Assessor Resource

ICTNWK406
Install, configure and test network security

Assessment tool

Version 1.0
Issue Date: March 2024


This unit describes the skills and knowledge required to install, configure and test network security in an information and communications technology (ICT) network.

It applies to individuals working as ICT professionals who install, configure and test secure networks of any size.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)



Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Assess network security threats and vulnerabilities to identify risk

1.1 Assess and report on current system security, according to required asset security level

1.2 Determine additional network, software, hardware and system security threats and vulnerabilities

1.3 Use identified threats and vulnerability information to identify security risks

1.4 Make recommendations to management to address security deficiencies, according to current and future commercial and business requirements

2. Implement countermeasures for identified vulnerabilities and threats

2.1 Implement required level of perimeter security based on current and future business needs

2.2 Assess and implement best practice server and network hardening techniques and measures

2.3 Implement secure authentication and user account controls

2.4 Secure data integrity and transmission

3. Test and verify functionality and performance of security system implemented

3.1 Design test items to verify key function and performance measures against criteria

3.2 Conduct function and performance tests recording results

3.3 Modify and debug security system as necessary

3.4 Develop documentation on current system settings and file for future reference

4. Provide systems for monitoring and maintaining security

4.1 Monitor current network security, including physical aspects, using appropriate third party testing software where applicable

4.2 Review logs and audit reports to identify and record security incidents, intrusions or attempts

4.3 Carry out spot checks and audits to ensure that procedures are not being bypassed

4.4 Document newly discovered security threats, vulnerabilities and risks in a report for presentation to appropriate person to gain approval for changes to be made

Evidence of the ability to:

assess and identify security threats, vulnerabilities and risks

determine appropriate countermeasure for threat, vulnerability or risk

implement countermeasure per threat or risk

install, configure and test network elements to ensure perimeter security

test and verify function and performance of selected security measures

monitor network for suspicious activity and take appropriate action where necessary

document newly discovered threats, vulnerabilities and risks, including change recommendations for approval.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

outline authentication issues

summarise the security requirements of the client business domain, including:

organisation structure and business functionality

features and capabilities of networking technologies

privacy issues and privacy legislation

security information sources

risk analysis

outline common virtual private network (VPN) issues, including bandwidth and dynamic security environment

explain how to configure routers and switches

summarise current industry accepted hardware and software security products, including general features and capabilities

outline the function and operation of VPN concepts, including encryption, firewalls, packet tunnelling and authentication

outline network protocols and operating systems

summarise organisational issues surrounding security

outline security perimeters and their functions

describe security protocols, standards and data encryption

summarise security threats, including eavesdropping, data interception, data corruption and data falsification

outline types of VPNs, including site-to-site and user-to-site internet traffic and extranets

summarise the systems and procedures related to:

audit and intrusion detection systems

auditing and penetration testing techniques

cryptography

local area network (LAN), wireless local area network (WLAN) and wide area network (WAN)

screened subnets

transmission control protocols or internet protocols (TCPs/IPs) and applications

use of virus detection software.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

a site where secure network installation may be conducted

network security documentation

equipment specifications

network components

hardware and software

firewalls (hardware and software)

a live network

organisational guidelines

networked (LAN) computers

WAN service point of presence.

Assessors must satisfy NVR/AQTF assessor requirements.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Assess network security threats and vulnerabilities to identify risk

1.1 Assess and report on current system security, according to required asset security level

1.2 Determine additional network, software, hardware and system security threats and vulnerabilities

1.3 Use identified threats and vulnerability information to identify security risks

1.4 Make recommendations to management to address security deficiencies, according to current and future commercial and business requirements

2. Implement countermeasures for identified vulnerabilities and threats

2.1 Implement required level of perimeter security based on current and future business needs

2.2 Assess and implement best practice server and network hardening techniques and measures

2.3 Implement secure authentication and user account controls

2.4 Secure data integrity and transmission

3. Test and verify functionality and performance of security system implemented

3.1 Design test items to verify key function and performance measures against criteria

3.2 Conduct function and performance tests recording results

3.3 Modify and debug security system as necessary

3.4 Develop documentation on current system settings and file for future reference

4. Provide systems for monitoring and maintaining security

4.1 Monitor current network security, including physical aspects, using appropriate third party testing software where applicable

4.2 Review logs and audit reports to identify and record security incidents, intrusions or attempts

4.3 Carry out spot checks and audits to ensure that procedures are not being bypassed

4.4 Document newly discovered security threats, vulnerabilities and risks in a report for presentation to appropriate person to gain approval for changes to be made

Evidence of the ability to:

assess and identify security threats, vulnerabilities and risks

determine appropriate countermeasure for threat, vulnerability or risk

implement countermeasure per threat or risk

install, configure and test network elements to ensure perimeter security

test and verify function and performance of selected security measures

monitor network for suspicious activity and take appropriate action where necessary

document newly discovered threats, vulnerabilities and risks, including change recommendations for approval.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

outline authentication issues

summarise the security requirements of the client business domain, including:

organisation structure and business functionality

features and capabilities of networking technologies

privacy issues and privacy legislation

security information sources

risk analysis

outline common virtual private network (VPN) issues, including bandwidth and dynamic security environment

explain how to configure routers and switches

summarise current industry accepted hardware and software security products, including general features and capabilities

outline the function and operation of VPN concepts, including encryption, firewalls, packet tunnelling and authentication

outline network protocols and operating systems

summarise organisational issues surrounding security

outline security perimeters and their functions

describe security protocols, standards and data encryption

summarise security threats, including eavesdropping, data interception, data corruption and data falsification

outline types of VPNs, including site-to-site and user-to-site internet traffic and extranets

summarise the systems and procedures related to:

audit and intrusion detection systems

auditing and penetration testing techniques

cryptography

local area network (LAN), wireless local area network (WLAN) and wide area network (WAN)

screened subnets

transmission control protocols or internet protocols (TCPs/IPs) and applications

use of virus detection software.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

a site where secure network installation may be conducted

network security documentation

equipment specifications

network components

hardware and software

firewalls (hardware and software)

a live network

organisational guidelines

networked (LAN) computers

WAN service point of presence.

Assessors must satisfy NVR/AQTF assessor requirements.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Assess and report on current system security, according to required asset security level 
Determine additional network, software, hardware and system security threats and vulnerabilities 
Use identified threats and vulnerability information to identify security risks 
Make recommendations to management to address security deficiencies, according to current and future commercial and business requirements 
Implement required level of perimeter security based on current and future business needs 
Assess and implement best practice server and network hardening techniques and measures 
Implement secure authentication and user account controls 
Secure data integrity and transmission 
Design test items to verify key function and performance measures against criteria 
Conduct function and performance tests recording results 
Modify and debug security system as necessary 
Develop documentation on current system settings and file for future reference 
Monitor current network security, including physical aspects, using appropriate third party testing software where applicable 
Review logs and audit reports to identify and record security incidents, intrusions or attempts 
Carry out spot checks and audits to ensure that procedures are not being bypassed 
Document newly discovered security threats, vulnerabilities and risks in a report for presentation to appropriate person to gain approval for changes to be made 

Forms

Assessment Cover Sheet

ICTNWK406 - Install, configure and test network security
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

ICTNWK406 - Install, configure and test network security

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: