List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Evaluate the ways IPS sensors are used to mitigate network attacks | 1.1 Evaluate system requirements of the network according to industry standards for inline operations 1.2 Compare inline to promiscuous mode sensor operations and evaluate how IPS protects network devices from attacks 1.3 Evaluate the evasive techniques used by hackers and determine ways IPS can defeat those techniques in the network 1.4 Evaluate the considerations necessary for selection, placement, and deployment of a network IPS, including using features of IPS signature |
2. Select and install IPS sensors and configure essential system parameters | 2.1 Install and initialise the sensor for configuration of sensor interfaces, interface pairs, virtual local area network (VLAN) pairs and VLAN groups 2.2 Configure management access to the sensor appliance and create user accounts to comply with different user roles 2.3 Set up sensor communications with external management and monitoring systems 2.4 Manage and monitor sensor operation using built-in tools 2.5 Upgrade and maintain IPS sensor parameters and licensing requirements to maintain network integrity 2.6 Plan the mitigation of specific network vulnerabilities and exploits |
3. Tune IPS sensor advanced system parameters to optimise attack mitigation performance | 3.1 Tune sensor signatures to provide optimal protection of the network 3.2 Create custom signatures and a meta signature to meet mitigation performance configurations for given test scenarios while disabling alert production for the component signatures 3.3 Configure gateway for passive operating system (OS) fingerprinting 3.4 Configure the external product interface to receive and process information from external security and management products to automatically enhance the sensor configuration information 3.5 Configure a virtual sensor and anomaly detection 3.6 Monitor the IPS advanced features for optimal performance |
4. Manage security and response of the IPS to network attacks | 4.1 Monitor IPS events using network tools to determine appropriate response to network attacks 4.2 Use network management tools to assess and manage IPS effectiveness against security intrusion |
Evidence of the ability to:
evaluate intrusion prevention system (IPS) requirements and configure IPS sensors
tune up IPS sensors to optimise attack mitigation
use network tools and network management tools to monitor and manage security sensor events
upgrade and maintain IPS sensors.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
explain configuration, verification and troubleshooting procedures to undertake a switch and router operation and routing protocol
outline deployment schemes
summarise setting up and securing firewalls
summarise internetwork operating system (IOS) and internet protocol (IP) networking models
explain IP addressing and detailed understanding of the transmission control protocol (TCP) or IP stack
outline IPS and intrusion detection system (IDS) strategies
explain IPS sensor technologies and licensing requirements
outline local area network or wide area network (LAN/WAN) implementations and design
summarise network topologies, architectures and elements
outline networking standards and protocols
explain signatures and meta signatures
explain threat mitigation strategies
explain virtual local area network (VLAN) concepts and functionality
outline virtual private network (VPN) technologies
identify and describe legislation, regulations, standards and codes of practice relevant to network security.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the networking industry, and include access to:
a site or prototype where network installation may be conducted
relevant hardware and software
organisational guidelines
live network
an IPS system and its sensors.
Assessors must satisfy NVR/AQTF assessor requirements.