Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

Required Skills

Required skills

communication skills to liaise with internal and external personnel on securityrelated matters

literacy skills to

interpret technical documentation

write reports in required formats

read and interpret enterprise security procedures policies and specifications

review vendor sites bulletins and notifications for security information

planning and organisational skills to

plan control methods for network service security and authentication

plan prioritise and monitor own work

problemsolving and contingencymanagement skills to

adapt configuration procedures to requirements of network service security and reconfigure depending on differing operational contingencies risk situations and environments

detect investigate and recover from security breaches

safetyawareness skills to

apply precautions and required action to minimise control or eliminate hazards that may exist during work activities

follow enterprise OHS procedures

work systematically with required attention to detail without injury to self or others or damage to goods or equipment

research skills to interrogate vendor databases and websites to implement different configuration requirements to meet security levels

technical skills to

design network service and authentication security

identify the technical requirements constraints and manageability issues for given customer serversecurity requirements

implement security strategies

install network service and authentication security design

monitor log files for security information

select and use server and network diagnostics

test server security

Required knowledge

auditing and penetration testing techniques

best practice procedures for implementing backup and restore

cryptographic techniques

procedures for error and event logging and reporting

intrusion detection and recovery procedures

network service configuration including DNS DHCP web mail FTP SMB NTP and proxy

network service security features options and limitations

network service vulnerabilities

operating system help and support utilities

planning configuration monitoring and troubleshooting techniques

security protection mechanisms

security threats and risks

server firewall configuration

server monitoring and troubleshooting tools and techniques including network monitoring and diagnostic utilities

user authentication and directory services

Evidence Required

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria required skills and knowledge range statement and the Assessment Guidelines for the Training Package

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to

identify network service security vulnerabilities and appropriate controls

plan design and configure a secure network authentication service

secure a wide range of network services to ensure server and data security including DNS web and proxy mail FTP and firewall

implement cryptographic techniques

monitor the server for security breaches

Context of and specific resources for assessment

Assessment must ensure access to

site where server installation may be conducted

relevant server specifications

networked LAN computers

server diagnostic software

client requirements

WAN service point of presence

relevant regulatory documentation that impacts on installation activities

appropriate learning and assessment support when required

modified equipment for people with special needs

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge The following examples are appropriate for this unit

evaluation of security design report for a server with complex network service security requirements

direct observation of the candidate configuring complex security requirements

verbal or written questioning of required skills and knowledge

evaluation of prepared report outlining intrusion detection recovery reporting and documentation procedures

evaluation of system design and implementation in terms of network service security and suitability for business needs

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector workplace and job role is recommended where appropriate

Assessment processes and techniques must be culturally appropriate and suitable to the communication skill level language literacy and numeracy capacity of the candidate and the work being performed

Indigenous people and other people from a nonEnglish speaking background may need additional support

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge

Range Statement

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Client may include:	external organisations ICT company individuals internal departments internal employees service industry.
Stakeholders may include:	development team IT manager or representative project team sponsor user.
Network server may include:	applications server communications server content and media server multiple servers physical server virtual server.
Client security documentation may include:	risk assessment reports security incident reports and server logs security plans security policies security procedures.
Network authentication may include:	biometrics enterprise single sign-on Hesiod Kerberos lightweight directory access protocol (LDAP) Novell Directory Services (NDS) network information service (NIS) pluggable authentication modules (PAM) public key authentication (PKA) public key infrastructure (PKI) and digital certificates Red Hat Directory Services (RHDS) security tokens and smart cards SMB or Samba software two-factor and multifactor authentication Windows Active Directory Services (WADS).
Network service may include:	dynamic host configuration protocol (DHCP) dynamic name system (DNS) firewall file transfer protocol (FTP) hypertext transfer protocol (HTTP) or secure (HTTPS) internet message access protocol (IMAP) network authentication: remote procedure call (RPC) NIS Kerberos network file system (NFS) network time protocol (NTP) open source secure shell software suite (open SSH) post-office protocol (POP) print services proxy server messages block (SMB) simple mail transfer protocol (SMTP) simple network management protocol (SNMP) structured query language server (SQL) transmission control protocol or internet protocol (TCP/IP).
Appropriate person may include:	authorised business representative client representative from the IT department supervisor security manager.
Update services may include:	Potentially Unwanted Program Remover (PUP) Red Hat Network Windows Server Update Services Yellow Dog Update Manager (YUM).
Basic service security may include:	host-based access control network service access control lists (ACL) network service authentication network share permissions security-enhanced Linux (SE Linux) TCP wrappers Windows group policy eXtended interNET Daemon (xinetd) and service limits.
Encryption may include:	asymmetric encryption certificate authority configuration digital signatures and signature verification email encryption encrypted file systems encrypted network traffic GNU Privacy Guard (GnuPG or GPG) public key infrastructure (PKI) secure sockets layer (SSL) certificates symmetric encryption.
Security options for services may include:	network file services security options, such as: disk quotas distributed file system security encrypted file systems NFS security shares and their permissions SMB or Samba security options name resolution services, such as: bogus servers and blackholes DNS topologies dynamic DNS security restrictive zone transfers and recursive queries transaction signatures transaction signature (TSIG) views web and proxy services, such as: authentication common gateway interface (CGI) security server-side includes SSL certificates suEXEC mail services, such as: email encryption mail filtering including spam filtering mail topology design secure sockets layer and transport layer security protocols (SSL/TLS) start transport layer security (STARTTLS) virus scanning FTP services, such as: anonymous FTP FTP authentication secure access to home directories.
Remote access security options may include:	dial-up internet connection sharing (ICS) inbound and outbound filters network address translation (NAT) open SSH port forwarding remote authentication dial-in user service (RADIUS) RADIUS proxy remote access policy routing and remote access services (RRAS) secure remote access protocols secure wireless terminal services virtual private network (VPN).
Operating system may include:	Linux Unix Windows server.
Third-party firewall may include:	incoming and outgoing traffic filtering iptables internet security and acceleration (ISA) server kernel level firewalls Microsoft Windows Firewall netfilter SmoothWall traffic filtering by ports and protocols.
Backup and recovery may include:	automated backups using operating system backup and job scheduling tools backup and recovery of mail systems backup and recovery of network directory service objects backups using third party software database backup and recovery volume shadow copies.