Assessor Resource

ICTNWK609
Configure and manage intrusion prevention system on network sensors

Assessment tool

Version 1.0
Issue Date: April 2024


This unit describes the skills and knowledge required to use appropriate tools, equipment and software to implement an intrusion prevention system (IPS) on IPS sensors to mitigate network attacks.

It applies to individuals with advanced information and communications technology (ICT) skills who are working as certified IPS specialists, network security specialists and network security managers.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)


Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Evaluate the ways IPS sensors are used to mitigate network attacks

1.1 Evaluate system requirements of the network according to industry standards for inline operations

1.2 Compare inline to promiscuous mode sensor operations and evaluate how IPS protects network devices from attacks

1.3 Evaluate the evasive techniques used by hackers and determine ways IPS can defeat those techniques in the network

1.4 Evaluate the considerations necessary for selection, placement, and deployment of a network IPS, including using features of IPS signature

2. Select and install IPS sensors and configure essential system parameters

2.1 Install and initialise the sensor for configuration of sensor interfaces, interface pairs, virtual local area network (VLAN) pairs and VLAN groups

2.2 Configure management access to the sensor appliance and create user accounts to comply with different user roles

2.3 Set up sensor communications with external management and monitoring systems

2.4 Manage and monitor sensor operation using built-in tools

2.5 Upgrade and maintain IPS sensor parameters and licensing requirements to maintain network integrity

2.6 Plan the mitigation of specific network vulnerabilities and exploits

3. Tune IPS sensor advanced system parameters to optimise attack mitigation performance

3.1 Tune sensor signatures to provide optimal protection of the network

3.2 Create custom signatures and a meta signature to meet mitigation performance configurations for given test scenarios while disabling alert production for the component signatures

3.3 Configure gateway for passive operating system (OS) fingerprinting

3.4 Configure the external product interface to receive and process information from external security and management products to automatically enhance the sensor configuration information

3.5 Configure a virtual sensor and anomaly detection

3.6 Monitor the IPS advanced features for optimal performance

4. Manage security and response of the IPS to network attacks

4.1 Monitor IPS events using network tools to determine appropriate response to network attacks

4.2 Use network management tools to assess and manage IPS effectiveness against security intrusion

Evidence of the ability to:

evaluate intrusion prevention system (IPS) requirements and configure IPS sensors

tune up IPS sensors to optimise attack mitigation

use network tools and network management tools to monitor and manage security sensor events

upgrade and maintain IPS sensors.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

explain configuration, verification and troubleshooting procedures to undertake a switch and router operation and routing protocol

outline deployment schemes

summarise setting up and securing firewalls

summarise internetwork operating system (IOS) and internet protocol (IP) networking models

explain IP addressing and detailed understanding of the transmission control protocol (TCP) or IP stack

outline IPS and intrusion detection system (IDS) strategies

explain IPS sensor technologies and licensing requirements

outline local area network or wide area network (LAN/WAN) implementations and design

summarise network topologies, architectures and elements

outline networking standards and protocols

explain signatures and meta signatures

explain threat mitigation strategies

explain virtual local area network (VLAN) concepts and functionality

outline virtual private network (VPN) technologies

identify and describe legislation, regulations, standards and codes of practice relevant to network security.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the networking industry, and include access to:

a site or prototype where network installation may be conducted

relevant hardware and software

organisational guidelines

live network

an IPS system and its sensors.

Assessors must satisfy NVR/AQTF assessor requirements.

Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)

Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Evaluate the ways IPS sensors are used to mitigate network attacks

1.1 Evaluate system requirements of the network according to industry standards for inline operations

1.2 Compare inline to promiscuous mode sensor operations and evaluate how IPS protects network devices from attacks

1.3 Evaluate the evasive techniques used by hackers and determine ways IPS can defeat those techniques in the network

1.4 Evaluate the considerations necessary for selection, placement, and deployment of a network IPS, including using features of IPS signature

2. Select and install IPS sensors and configure essential system parameters

2.1 Install and initialise the sensor for configuration of sensor interfaces, interface pairs, virtual local area network (VLAN) pairs and VLAN groups

2.2 Configure management access to the sensor appliance and create user accounts to comply with different user roles

2.3 Set up sensor communications with external management and monitoring systems

2.4 Manage and monitor sensor operation using built-in tools

2.5 Upgrade and maintain IPS sensor parameters and licensing requirements to maintain network integrity

2.6 Plan the mitigation of specific network vulnerabilities and exploits

3. Tune IPS sensor advanced system parameters to optimise attack mitigation performance

3.1 Tune sensor signatures to provide optimal protection of the network

3.2 Create custom signatures and a meta signature to meet mitigation performance configurations for given test scenarios while disabling alert production for the component signatures

3.3 Configure gateway for passive operating system (OS) fingerprinting

3.4 Configure the external product interface to receive and process information from external security and management products to automatically enhance the sensor configuration information

3.5 Configure a virtual sensor and anomaly detection

3.6 Monitor the IPS advanced features for optimal performance

4. Manage security and response of the IPS to network attacks

4.1 Monitor IPS events using network tools to determine appropriate response to network attacks

4.2 Use network management tools to assess and manage IPS effectiveness against security intrusion

Evidence of the ability to:

evaluate intrusion prevention system (IPS) requirements and configure IPS sensors

tune up IPS sensors to optimise attack mitigation

use network tools and network management tools to monitor and manage security sensor events

upgrade and maintain IPS sensors.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

explain configuration, verification and troubleshooting procedures to undertake a switch and router operation and routing protocol

outline deployment schemes

summarise setting up and securing firewalls

summarise internetwork operating system (IOS) and internet protocol (IP) networking models

explain IP addressing and detailed understanding of the transmission control protocol (TCP) or IP stack

outline IPS and intrusion detection system (IDS) strategies

explain IPS sensor technologies and licensing requirements

outline local area network or wide area network (LAN/WAN) implementations and design

summarise network topologies, architectures and elements

outline networking standards and protocols

explain signatures and meta signatures

explain threat mitigation strategies

explain virtual local area network (VLAN) concepts and functionality

outline virtual private network (VPN) technologies

identify and describe legislation, regulations, standards and codes of practice relevant to network security.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the networking industry, and include access to:

a site or prototype where network installation may be conducted

relevant hardware and software

organisational guidelines

live network

an IPS system and its sensors.

Assessors must satisfy NVR/AQTF assessor requirements.
Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Evaluate system requirements of the network according to industry standards for inline operations 
Compare inline to promiscuous mode sensor operations and evaluate how IPS protects network devices from attacks 
Evaluate the evasive techniques used by hackers and determine ways IPS can defeat those techniques in the network 
Evaluate the considerations necessary for selection, placement, and deployment of a network IPS, including using features of IPS signature 
Install and initialise the sensor for configuration of sensor interfaces, interface pairs, virtual local area network (VLAN) pairs and VLAN groups 
Configure management access to the sensor appliance and create user accounts to comply with different user roles 
Set up sensor communications with external management and monitoring systems 
Manage and monitor sensor operation using built-in tools 
Upgrade and maintain IPS sensor parameters and licensing requirements to maintain network integrity 
Plan the mitigation of specific network vulnerabilities and exploits 
Tune sensor signatures to provide optimal protection of the network 
Create custom signatures and a meta signature to meet mitigation performance configurations for given test scenarios while disabling alert production for the component signatures 
Configure gateway for passive operating system (OS) fingerprinting 
Configure the external product interface to receive and process information from external security and management products to automatically enhance the sensor configuration information 
Configure a virtual sensor and anomaly detection 
Monitor the IPS advanced features for optimal performance 
Monitor IPS events using network tools to determine appropriate response to network attacks 
Use network management tools to assess and manage IPS effectiveness against security intrusion 

Forms

Assessment Cover Sheet

ICTNWK609 - Configure and manage intrusion prevention system on network sensors
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:

Assessment Record Sheet

ICTNWK609 - Configure and manage intrusion prevention system on network sensors

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: