security requirements
· Computer security requirements
· Mobile workers and home Workers
· Use of the internet
· Security Incident Reporting
You may need to research related to network security
requirements on the internet. You must complete the network
security requirements template given below for the company as
a part of the activity.HELMA Network Security
RequirementsPurpose
Network Security Requirements
Physical Security Requirements
Computer Security Requirements
Mobile workers and home Workers

26. Use of the internet
Security Incident Reporting
Performance criteria checklist for unit assessment task:
Trainer/ Assessor to complete
Assessment activities to be completed
· Analysing Network Security System Requirements
· For a full project outline, please refer to the student
assessment instructions
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Understood the give scenario and company requirements for
network security
Defined Requirements for security relevant to network security
including the following:
· Purpose
· Network Security
· Physical Security
· Computer Security
· Mobile workers and home Workers
· Use of the internet

27. Defined the security incident reporting
Activity 2: (Implementation of the Layer 2 and 3 Security)
Note: This activity is in continuation of activity 1.
After the analysis of the requirements for the network security
in activity 1, now, you are required to implement the Layer 2
and 3 security on the network to mitigate against the expected
security attacks. This implementation will not only help to
protect the data but will also define the security parameters
while configuring the routers and switches. You will act as
Mcgrath, the Information Security Officer and are required to
perform the following tasks:
· Configuration of the router operating system
· Configure the interface of the router along with the serial
interface
· Configure the hostname and password of the router
· Verify the connectivity
· Configure the router using the Access Control List
· Implementation of the Identity-based Management System on
the network switches using Access control System as the
authentication server
· At the end, you need to ping from host to router and switches
to check the connectivity
· Troubleshoot connectivity issues if any
For configuration and implementing security parameters on the
network along with the mitigation of threats to the network,
consider the following Network diagram to understand the
network topology and components of the network being
implemented at HELMA.

28. This activity is continuation of activity 1. You are required to
participate in a practical demonstration task. You need to
complete this activity in 3 to 5 hours. Additional time will be
given to you for the preparation.
Note: For This activity RTO/Assessor will provide you the
following:
· A site where deployment of network security solution may be
conducted
· A live network (LAN)
· Servers and computers
· Switches and routers
· Hardware and software security technologies
· Security policies and guidelines (as per scenario)
You will work in coordination with the Network Engineer,
Allen which will be performed by the Trainer/assessor, and he
will provide you all the required network infrastructure, router
and switches.
Student must follow vendor instruction for configuration of
Router and implementation of IBMS using ACS.
Your trainer and assessor will observe you during the activity
and complete the performance checklist.
RTO may use only two network computers to check the
connectivity and other performance criteria.
Performance criteria checklist for unit assessment task:
Trainer/ Assessor to complete
Assessment activities to be completed
· Implementation of the Layer 2 and 3 Security
· For a full project outline, please refer to the student
assessment instructions
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Configured the router operating system of the given network

29. diagram
Configured:
· Switches
· Allocated IP address to host and other devices
· Router
· Connect all the devices appropriately
· Interface of the router
Implementation of the Identity-based Management System on
the network switches using Access control System as the
authentication server
Ping from host to router and switches to check the connectivity
Troubleshoot connectivity issues if any
Activity 3: (Configuration of the Intrusion Prevention System)
Note: This activity is in continuation of activity 1 and 2.
Now, you are the Information Security Officer-Mcgrath, and
you need to configure the intrusion prevention system to the
network to mitigate against the network attacks. It is required to

30. implement the firewall on the router that will act as the
intrusion prevention system for the traffic coming from the
internet to the LAN. The firewall is of immense importance and
will help to mitigate attacks by identifying the threats.
Therefore, you need to implement the firewalls for the better
protection of the networked resources and complete the
following tasks for the successful completion of this activity:
· Configure and verify IPS firewall after its analysis to identify
the threats and best way to block them.
· Create, update and tune IPS signature to avoid attacks
· To mitigate against the threats and probable attacks on the
network, configure and verify CBAC and NAT.
· Also configure and verify Zone Based firewall using Uniform
Resource Locator (URL) filtering for better network security.
This activity is continuation of activity 1 and 2. You are
required to participate in a practical demonstration task. You
need to complete this activity in 3 to 4 hours.
Note: For This activity RTO/Assessor will provide you the
following:
· A site where deployment of network security solution may be
conducted
· A live network (LAN)
· Servers and computers
· Switches and routers
· Hardware and software security technologies
· Security policies and guidelines (as per scenario)
You will work in coordination with the Network Engineer,
Allen which will be performed by the Trainer/assessor, and he
will provide you all the required network infrastructure, router
and switches.
Your trainer and assessor will observe you during the activity
and complete the performance checklist.
Performance criteria checklist for unit assessment task:

31. Trainer/ Assessor to complete
Assessment activities to be completed
· Configuration of the Intrusion Prevention System
· For a full project outline, please refer to the student
assessment instructions
Resources required for the unit assessment task
· Unit assessment guide template
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Configured and verify IPS firewall after its analysis to identify
the threats and best way to block them.
Created, updated and tuned IPS signature to avoid attacks
configured and verified CBAC and NAT.
configured and verified Zone Based firewall using Uniform
Resource Locator (URL) filtering for better network security.
Unit Assessment Task (UAT) -3Assessment Task 3 – Unit
Project (UP)
Assessment type:
Unit Project (UP)

32. Instructions to complete this assessment task:
· Please write your responses in the template provided.
· You may attach a separate sheet if required.
· You must include the following particulars in the footer
section of each page of the attached sheets:
· Student ID or Student Name
· Unit ID or Unit Code
· Course ID or Course Code
· Trainer and assessor name
· Page numbers
· You must staple the loose sheets together along with the cover
page.
· You must attach the loose sheets chronologically as per the
page numbers.
· Correction fluid and tape are not permitted. Please do any
corrections by striking through the incorrect words with one or
two lines and rewriting the correct words.
· The premise of the project must be closely related to the
previous assessment task.
· This submission must be well presented and follow the
guidelines and instructions provided.
· Please follow the format as indicated in the template section
below.
· One of the most important steps that you can take: proofread
your project.
· Project must be of 500-800 words in length, using 11-point
font, double-spaced, and must include a cover page, table of
contents, introduction, body, summary or conclusion, and works
cited.
· Appropriate citations are required.
· All RTO policies are in effect, including the plagiarism
policy.

33. Activity 1 (Configuration of VPN)
This activity is continuation of assessment task 2. You are
required to participate in a practical demonstration task. You
need to complete this activity in 3 to 4 hours. Additional time
will be provided for analysis and preparing documentation.
Note: For This activity your RTO/Assessor will provide you
with the following:
· A site where deployment of network security solution may be
conducted
· A live network (LAN)
· Servers and computers
· Switches and routers
· Hardware and software security technologies
· Security policies and guidelines (as per scenario)
Once Layer 2 and Layer 3 have been secured, as you are
Information Security Officer, you are required to implement
Virtual Private Network for remote access of the network
resources and information system. The implementation of the
VPN will provide:
· Enhanced security
· Remote Control
· Sharing Files anytime easily
· Online Anonymity
· Unblock websites and bypass filters
· Better performance
Also, A VPN can save a company money in several situations:
· eliminating the need for expensive long-distance leased lines
· reducing long-distance telephone charges

34. · offloading support cost
Using VPN, each employee must possess the appropriate
networking software or hardware support on their local
network and computers. When set up properly, VPN solutions
are easy to use and sometimes can be made to work
automatically as part of network sign on.
VPN technology also works well with Wi-Fi local area
networking. For HELMA, the use of VPNs will secure wireless
connections to their local access points when working inside the
office. These solutions provide strong protection without
affecting performance excessively.
You are required to implement VPN across the network to
ensure secure connectivity for site to site (head office and
regional offices) and remote access communication. You need
to perform the following tasks:
· Analyse and evaluate the features and functions of Internet
security protocol-IPSec and Generic routing encapsulation-GRE
along with Dynamic Multipoint VPN (DMVPN)
· Configure VPN for site to site secured communication and
also verify its operations
· Implement Secure network access using Secure Socket Layer
(SSL) VPN to deliver remote access
· Analyse, configure and verify Easy VPN on the router
· Implement group encrypted transport (GET) for management
of VPN
Complete the template below for analysis of features and
functions of IPSec, GRE and DMVPN
Template for features and Functions
Features
Functions
IPSec

35. Generic Routing Encapsulation GRE
Dynamic Multipoint VPN (DMVPN)
Performance criteria checklist for unit assessment task:
Trainer/ Assessor to complete
Assessment activities to be completed
· Configuration of VPN
· For a full project outline, please refer to the student
assessment instructions
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Evaluated the features and functions of IPSec, GRE and

36. DMVPN
Completed the given Template
Configured site to site VPN and verified its operations
Implemented SSL VPN
Analysed, configured and verified Easy VPN
Implement group encrypted transport (GET) for management of
VPN
Activity 2: (Implementing Network Foundation Protection)
This activity is continuation of activity 1, you need to
implement Network foundation protection of the company’s
network resources to provide the secured network as per the
requirements and the security policies defined in the scenario.
So, under the supervision of the trainer/assessor complete the
following tasks:
· Analyse the network foundation protection features and
functions
· Use Router OS features for securing management plane, data
plane and control plane

37. · Ensure the integrity of the control plane such that only
legitimate control plane traffic is processed by the network
element
· Ensure that other IP traffic plane packets are properly used in
network
· Ensure that one service type does not impact any other service
type
· Ensure that other IP traffic planes do not impact services plane
traffic
Also, fill the template given below for the analysis of NFP.
You need to complete this activity in 2 to 3 hours. Additional
time will be provided for analysis and preparing documentation.
Note: For This activity RTO/Assessor will provide you the
following:
· A site where deployment of network security solution may be
conducted
· A live network (LAN)
· Servers and computers
· Switches and routers
· Hardware and software security technologies
· Security policies and guidelines (as per scenario)
Template for Features and Functions of NFP
Features
Functions
Network Foundation Protection

38. Performance criteria checklist for unit assessment task:
Trainer/ Assessor to complete
Assessment activities to be completed
· Implementing Network Foundation Protection
· For a full project outline, please refer to the student
assessment instructions
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Implemented NFP
Analysed features and functions of NFP
Secured Management plane, data plane and control plane using
Router OS
Completed the given template

39. End of the Assessment
ICTNWK608-Student Assessment Pack V1.0 September 2019
ICTNWK609 – Configure and Manage Intrusion Prevention
System on Network SensorsStudent Assessment Pack Student
and Trainer/Assessor Details
Student ID
Student name
Contact number
Email address
Trainer/Assessor name
.Course and Unit Details
Course code
ICT60215
Course name
Advanced Diploma of Network Security
Unit code
ICTNWK609
Unit name
Configure and manage intrusion prevention system on network
sensors
Assessment Submission Method
☐ By hand to trainer/assessor

40. ☐ By email to trainer/assessor
☐ Online submission via Learning Management System
(LMS)
Student Declaration
· I certify that the work submitted for this assessment pack is
my own. I have clearly referenced any sources used in my
submission. I understand that a false declaration is a form of
malpractice;
· I have kept a copy of this assessment pack and all relevant
notes, attachments, and reference material that I used in the
production of the assessment pack;
· For the purposes of assessment, I give the trainer/assessor of
this assessment the permission to:
· Reproduce this assessment and provide a copy to another
member of staff; and
· Take steps to authenticate the assessment, including
communicating a copy of this assessment to a checking service
(which may retain a copy of the assessment on its database for
future plagiarism checking).
Student signature: ________________________________
Date: ____/_____/______________Assessment Plan
To demonstrate competence in this unit, you must be assessed
as satisfactory in each of the following assessment tasks.
Evidence recorded
Evidence Type/ Method of assessment
Sufficient evidence recorded/Outcome
Unit Assessment Task 1
Unit Knowledge Test (UKT)
S / NS (First Attempt)
S / NS (Second Attempt)

41. Unit Assessment Task 2
Unit Project (UP)
S / NS (First Attempt)
S / NS (Second Attempt)
Unit Assessment Task 3
Unit Project (UP)
S / NS (First Attempt)
S / NS (Second Attempt)
Final result
C/NYC
Date assessed
Trainer/Assessor Signature
Assessment Conditions
Unit purpose/application
This unit describes the skills and knowledge required to use
appropriate tools, equipment and software to implement an
intrusion prevention system (IPS) on IPS sensors to mitigate
network attacks.
It applies to individuals with advanced information and
communications technology (ICT) skills who are working as
certified IPS specialists, network security specialists and
network security managers.
No licensing, legislative or certification requirements apply to
this unit at the time of publication.
What the student can expect to learn by studying this unit of
competency
· Evaluate the ways IPS sensors are used to mitigate network
attacks
· Select and install IPS sensors and configure essential system
parameters

42. · Tune IPS sensor advanced system parameters to optimise
attack mitigation performance
· Manage security and response of the IPS to network attacks
Training and assessment resources required for this unit of
competency
The student will have access to the following:
· Student guide
· PowerPoint presentation
· Unit Assessment Pack (UAP)
· Access to other learning materials such as textbooks
The resources required for these assessment tasks also included:
· Access to a computer, the Internet and word-processing system
such as MS Word.
· A site or prototype where network installation may be
conducted
· Relevant hardware and software
· Organisational guidelines
· Live network
· An IPS system and its sensors.
Simulated assessment environments must simulate the real-life
working environment where these skills and knowledge would
be performed, with all the relevant equipment and resources of
that working environment.
Submission instructions
Your trainer/assessor will confirm assessment submission
details for each assessment task.
Academic integrity, plagiarism and collusion
Academic Integrity
Academic Integrity is about the honest presentation of your
academic work. It means acknowledging the work of others
while developing your own insights, knowledge and ideas.

43. As a student, you are required to:
· undertake studies and research responsibly and with honesty
and integrity
· ensure that academic work is in no way falsified
· seek permission to use the work of others, where required
· acknowledge the work of others appropriately
· take reasonable steps to ensure other students cannot copy or
misuse your work.
Plagiarism
Plagiarism means to take and use another person's ideas and or
manner of expressing them and to pass them off as your own by
failing to give appropriate acknowledgement. This includes
material sourced from the internet, RTO staff, other students,
and from published and unpublished work.
Plagiarism occurs when you fail to acknowledge that the ideas
or work of others are being used, which includes:
· Paraphrasing and presenting work or ideas without a reference
· Copying work either in whole or in part
· Presenting designs, codes or images as your own work
· Using phrases and passages verbatim without quotation marks
or referencing the author or web page
· Reproducing lecture notes without proper acknowledgement.
Collusion
Collusion means unauthorised collaboration on assessable work
(written, oral or practical) with other people. This occurs when
a student presents group work as their own or as the work of
someone else.
Collusion may be with another RTO student or with individuals
or students external to the RTO. This applies to work assessed
by any educational and training body in Australia or overseas.
Collusion occurs when you work without the authorisation of
the teaching staff to:
· Work with one or more people to prepare and produce work
· Allow others to copy your work or share your answer to an

44. assessment task
· Allow someone else to write or edit your work (without rto
approval)
· Write or edit work for another student
· Offer to complete work or seek payment for completing
academic work for other students.
Both collusion and plagiarism can occur in group work. For
examples of plagiarism, collusion and academic misconduct in
group work please refer to the RTO’s policy on Academic
integrity, plagiarism and collusion.
Plagiarism and collusion constitute cheating. Disciplinary
action will be taken against students who engage in plagiarism
and collusion as outlined in RTO’s policy.
Proven involvement in plagiarism or collusion may be recorded
on students’ academic file and could lead to disciplinary action.
Other Important unit specific Information
N/A
Unit outcome
· This unit is not graded and the student must complete and
submit all requirements for the assessment task for this cluster
or unit of competency to be deemed competent.
· Students will receive a 'satisfactorily completed' (S) or 'not
yet satisfactorily completed (NS) result for each individual unit
assessment task (UAT).
· Final unit result will be recorded as competency
achieved/competent (C) or competency not yet achieved/not yet
competent (NYC).
Unit Assessment Task (UAT)-1Assessment Task 1 - Unit
Knowledge Test (UKT)
Assessment type:
· Written Questions

45. Instructions:
· This is an individual assessment.
The purpose of this assessment task is to assess the students’
knowledge required to ensure secure file encryption is selected,
implemented and monitored on a computer network or local
environment.
· To make full and satisfactory responses you should consult a
range of learning resources, other information such as handouts
and textbooks, students’ resources and slides.
· All questions must be answered in order to gain competency
for this assessment.
You may attach a separate sheet if required.
You must include the following particulars in the footer section
of each page of the attached sheets:
· Student ID or Student Name
· Unit ID or Unit Code
· Course ID or Course Code
· Trainer and assessor name
· Page numbers
You must staple the loose sheets together along with the cover
page.
You must attach the loose sheets chronologically as per the
page numbers.
· Correction fluid and tape are not permitted. Please do any
corrections by striking through the incorrect words with one or
two lines and rewriting the correct words.
Resources required to complete the assessment task:
Student guide
PowerPoint presentation
Unit Assessment Pack (UAP)
Access to other learning materials such as textbooks
Access to a computer, the Internet and word-processing system
such as MS Word.

46. Question 1: Answer the following questions:
A) Explain the steps to setting up a Cisco Router including
configuration and verification/testing.
B) Explain the troubleshooting process for the following issues:
· Console is not responsive
· Traffic does not pass through

47. Question 2: What are the five (5) key features of deployment
schemes? Write your answer in 200-250 words.

48. Question 3: In order to setup network security to the enterprise
level network, firewalls are implemented to mitigate with
network attacks. Summarise are the ten (10) steps involved in
setting and securing firewall.

49. Question 4: Explain the following terms each in 150-200 words.
1. Internetwork operating system (iOS)
2. Internet Protocol (IP) Networking Model
Question 5: What are the steps involved in design and
implementation of the following?
· Local Area Network (LAN)

50. · Wide Area Network (WAN)
Question 6: Summarise the following terms each in 130-180
words.
A. IP Addressing
B. Transmission Control Protocol
C. IP stack

51. Question 7: Summarise the five (5) IPS and IDS deployment
strategies to mitigate network attacks. Write your response in
250-300 words

52. Question 8: Setting up a network for a Network Administrator
requires the basic knowledge of network fundamentals, these
include the topology, architecture and elements of the network
which need to be designed as per the requirements of the
enterprise.
A) What do you understand from the term Network Topology?
Also, summaries five (5) models of network topology. Write
your response in 240-270 words.
B) Explain the following terms, each in 100-150 words.
1. Network Architectures
2. Network Elements

53. Question 9: While studying computer networks, the student
must know the basic terms of network standards and network
protocols. Explain these two terms and write 100-150 words for
each in your response.

54. Question 10: What are the six (6) threat mitigation strategies
required for network security? Write 30-60 words for each
strategy in your response.

55. Question 11: Summarise the two (2) Intrusion Prevention
System sensor technologies. Write 100-150 words for each.

56. Question 12: What is the network function of Transmission
Control Protocol? Write your response in 150-200 words.
Question 13: Summarise virtual private network technologies.
Write your response in 150-200 words.

57. Question 14: Explain the following terms each in 150-200
words.
a) IPS Signatures
b) Meta Signatures

58. Question 15: Describe two legislation, regulations, standards
and codes of practice relevant to the network security? Write
your response in 250-350 words.

59. Question 16: What are the steps involved for the following?
a) Configuration of a Cisco Switch
b) Verify a Switch
c) Troubleshooting of Switch

60. Question 17: What are the three (3) benefits to deploy an access
management on IPS sensor? Write your answer in 150-200
words

61. Question 18: A) Summarise anomaly detection and its modes.
Write your response in 50-100 words.
A) What are the four (4) approaches to monitor the IPS sensor?
Write your response in 150-200 words
B) Explain two (2) basic types of IPS signatures, each in 50-80
words.
Question 19: Explain Passive operating system fingerprinting
and list the OS fingerprinting tools. Write your response in 200-

62. 250 words
Question 20: Summarise the following terms:
A) External Product interfaces
B) Promiscuous vs. Inline Mode
C) VLAN
D) VLAN functionality
E) VLAN group

63. Unit Assessment Task (UAT)-2Assessment Task 2 – Unit
Project (UP)
Assessment type:
Unit Project (UP)
Instructions to complete this assessment task:
· Please write your responses in the template provided.
· You may attach a separate sheet if required.
· You must include the following particulars in the footer

64. section of each page of the attached sheets:
· Student ID or Student Name
· Unit ID or Unit Code
· Course ID or Course Code
· Trainer and assessor name
· Page numbers
· You must staple the loose sheets together along with the cover
page.
· You must attach the loose sheets chronologically as per the
page numbers.
· Correction fluid and tape are not permitted. Please do any
corrections by striking through the incorrect words with one or
two lines and rewriting the correct words.
· The premise of the project must be closely related to the
previous assessment task.
· This submission must be well presented and follow the
guidelines and instructions provided.
· Please follow the format as indicated in the template section
below.
· One of the most important steps that you can take: proofread
your project.
· Project must be of 500-800 words in length, using 11-point
font, double-spaced, and must include a cover page, table of
contents, introduction, body, summary or conclusion, and works
cited.
· Appropriate citations are required.
· All RTO policies are in effect, including the plagiarism
policy.
Resources required to complete the assessment task:
· Computer
· Internet
· MS Word
· A site where IPS sensor installation may be conducted
· A live network
· Servers

65. Scenario: -
HTK Bank is one of the emerging banks and provide one of the
best banking services to its customers. The bank works in a
paperless environment and all the branches are connected to the
head office using secured VPNs and thus network security is of
immense importance for the bank. In the recent years, the bank
has been able to provide latest and updated technology oriented
online services. The bank aims to facilitate the customers to
their satisfaction. Also, all HTK Bank employees are
responsible for the information security. The bank has clearly
defined its policy for its information security which includes
the following:
· Identify and manage information security risks, while taking
into account their impact on banking business.
· Define information security policies, strategies and standards.
· Assist and advise owners of information in evaluating risks
and required levels of protection, and in choosing appropriate
security measures.
· Make all employees aware of information security and the
importance of their involvement.
· To determine the responsibilities and duties towards
information security concerning employees, managers, and
contractors.
· Classification of the assets of the bank and determine the
required levels of protection using international standards. Item
No.
· Upgrade security access to bank facilities: Implement
additional security protocols of entry and access to bank
facilities, including sensitive equipment, information systems
and databases.
· Password Management: The establishment of the passwords
and other security related responsibilities.
· Physical and environmental security: Identifying facilities to
protect and prevent unauthorised access, information theft,

66. equipment theft and disruption of work or eavesdropping. Also,
protecting infrastructure equipment such as fire equipment and
air conditioners.
· E-Mail Security: The establishment of protocols to protect E-
mails and databases. Email is the largest distributor of viruses
and spam which needs mechanisms and procedures to make sure
data is not corrupted or stolen. Item No.
· Personal security: Introduction of mechanisms to reduce
human error, theft, embezzlement and corruption.
· Upgrade Encryption: To upgrade and maintain the
confidentiality, creditability, and integrity of the information
using the latest encryption software.
· Remote Access: Establishment of security precautions and
mechanisms to be taken to prevent access to the bank’s internal
network using remote access.
· Systems development and maintenance: Analyse, maintain and
upgrade the current system in place to ensure building security.
The mechanisms focus on peacekeeping, security,
encryption, data and configuration.
· Antivirus: Analyse the procedures and software for anti-virus
and anti-spam software.
· Backup: Establish procedures to backup copies of data,
storage media and information security.
· Incident Response: Procedure to learn, monitor and reduce
time of security breaches and breakdowns in the system
operations to reduce direct or indirect damage to the CBL and
the public.
· Security of networks and facilities: Protect networks from
eavesdropping, spying, theft, disruption, and unwanted
modification.
· Continuity of workflow management: Protection of sensitive
business tasks and information in the event of a crisis or
disaster such as fires or earthquakes.
· Security of wireless communications: Emphasis on proper
mobile network encryption.
· Network Security Monitoring: Allow limited access to the

67. information network through the development of a separate
network to the public. This network is separated from the
internal network to help protect it from malicious attacks.
In order to ensure the privacy, confidentiality and integrity of
the Information which are exchanged, disclosed, shared, stored
or otherwise used on our system and the Transactions, whether
or not the same belongs or originates from you or otherwise, we
have engaged the use of a combination of authentication,
encryption and auditing mechanisms which serve as a powerful
barrier against all forms of system penetration and abuse.Also,
to ensure the information security across the network
infrastructure of the bank, Jack-IT Manager has implemented
following mechanisms:
· Secure Sockets Layer (SSL) channel;
· 128-bit encryption;
· Username and password protection and authentication;
· Firewalls; and
· Account-locking,
all of which have been thoroughly tested in a series of
independent security audits and have been determined, whether
used separately or together, to effectively protect and safeguard
against known security issues and prevent any form of
tampering or theft of Information or Transactions, where
applicable.
Even then it has been observed that several attacks are made on
regular basis by the hackers to access the transactional and
financial information. Therefore, the bank utilise services of the
NALES Pvt Ltd.
NALES is a global leader in cyber and network security
products and services. Over 1500 highly qualified cyber
security experts, handle national security in 50 countries, and
critical information systems for over 100 clients. 80% of the
largest banks, energy and aerospace organisations around the
world rely on security delivered by NALES.
With over 40 years of experience in Information Assurance and

68. Security, NALES has an unrivalled understanding of the range
of threats that Australian businesses and organisations face. At
the heart of what NALES does is the belief that securing people,
property and information ensures business continuity and
reputation.
George- IT Project Manager has been assigned the task by
NALES to implement the IPS sensors on the network of HKT
bank. The IT project manager will perform the implementation
in coordination and in assistance of the IT Manager of the Bank.
The job description of the IT Project Manager is as under:
· Directs, plans and controls all activities and staff of an
Information Security area and has full management
responsibility for the performance and development of
subordinate staff in accordance with corporate strategic
direction. May include matrix reporting relationships.
· Directs the design, development, testing and implementation
of appropriate information security plans, technologies,
capabilities and other detection & response activities.
· Identifies emerging vulnerabilities, evaluates associated risks
and threats and provides countermeasures where necessary.
· Manages the reporting, investigation and resolution of data
security incidents.
· Maintains contact with industry security standard setting
groups, and an awareness of State and Federal legislation and
regulations pertaining to data privacy and information security.
· Proposes changes in firm-wide security policy when
necessary.
· Directs the Information Security staff in the evaluation of
risks and threats, development, implementation, communication,
operation, monitoring and maintenance of the IT security
policies and procedures which promote a secure and
uninterrupted operation of all IT systems.
The job description of the IT Manager at HTK bank is as under:
· Manage information technology and computer systems
· Plan, organize, control and evaluate IT and electronic data
operations

69. · Manage IT staff by recruiting, training and coaching
employees, communicating job expectations and appraising
their performance
· Design, develop, implement and coordinate systems, policies
and procedures
· Ensure security of data, network access and backup systems
· Act in alignment with user needs and system functionality to
contribute to organizational policy
· Identify problematic areas and implement strategic solutions
in time
· Audit systems and assess their outcomes
· Preserve assets, information security and control structures
· Handle annual budget and ensure cost effectiveness
Activity 1: (Analysing IPS sensor requirements for the
mitigation of network attacks)
With reference to the scenario given, and as per the
requirements of the bank you need to implement and configure
the IPS sensors for optimal network security. Initially you need
to analyse the requirements for the IPS Sensor usage, so you
need to analyse the following:
· System requirements for along with the requirements to
implement IPS sensors for optimal secured performance of the
network
· The difference of inline to promiscuous mode sensor
operations
· Different evasive techniques used by hackers
· The factors to consider for the selection, placement and
deployment of IPS sensors using the feature of IPS signature.
The analysis of the requirements for IPS sensors will not only
help in the ways of using the IPS sensors to mitigate network
attacks but will also specify how IPS can defeat the attacks on
network.
You need to research on internet to find relevant information
related to the scenario to complete the given template.

70. Also, fill the following template for the requirements:
Sr. No.
Analysis Required
Details
1
System Requirements for IPS Sensor
2
Evasion techniques used by Hackers
3
Difference between Inline to Promiscuous mode sensor

71. operations
4
Selection, placement and deployment of IPS sensors
Performance criteria checklist for unit assessment task:
Trainer/ Assessor to complete
Assessment activities to be completed
· Analysing IPS sensor requirements for the mitigation of
network attacks
· For a full project outline, please refer to the student
assessment instructions
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Defined system requirements for network IPS sensors
Analysed the different evasion techniques used by hackers
Analysed the difference between the inline to promiscuous
mode sensor operation

72. Analysed the selection, placement and deployment of the IPS
sensor
Completed the template
Activity 2: (Installation and configuration of the IPS sensor)
Note: This activity is in continuation of activity 1.
Now, once the analysis of the requirements has been done,
considering the above network diagram you need to install and
configure the IPS sensor to the network so that the security
parameters can be achieved. You will act as George and the
trainer will act as Jack and will provide you the following for
the successful completion of the project:
· A site where deployment of IPS sensors may be conducted
· A live network (LAN)
· Servers and computers
· Switches and routers
· Hardware and software security technologies
· Security policies (as per scenario)
Now, once the analysis of the requirements has been done,
considering the above network diagram you need to install and
configure the IPS sensor to the network so that the security
parameters can be achieved. You will act as George and the
trainer will act as Jack. Your trainer will provide you the
following for the successful completion of the project:
· Install the IPS Sensor and initialise the sensor by configuring

73. the sensor interface, interface pairs, VLAN pairs and VLAN
groups. The IPS sensor set up will be done on the router
connected to the network
· Configuration of the access management system on the IPS
sensor to authenticate and authorise the users
· Implementing the IPS sensor for the external communication
and manage it using built it tools of the router
· IPS Monitoring provides an overview of the activity identified
by the Intrusion Prevention Systems (IPS) on your network.
Monitor the IPS sensor, upgrade and maintain the license of the
IPS sensor to maintain the security of the network
· Plan the mitigation in correspondence of the trainer for the
relevant network vulnerabilities and exploits. Also, fill the
given template to plan the mitigation of the network
vulnerabilities.
Student must follow vendor instruction for configuration,
management and maintenance of the IPS sensor.
You need to complete this activity in 4-6 hours and additional
time may be given on request.
Your trainer and assessor will observe you during the activity
and complete the performance checklist.
Template to PLAN the mitigation of network vulnerabilities
Components
Details
Purpose Of The mitigation Plan
Process

74. Threat/Vulnerability Identification
Risk Response Planning
Bulnerability Monitoring, Controlling, And Reporting
Tools And Practices
Mitigation plan approval
[List the individuals whose signatures are desired. Examples
of such individuals are Business Steward, Project Manager or
Project Sponsor. Add additional lines for signature as
necessary. Although signatures are desired, they are not always
required to move forward with the practices outlined within this
document.]
Signature:
Date:
Print Name:

75. Title:
Role:
Signature:
Date:
Print Name:
Title:
Role:
Signature:
Date:
Print Name:

76. Title:
Role:
Performance criteria checklist for unit assessment task:
Trainer/ Assessor to complete
Assessment activities to be completed
· Installation and configuration of the IPS sensor
· For a full project outline, please refer to the student
assessment instructions
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Installed the IPS Sensor
Initialised the interface, interface pairs, VLAN pairs and VLAN
group
Configured the IPS Sensor

77. Implemented the access management system
Monitored and maintained the IPS sensor
Planned the mitigation for network security and completed
given template
Discussed IPS Sensor requirements according to the
organisation requirements
Unit Assessment Task (UAT)-3Assessment Task 3 – Unit
Project (UP)
Assessment type:
Unit Project (UP)
Instructions to complete this assessment task:
· Please write your responses in the template provided.
· You may attach a separate sheet if required.
· You must include the following particulars in the footer
section of each page of the attached sheets:
· Student ID or Student Name
· Unit ID or Unit Code
· Course ID or Course Code
· Trainer and assessor name
· Page numbers
· You must staple the loose sheets together along with the cover
page.

78. · You must attach the loose sheets chronologically as per the
page numbers.
· Correction fluid and tape are not permitted. Please do any
corrections by striking through the incorrect words with one or
two lines and rewriting the correct words.
· The premise of the project must be closely related to the
previous assessment task.
· This submission must be well presented and follow the
guidelines and instructions provided.
· Please follow the format as indicated in the template section
below.
· One of the most important steps that you can take: proofread
your project.
· Project must be of 500-800 words in length, using 11-point
font, double-spaced, and must include a cover page, table of
contents, introduction, body, summary or conclusion, and works
cited.
· Appropriate citations are required.
· All RTO policies are in effect, including the plagiarism
policy.
Activity 1 (Tunning and Monitoring of IPS Sensors)
This activity is continuation of assessment task 2. You are
required to participate in a practical demonstration task. You
need to complete this activity in 3 to 5 hours. Additional time
will be provided for analysis and preparing documentation.
Note: For This activity RTO/Assessor will provide you the
following:
· A site where deployment of IPS system and sensor may be
conducted
· A live network (LAN)
· Servers and computers

79. · Switches and routers
· Hardware and software security technologies
· Security policies (as per scenario)
After the configuration of the IPS sensor and managing it using
the built-in tools. You need to tune up the IPS sensors for
optimising its performance against the mitigation of the attacks.
You will act as George- the IT Project Manager from NALES
and work with IT manager – Jack (Trainer/assessor) as per the
requirements specified by the HKT Bank. You need to discuss
the tunning process with the trainer as IPS tuning helps ensure
that the alerts you are seeing are real, actionable information.
Without tuning, you will potentially have thousands of benign
events, making it difficult for you to conduct any security
research or forensics on your network. Benign events, also
known as false positives, exist in all IPS devices, but they
happen much less in devices such as Cisco IPS devices, which
are stateful and normalised, and use vulnerability signatures for
attack evaluation.
Additional Cisco IPS features include risk rating, which
identifies high-risk events, and policy-based management,
which easily lets you deploy rules that enforce an IPS signature
action based on risk rating
Also, you need to perform following tasks:
· Tunning of IPS sensors as per the requirement of the security
parameters of the network
· Create IPS signatures and Meta Signatures and test scenarios
· Configure gateway for passive operating system (OS)
fingerprinting
· Configure the external products interface for management of
external security features and to enhance the sensor
configuration information as the external product interface is
designed to receive and process information from external
security and management products. These external security and
management products collect information that can be used to
automatically enhance the sensor configuration information. For

80. example, the types of information that can be received from
external products include host profiles (the host OS
configuration, application configuration, and security posture)
and IP addresses that have been identified as causing malicious
network activity.
· Configuration of virtual sensor for remote sites of network and
anomaly detection
· Monitoring of the IPS events and advanced features. Also
complete the template for IPS events summary
· Use of network management tools for the management of IPS
sensors.
· Also, fill the template given below for network monitoring and
management of IPS sensors.
Template for IPS Monitoring and management
Logical Infrastructure
Wide Area Network
Local Area Network
Management
Services

81. Policies
Personnel
IPS EVENT SUMMARY TEMPLATE
Widget
Description
IPS Severities
Top Sources
Top Destinations
Top Reporting/Attacked Devices
Top IPS attacks
Top Source Countries
Top Destination Countries
Severity

82. Event Name
Event Category
Source IP
Source Country
Source Port
Destination IP
Destination Port
Log Source
Application
User Name
Host Name
Protocol ID

83. Source Zone
Destination Zone
Nested Application
NAT Source Port
NAT Destination Port
NAT Source Rule Name
NAT Destination Rule Name
NAT Source IP
NAT Destination IP
Traffic Session ID
Time

84. .
Performance criteria checklist for unit assessment task:
Trainer/ Assessor to complete
Assessment activities to be completed
· Tunning and Monitoring of IPS Sensors
· For a full project outline, please refer to the student
assessment instructions
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Tuned the IPS Sensor
Created IPS Signature
Configured Passive OS fingerprinting
Configured external interface
Configured Virtual sensors
Monitored the IPS Events

85. Completed the IPS event template
Used Network management tools for management of IPS sensors
End of the Assessment
ICTNWK609 Student Assessment Pack V1.0 September 2019
ICTNWK607 – Design and Implement Wireless Network
SecurityStudent Assessment Pack Student and Trainer/Assessor
Details
Student ID
Student name
Contact number
Email address
Trainer/Assessor name
.Course and Unit Details
Course code
ICT60215
Course name
Advanced Diploma of Network Security
Unit code
ICTNWK607
Unit name

86. Design and implement wireless network security
Assessment Submission Method
☐ By hand to trainer/assessor
☐ By email to trainer/assessor
☐ Online submission via Learning Management System
(LMS)
Student Declaration
· I certify that the work submitted for this assessment pack is
my own. I have clearly referenced any sources used in my
submission. I understand that a false declaration is a form of
malpractice;
· I have kept a copy of this assessment pack and all relevant
notes, attachments, and reference material that I used in the
production of the assessment pack;
· For the purposes of assessment, I give the trainer/assessor of
this assessment the permission to:
· Reproduce this assessment and provide a copy to another
member of staff; and
· Take steps to authenticate the assessment, including
communicating a copy of this assessment to a checking service
(which may retain a copy of the assessment on its database for
future plagiarism checking).
Student signature: ________________________________
Date: ____/_____/______________
Assessment Plan
To demonstrate competence in this unit, you must be assessed
as satisfactory in each of the following assessment tasks.

87. Evidence recorded
Evidence Type/ Method of assessment
Sufficient evidence recorded/Outcome
Unit Assessment Task 1
Unit Knowledge Test (UKT)
S / NS (First Attempt)
S / NS (Second Attempt)
Unit Assessment Task 2
Unit Project (UP)
S / NS (First Attempt)
S / NS (Second Attempt)
Unit Assessment Task 3
Unit Project (UP)
S / NS (First Attempt)
S / NS (Second Attempt)
Final result
C/NYC
Date assessed
Trainer/Assessor Signature
Assessment Conditions
Unit purpose/application
This unit describes the skills and knowledge required to
mitigate security threats to a wireless local area network
(WLAN) by implementing security standards and policies.
It applies to individuals with advanced information and
communications technology (ICT) skills who are working as
wireless help desk support technicians, wireless network
support specialists and wireless network engineers.
No licensing, legislative or certification requirements apply to
this unit at the time of publication.

88. What the student can expect to learn by studying this unit of
competency
· Plan to implement wireless network security
· Design, implement and test guest access services
· Design, implement and test the security of wireless client
devices
· Design, implement and test the integration of wireless network
with organisational network admission control systems
· Evaluate and plan secure wireless connectivity services
· Manage the requirements to integrate the WLAN with
advanced security platforms
Training and assessment resources required for this unit of
competency
The student will have access to the following:
· Learner guide
· PowerPoint presentation
· Unit Assessment Pack (UAP)
· Access to other learning materials such as textbooks
The resources required for these assessment tasks also included:
· A site or prototype where network installation may be
conducted
· Hardware and software
· Organisational guidelines
· Live network
· Stand-alone and lightweight WLAN controllers and access
points (AP)
· Hardware and software WLAN site survey tools
· Hardware and software IDS and IPS.
Your trainer/assessor will confirm assessment submission
details for each assessment task.
Academic integrity, plagiarism and collusion
Academic Integrity
Academic Integrity is about the honest presentation of your
academic work. It means acknowledging the work of others

89. while developing your own insights, knowledge and ideas.
As a student, you are required to:
· undertake studies and research responsibly and with honesty
and integrity
· ensure that academic work is in no way falsified
· seek permission to use the work of others, where required
· acknowledge the work of others appropriately
· take reasonable steps to ensure other students cannot copy or
misuse your work.
Plagiarism
Plagiarism means to take and use another person's ideas and or
manner of expressing them and to pass them off as your own by
failing to give appropriate acknowledgement. This includes
material sourced from the internet, RTO staff, other students,
and from published and unpublished work.
Plagiarism occurs when you fail to acknowledge that the ideas
or work of others are being used, which includes:
· Paraphrasing and presenting work or ideas without a reference
· Copying work either in whole or in part
· Presenting designs, codes or images as your own work
· Using phrases and passages verbatim without quotation marks
or referencing the author or web page
· Reproducing lecture notes without proper acknowledgement.
Collusion
Collusion means unauthorised collaboration on assessable work
(written, oral or practical) with other people. This occurs when
a student presents group work as their own or as the work of
someone else.
Collusion may be with another RTO student or with individuals
or students external to the RTO. This applies to work assessed
by any educational and training body in Australia or overseas.
Collusion occurs when you work without the authorisation of
the teaching staff to:
· Work with one or more people to prepare and produce work

90. · Allow others to copy your work or share your answer to an
assessment task
· Allow someone else to write or edit your work (without rto
approval)
· Write or edit work for another student
· Offer to complete work or seek payment for completing
academic work for other students.
Both collusion and plagiarism can occur in group work. For
examples of plagiarism, collusion and academic misconduct in
group work please refer to the RTO’s policy on Academic
integrity, plagiarism and collusion.
Plagiarism and collusion constitute cheating. Disciplinary
action will be taken against students who engage in plagiarism
and collusion as outlined in RTO’s policy.
Proven involvement in plagiarism or collusion may be recorded
on students’ academic file and could lead to disciplinary action.
Other Important unit specific Information
N/A
Unit outcome
· This unit is not graded and the student must complete and
submit all requirements for the assessment task for this cluster
or unit of competency to be deemed competent.
· Students will receive a 'satisfactorily completed' (S) or 'not
yet satisfactorily completed (NS) result for each individual unit
assessment task (UAT).
· Final unit result will be recorded as competency
achieved/competent (C) or competency not yet achieved/not yet
competent (NYC).

91. Unit Assessment Task (UAT) -1 Assessment Task 1 - Unit
Knowledge Test (UKT)
Assessment type:
· Written Questions
Instructions:
· This is an individual assessment.
The purpose of this assessment task is to assess the students’
knowledge required to ensure secure file encryption is selected,
implemented and monitored on a computer network or local
environment.
· To make full and satisfactory responses you should consult a
range of learning resources, other information such as handouts
and textbooks, learners’ resources and slides.
· All questions must be answered in order to gain competency
for this assessment.
You may attach a separate sheet if required.
You must include the following particulars in the footer section
of each page of the attached sheets:
· Student ID or Student Name
· Unit ID or Unit Code
· Course ID or Course Code
· Trainer and assessor name
· Page numbers
You must staple the loose sheets together along with the cover
page.
You must attach the loose sheets chronologically as per the
page numbers.
· Correction fluid and tape are not permitted. Please do any
corrections by striking through the incorrect words with one or
two lines and rewriting the correct words.

92. Resources required to complete the assessment task:
Learner guide
PowerPoint presentation
Unit Assessment Pack (UAP)
Access to other learning materials such as textbooks
Access to a computer, the Internet and word-processing system
such as MS Word.
Question 1: Answer the following questions:
A. What do you understand VLAN is and also relate its
advantages? Write your answer in 100-150 words.
B. What are the steps involved in the configuration, verification
and troubleshooting for virtual local area (VLAN) switching?

93. Question 2: Answer the following questions.
A) What is VLAN Trunk and what protocol is used in VLAN
Trunk? Answer in 70-100 Words.
B) Briefly explain the basic commands to configure, verify and
troubleshoot VLAN Trunk.

94. Question 3: Answer the following questions:
A) What is routing and list three types of routing?
B) Briefly explain the basic router configuration procedure.
Answer in 30-50 words.
C) Briefly explain the router troubleshooting and verification
procedure. Answer in 50-100 words.

95. Question 4: Summarise the following each in 150-200 words.
A. iDevice operating system (iOS)
B. Internet Protocol (IP) Networking Model
Question 5: Summarise the following security protection
mechanisms:
A. Intrusion Prevention System (IPS)
B. Intrusion Detection System (IDS)
Write 100-150 words for each.
Question 6: What are four (4) network threat mitigation
strategies? Write 30-70 words for each.

96. Question 7: Answer the following questions:
A. Briefly explain two regulations you need to follow in
Australia related to ICT sector? Write your response in 150-200
words.
B. What are the three (3) mostly used Wireless Standards?
Write your answer in 100-150 words.
C. Explain CCNA and CCNP wireless certifications each in 50-
80 words.

97. Question 8: What are the six (6) wireless network deployment
schemes? Write your response in 150-200 words.
Question 9: Explain the following wireless network security
technologies each in 100-150 words:
A. WEP - Wired Equivalent Privacy
B. Wi-Fi Protected Access (WPA)
Question 10: What are the two (2) wireless network topologies?
Write 50 -100 words for each.

98. Question 11: Answer the following questions:
A. Explain two (2) Wireless Network Architectures and its
characteristics? Write your response in 100-150 words for each.
B. Summarise six (6) Wireless Network Elements each in 40-80
words.

99. Question 12: Briefly explain the following wireless network
technologies? Answer in 30-60 words each.
a. Wireless Personal Area Network (WPAN)
b. Wireless Local Area Network (WLAN)
c. Wireless Metropolitan Area Network (WMAN)
d. Wireless Wide Area Network (WWAN)

100. Question 13: What are the three (3) wireless network protocols?
Write 30-70 words for each.
Question 14: Answer the following questions:
A. Explain how can firewalls provide advanced security
platform for WLAN? Write your response in 50-100 words.
B. What are the ten (10) features to consider in a firewall as an
advanced security platform for WLAN? Write your answer in
100-150 words.
C. Explain how antivirus (Security platform) can help to
improve wireless network? Answer in 30-50 words.

101. Question 15: List three (3) WLAN devices along with their
specifications and uses? Write 50-100 words for each device.
Question 16: Summarise the following:
A. What are the WLAN Radio frequency characteristics? Write
your response in 150-200 words.
B. Explain the two (2) measuring techniques of WLAN Radio
frequency each in 80-120 words.

102. Question 17: Answer the following questions:
A. What are the three (3) types of security policies to ensure
organisational and regulatory standards? Write 100-150 words
for your response.
B. What are the two (2) benefits of Network Security
Compliance Regulations? Write 50-100 words for each benefit.

103. Question 18: Answer the following questions:
A. What are the benefits of Wireless Network Access Services?
Write your answer in 150-200 words.
B. What is a Wireless LAN Controller and what are its features?
Write 150-200 words for your response?
C. Explain Auto Anchor Mobility Mode in 100-150 words.
D. List the ten (10) steps involved in troubleshooting guest
access issues.

104. Question 19: Answer the following.
A. What is management frame protection and how does it help
to secure the wireless infrastructure? Write your response in
100-150 words.
B. Explain integration of Network Access Control with network
security tools in 100-150 words.
C. Explain Client Certificates and Server Certificates each in
80-120 words.
Question 20: Answer the following questions:
A: Summarise two (2) causes and their solutions for slow
wireless connections? Write your response in 150-200 words
B: What are the seven (7) factors to consider for Work Health
and Safety in network installation operations? Write 30-70
words for each in your answer.

105. Question 21: Answer the following questions:
A. What are the features of Cisco Network Admission Control
Solution
? Write your answer in 100-150 words.
B. Explain four-factor authentication in 50-100 words.
Question 22: Answer the following Questions:
A. What are the features of WLAN Controllers? List any five.
B. What are the capabilities of Network Access Control? Write

106. your response in 50-100 words.
Question 23: Answer the following questions:
A. What are the five (5) elements of wireless network security
solution? Write 30-50 words for each solution.
B. What are the factors to consider while configuring firewall
for wireless network? Write your answer in 100-150 words.

107. Unit Assessment Task (UAT)-2Assessment Task 2 – Unit
Project (UP)
Assessment type:
Unit Project (UP)
Instructions to complete this assessment task:
· Please write your responses in the template provided.
· You may attach a separate sheet if required.
· You must include the following particulars in the footer
section of each page of the attached sheets:
· Student ID or Student Name
· Unit ID or Unit Code
· Course ID or Course Code
· Trainer and assessor name

108. · Page numbers
· You must staple the loose sheets together along with the cover
page.
· You must attach the loose sheets chronologically as per the
page numbers.
· Correction fluid and tape are not permitted. Please do any
corrections by striking through the incorrect words with one or
two lines and rewriting the correct words.
· The premise of the project must be closely related to the
previous assessment task.
· This submission must be well presented and follow the
guidelines and instructions provided.
· Please follow the format as indicated in the template section
below.
· One of the most important steps that you can take: proofread
your project.
· Project must be of 500-800 words in length, using 11-point
font, double-spaced, and must include a cover page, table of
contents, introduction, body, summary or conclusion, and works
cited.
· Appropriate citations are required.
· All RTO policies are in effect, including the plagiarism
policy.

109. Scenario: -
Devon Technical College is a private Registered Training
Organisation (RTO) with a campus based in Western
Melbourne. It offers over 40 certificate and diploma level
qualifications in the Vocational Education and Training (VET)
sector for a large number of subject areas including business,
community services, education, information technology, health,
hospitality, and many others.
Students select from one of two study shifts (morning or
afternoons) to undertake study which is self-directed in nature
or trainer led, and to undertake assessments. With the self-
directed courses, trainers/assessors are on hand to handle
student’s queries, while other courses are trainer led.
There are currently 450 students that attend the institute across
a wide range of classrooms.
The RTO has basic Wi-Fi for the students, staff and visitors.
Stakeholders use different devices like phones, tablets and
laptops. The current Wi-Fi has the following issues:
· No security for Wi-Fi
· Some areas do have Wi-Fi access
· Access point is not setup properly
· Slow or no internet
Organisational and regulatory policies

110. The wireless network for the RTO must meet the following
needs:
1. Complete network coverage with wired and wireless network,
providing constant stable network access for students, staff and
visitors.
2. Network isolation between students, staff and visitors,
ensuring network safety.
3. Access authentication, access permission management, and
advertising promotion.
4. Simple network maintenance and management, low cost for
devices maintenance.
5. All the data must be store in a safe location and make sure
data is backed up every three hours
6. All the students information including Id’s must be safe and
secure
7. Data system must compile with Australian privacy policy
Also, the Work Health and Safety Policies for installation of
Wireless Network for the RTO states the following:
Ensuring safety in the network installation sector
· Working with power tools: It is not unusual that a network
installation team must drill through walls and even modify
buildings to install a network and cables. Does your team have
the correct equipment? Is it calibrated and maintained, and does
your team have the correct training and protective equipment to
use it safely?

111. · Knowledge of dangerous areas and substances in buildings: It
is possible that your network team may be working in areas of
danger within a building. Whether that is down to hazardous
gases or substances that may be released if a drilling operation
goes wrong, does your team have the knowledge and
expertise to respond to that situation and mitigate the risk of
accident by taking the correct action?
· Correct product and electrical knowledge: Working with
networks and electrical circuits has an inherent level of danger.
Is your team properly qualified, trained, and instructed? Has the
correct information been shared with the team, and any
anomalies pointed out to allow the risk of an accident to be
reduced?
· Working at height: This is common for network installation
teams. Does your team have the correct equipment and training,
and have the risks been correctly quantified before the project
has begun?
· General health and safety training: Network installation sites
are often buildings that are not fully complete, so the normal
hazards of “slips and trips” will usually exist. Training your
staff to recognize these situations can remove much of the
danger that these hazards bring.
· Risk assessment: A critical part of the identification of
hazards is risk assessment. Does your organization have a
process whereby sites are assessed for risks to prevent hazards

112. from becoming reasons for incidents or accidents? Risk
assessment is at the core of any WHS policies and procedures,
and it should be for any organisation operating in the network
installation sector. Effective risk assessment can play a central
part in reducing hazards and lowering risk in most predicted
workplace circumstances.
· First aid training: Has your team had the necessary training to
ensure that they can deal with an accident or emergency at what
might be a remote site? Does your team carry a basic first aid
kit to deal with such situations? Does your team have good
methods of communication, such as mobile phones to allow
them to communicate in a situation where hazards are present?
First aid training can also help in a preventive sense – extra
knowledge of how to treat accidents can help to formulate ideas
on how to identify hazards and prevent accidents.
The wireless network setup including the Access Points-AP are
all handled and managed by the IT department of the RTO. The
IT department is responsible for not only providing the Wireless
Access to the customers and the staff members but also
responsible for the management of the whole IT and the
Network infrastructure of the RTO.
The IT network itself is comprised of the Servers, Computers,
Printers, Scanners, Online CCTV camera setup along with the

113. wireless access point. This IT infrastructure is all connected
with an efficient and sophisticated Local Area Network. As
highlighted earlier while establishing the Access Point the IT
department has already segmented into multiple access control
parameters ensuring the segregation of customers, staff of
different shops and the IT staff of the account.
IT department needs to design and implement a wireless
network security solution of the RTO. The IT department is
headed by the ICT Manager Steve who is responsible for the
management and the administration of the whole IT setup of the
RTO while Smith the Network Security Engineer works in
coordination with the ICT Manager to manage and setup the
network infrastructure of the RTO. The job responsibilities of
both the key IT personal along with the Network Diagram of the
RTO to illustrate the network infrastructure and Wireless access
points are given below:
Job description of the ICT Manager:
· Analysing information needs and specifying technology to
meet those needs
· Formulating and directing information and communication
technology (ICT) strategies, policies and plans
· Directing the selection and installation of ICT resources and
the provision of user training
· Directing ICT operations and setting priorities between system
developments, maintenance and operations

114. · Overseeing the security of ICT systems
· Running regular checks on network and data security
· Identifying and acting on opportunities to improve and update
software and systems
· Developing and implementing IT policy and best practice
guides for the organisation
· Designing training programs and workshops for staff
· Conducting regular system audits
· Running and sharing regular operation system reports with
senior staff
· Overseeing and determining timeframes for major IT projects
including system updates, upgrades, migrations and outages
· Managing and reporting on allocation of IT budget
· Providing direction for IT team members
· Identifying opportunities for team training and skills
advancement
Job description of the Network Engineer:
· Planning, engineering, and monitoring the security
arrangements for the protection of the network systems.
· Identifying, monitoring, and defining the requirements of the
overall security of the system.
Creating different ways to solve the existing threats and
security issues.
· Configuring and implementing intrusion detection systems and

115. firewalls.
· Testing and checking the system for weaknesses in software
and hardware.
· Maintaining firewalls, virtual private networks, web protocols,
and email security.
· Creating virus and threat detection systems.
· Configuring and installing security infrastructure devices.
· Investigating intrusion and hacking incidents, collecting
incident responses, and carrying out forensic investigations.
· Determining latest technologies and processes that improve
the overall security of the system.
· Using industry-standard analysis criteria to test the security
level of the firm.
· Developing tracking documents to note system vulnerabilities.
· Reporting the security analysis and monitoring findings.
· Supervising the configuration and installation of new software
and hardware.
· Implementing regulatory systems in accordance with IT
security.
· Informing the company about the security incidents as soon as
possible.
· Modifying the technical, legal, and regulatory aspects of the
system security.
· Defining and maintaining security policies.
· Occasionally replacing the security system protocol and

116. architecture.
· Maintaining switches and servers.
Network diagram of the RTO to give illustration of all the all
the computers, printers, scanners, servers, Wi-Fi access points,
switches, routers
Activity 1:
Task 1: Wireless Network Security Plan
The IT department is keen to design and implement wireless
network security for Devon Technical College to ensure
efficient and more secured usage of network resources for the
students, staff members and visitors. For the design and the
implementation of the wireless network security the IT
department needs to draft and document a wireless network
security plan. This security plan will help to understand both
the requirements of the security parameters and the
implementation mechanism to be followed for the wireless
network security.
The student will act as the Network Security Engineer and will
prepare the wireless network security plan as per the
requirements specified by the ICT Manager and the management
of Devon Technical College. The Network Security Engineer

117. will prepare the security plan under the assistance of the ICT
Manager and as per the network infrastructure of the RTO.
Also, the Network Security Manager needs to ensure that the
plan is according to continuous growth of the IT setup and as
per the security needs and that can also be used for the future
correspondence.
The Wireless Network Security Plan must include the following
and also the student needs to complete the template for the
security plan given below:
· Review given organisational and regulatory policies to
identify security standards
· Review RTO stakeholders issues and requirements against
WHS and security compliance requirements
· Develop a wireless network security plan including the
following
· Purpose of the plan
· Define stakeholder
· Issues with the current wireless system
· Hardware and software required
· Wi-Fi protection (Security)
· Security threats and risks
· Firewall requirements of wireless security

118. Template for Wireless Network Security Plan
Wireless Network Security Plan
Purpose:
Stakeholders:
Issues with the current wireless system
Hardware and software

119. Wi-Fi protection (Security)
Security threats and risks

120. Firewall requirements of wireless security

121. Task 2: Analysis of Guest Access Services
For the design and implementation of the guest access services,
you need to discuss with the ICT Manager about different
architectures of guest access services and need to elaborate each
and select one in consultation with the ICT Manager as per your
requirements.
The trainer/assessor will act as the ICT Manager and will
discuss and sort out all the queries relating the guest access
service. The guest access service will help to define the
mechanisms of granting access to the different users including
the permanent and the guest users. Also, complete the minutes
of meetings given below for the analysis of the guest access
services.
You need to complete this task in 10-15 minutes and your
trainer may provide you additional time if required.
You are required to complete the following meeting minute’s
template and submit to your trainer/assessor.
Minutes of Meeting

122. Meeting Objective:
Attendees:
Venue:
Date:
No
Points Discussed
Actions Suggested
Target Date

123. Signature of attendee 1:
Signature of attendee 2:
Signature of attendee 3:
Signature of attendee 4:
Performance criteria checklist for unit assessment task:
Trainer/ Assessor to complete
Does the candidate meet the following criteria
Yes
No
Trainer/Assessor Comments
Review given organisational and regulatory policies to identify
security standards
Review RTO stakeholders issues and requirements against WHS
and security compliance requirements

124. Develop a wireless network security plan including the
following:
· Purpose of the plan
· Define stakeholder
· Issues with the current wireless system
· Hardware and software required
· Wi-Fi protection (Security)
· Security threats and risks
· Firewall requirements
Discuss the different guest access services with the ICT
manager
Activity 2: Design, implement and test a wireless local area
network (WLAN) site security plan

125. Task 1: Design a wireless local area network (WLAN) site
security plan
In this task you need to produce a map for wireless network for
the RTO. In the map you need to include:
· Access points
· Devices
· Guest access
· Switch
· Router
You are required to prepare a map in a packet tracer software
and provide IP address to the relevant devices.
You need to submit you network map to your trainer and
assessor. You need to complete this task in 1-2 hours. Trainer
may provide you additional time if required.
Task 2: Implement and test a wireless local area network
(WLAN) site security plan
Note: This activity is continuing of a previous activity.
Reference to the wireless network security plan developed in
the previous activity, you are being the Network Security
Engineer needs to implement the WLAN security plan. You
need to implement the plan in coordination with the ICT

126. Manager which will be acted by the trainer/assessor. For the
implementation of the network security, you need to perform the
tasks in the environment of a Live Network environment
provided by the trainer/assessor.
The trainer/assessor will act as a supervisor and will guide you
through the initial process of implementation the network
security plan on the network infrastructure.
You need to complete this task in 6-8 hours. Your trainer may
provide you additional time if required.
Note: For This activity RTO/Assessor will provide you the
following:
· A site or prototype where network installation may be
conducted
· Hardware and software (Included in the security plan)
· Organisational guidelines (Scenario)
· Live network
· Stand-alone and lightweight WLAN controllers and access
points (AP)
· Hardware and software WLAN site survey tools
· Hardware and software IDS and IPS.
The student needs to perform the WLAN security
implementation including the following:
· Setup and configure guest access accounts
· Set the Guest Username Policy