Assessor Resource

ICTNWK416
Build security into virtual private networks

Assessment tool

Version 1.0
Issue Date: March 2024


This unit describes the skills and knowledge required to build security into a virtual private network (VPN).

It applies to individuals with competent information and communications technology (ICT) skills and who are working in the network area and are required to ensure that VPNs contain required security.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)



Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Configure router to provide for network security monitoring and management

1.1 Create and apply audit rules consistent with policies, standards, protocols and management systems

1.2 Configure router to provide appropriate level of asset security and monitoring of security consistent with commercial and business requirements

1.3 Monitor and manage system to assess the level of security and attempts to breach security of framework components

1.4 Employ appropriate hardware and software to monitor and address security issues and provide VPN solutions

2. Secure a site-to-site VPN

2.1 Configure internet key exchange (IKE) and internet protocol security (IPSec)

2.2 Configure site-to-site IPSec VPN using pre-shared keys

2.3 Configure site-to-site IPSec VPN using digital certificates

3. Secure a remote access VPN

3.1 Configure a VPN server

3.2 Install and administer a router management console

3.3 Develop documentation on current system settings and framework components, and file securely for future reference

Evidence of the ability to:

configure a router to provide the required security

implement and maintain security functionality for a virtual private network (VPN), including:

site to site VPN

remote access VPN

produce security documentation.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

outline the characteristics of a VPN system, including:

site to site

remote access systems

network protocols and operating systems relevant to VPN, including its features, issues and functions

describe the security requirements for a VPN, including:

auditing and penetration testing techniques

configuration of routers and switches

security protocols, standards and data encryption

processes and techniques related to security perimeters and their functions

security threats, including eavesdropping, data interception, data corruption and data falsification

transmission control protocol or internet protocol (TCP/IP) protocols and applications audit and intrusion detection systems

authentication issues

recognise and describe the differences between common networks, including:

local area network (LAN)

wireless local area network (WLAN)

wide area networks (WAN)

identify and describe organisational issues surrounding:

security cryptography

screened subnets

virus detection software.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

network technical requirements

network infrastructure, including servers and security hardware and software.

Assessors must satisfy NVR/AQTF assessor requirements.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Configure router to provide for network security monitoring and management

1.1 Create and apply audit rules consistent with policies, standards, protocols and management systems

1.2 Configure router to provide appropriate level of asset security and monitoring of security consistent with commercial and business requirements

1.3 Monitor and manage system to assess the level of security and attempts to breach security of framework components

1.4 Employ appropriate hardware and software to monitor and address security issues and provide VPN solutions

2. Secure a site-to-site VPN

2.1 Configure internet key exchange (IKE) and internet protocol security (IPSec)

2.2 Configure site-to-site IPSec VPN using pre-shared keys

2.3 Configure site-to-site IPSec VPN using digital certificates

3. Secure a remote access VPN

3.1 Configure a VPN server

3.2 Install and administer a router management console

3.3 Develop documentation on current system settings and framework components, and file securely for future reference

Evidence of the ability to:

configure a router to provide the required security

implement and maintain security functionality for a virtual private network (VPN), including:

site to site VPN

remote access VPN

produce security documentation.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

outline the characteristics of a VPN system, including:

site to site

remote access systems

network protocols and operating systems relevant to VPN, including its features, issues and functions

describe the security requirements for a VPN, including:

auditing and penetration testing techniques

configuration of routers and switches

security protocols, standards and data encryption

processes and techniques related to security perimeters and their functions

security threats, including eavesdropping, data interception, data corruption and data falsification

transmission control protocol or internet protocol (TCP/IP) protocols and applications audit and intrusion detection systems

authentication issues

recognise and describe the differences between common networks, including:

local area network (LAN)

wireless local area network (WLAN)

wide area networks (WAN)

identify and describe organisational issues surrounding:

security cryptography

screened subnets

virus detection software.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

network technical requirements

network infrastructure, including servers and security hardware and software.

Assessors must satisfy NVR/AQTF assessor requirements.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Create and apply audit rules consistent with policies, standards, protocols and management systems 
Configure router to provide appropriate level of asset security and monitoring of security consistent with commercial and business requirements 
Monitor and manage system to assess the level of security and attempts to breach security of framework components 
Employ appropriate hardware and software to monitor and address security issues and provide VPN solutions 
Configure internet key exchange (IKE) and internet protocol security (IPSec) 
Configure site-to-site IPSec VPN using pre-shared keys 
Configure site-to-site IPSec VPN using digital certificates 
Configure a VPN server 
Install and administer a router management console 
Develop documentation on current system settings and framework components, and file securely for future reference 

Forms

Assessment Cover Sheet

ICTNWK416 - Build security into virtual private networks
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

ICTNWK416 - Build security into virtual private networks

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: