List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Configure router to provide for network security monitoring and management | 1.1 Create and apply audit rules consistent with policies, standards, protocols and management systems 1.2 Configure router to provide appropriate level of asset security and monitoring of security consistent with commercial and business requirements 1.3 Monitor and manage system to assess the level of security and attempts to breach security of framework components 1.4 Employ appropriate hardware and software to monitor and address security issues and provide VPN solutions |
2. Secure a site-to-site VPN | 2.1 Configure internet key exchange (IKE) and internet protocol security (IPSec) 2.2 Configure site-to-site IPSec VPN using pre-shared keys 2.3 Configure site-to-site IPSec VPN using digital certificates |
3. Secure a remote access VPN | 3.1 Configure a VPN server 3.2 Install and administer a router management console 3.3 Develop documentation on current system settings and framework components, and file securely for future reference |
Evidence of the ability to:
configure a router to provide the required security
implement and maintain security functionality for a virtual private network (VPN), including:
site to site VPN
remote access VPN
produce security documentation.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
outline the characteristics of a VPN system, including:
site to site
remote access systems
network protocols and operating systems relevant to VPN, including its features, issues and functions
describe the security requirements for a VPN, including:
auditing and penetration testing techniques
configuration of routers and switches
security protocols, standards and data encryption
processes and techniques related to security perimeters and their functions
security threats, including eavesdropping, data interception, data corruption and data falsification
transmission control protocol or internet protocol (TCP/IP) protocols and applications audit and intrusion detection systems
authentication issues
recognise and describe the differences between common networks, including:
local area network (LAN)
wireless local area network (WLAN)
wide area networks (WAN)
identify and describe organisational issues surrounding:
security cryptography
screened subnets
virus detection software.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
network technical requirements
network infrastructure, including servers and security hardware and software.
Assessors must satisfy NVR/AQTF assessor requirements.