Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners

ICTNWK509 Mapping and Delivery Guide
Design and implement a security perimeter for ICT networks

Version 1.0
Issue Date: March 2024


Qualification -
Unit of Competency ICTNWK509 - Design and implement a security perimeter for ICT networks
Description
Employability Skills
Learning Outcomes and Application This unit describes the skills and knowledge required to build a high performance, high security, failure resistant security perimeter, for an enterprise information and communications technology (ICT) network.It applies to individuals with excellent ICT expertise who are working as middle managers, including information security managers, network engineers, network technicians and security analysts.No licensing, legislative or certification requirements apply to this unit at the time of publication.
Duration and Setting X weeks, nominally xx hours, delivered in a classroom/online/blended learning setting.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

site or prototype where perimeter security may be implemented and managed

perimeter devices

organisational security requirements.

Assessors must satisfy NVR/AQTF assessor requirements.

Prerequisites/co-requisites
Competency Field
Development and validation strategy and guide for assessors and learners Student Learning Resources Handouts
Activities
Slides
PPT
Assessment 1 Assessment 2 Assessment 3 Assessment 4
Elements of Competency Performance Criteria              
Element: Plan and design firewall solution
  • Determine level and nature of security needed to meet enterprise requirements
  • Identify security threats
  • Research available perimeter security options
  • Design security perimeter to meet identified enterprise requirements
       
Element: Configure perimeter to secure network
  • Deploy perimeter devices according to design
  • Configure perimeter topology
  • Configure basic functionality of devices to allow access
  • Configure advanced functions
       
Element: Plan, design and configure network devices to provide secure fallover and redundancy
  • Back up device configuration
  • Design and configure perimeter to enable continuity of service during upgrade of devices
  • Design and configure perimeter to enable continuity of service in the event of device failure
       
Element: Plan, design and configure a VPN solution
  • Configure perimeter for site-to-site virtual private networks (VPNs)
  • Configure perimeter as a remote access VPN server
  • Configure perimeter to allow VPN tunnel forwarding
  • Diagnose and resolve VPN connectivity issues
       
Element: Test and verify design performance
  • Test functionality of basic features
  • Test functionality of advanced features
  • Perform penetration testing to verify that the perimeter meets security requirements
  • Monitor perimeter device performance
  • Monitor security breaches
  • Document test results and report to appropriate person
       


Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Plan and design firewall solution

1.1 Determine level and nature of security needed to meet enterprise requirements

1.2 Identify security threats

1.3 Research available perimeter security options

1.4 Design security perimeter to meet identified enterprise requirements

2. Configure perimeter to secure network

2.1 Deploy perimeter devices according to design

2.2 Configure perimeter topology

2.3 Configure basic functionality of devices to allow access

2.4 Configure advanced functions

3. Plan, design and configure network devices to provide secure fallover and redundancy

3.1 Back up device configuration

3.2 Design and configure perimeter to enable continuity of service during upgrade of devices

3.3 Design and configure perimeter to enable continuity of service in the event of device failure

4. Plan, design and configure a VPN solution

4.1 Configure perimeter for site-to-site virtual private networks (VPNs)

4.2 Configure perimeter as a remote access VPN server

4.3 Configure perimeter to allow VPN tunnel forwarding

4.4 Diagnose and resolve VPN connectivity issues

5. Test and verify design performance

5.1 Test functionality of basic features

5.2 Test functionality of advanced features

5.3 Perform penetration testing to verify that the perimeter meets security requirements

5.4 Monitor perimeter device performance

5.5 Monitor security breaches

5.6 Document test results and report to appropriate person

Evidence of the ability to:

identify threats to perimeter security

develop design for a secure perimeter

deploy perimeter to meet security requirements

design and configure advanced features of perimeter devices to provide additional services

design and configure an integrated VPN solution

conduct exhaustive testing of perimeter.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

identify and describe emerging security issues and the need for security policies

describe the security perimeter issues related to networks, including:

auditing and penetration testing techniques

capabilities of software and hardware perimeter solutions

logging analysis techniques

organisational network infrastructure

security technologies according to perimeter design

weaknesses of installed perimeter design.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assignment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Plan and design firewall solution

1.1 Determine level and nature of security needed to meet enterprise requirements

1.2 Identify security threats

1.3 Research available perimeter security options

1.4 Design security perimeter to meet identified enterprise requirements

2. Configure perimeter to secure network

2.1 Deploy perimeter devices according to design

2.2 Configure perimeter topology

2.3 Configure basic functionality of devices to allow access

2.4 Configure advanced functions

3. Plan, design and configure network devices to provide secure fallover and redundancy

3.1 Back up device configuration

3.2 Design and configure perimeter to enable continuity of service during upgrade of devices

3.3 Design and configure perimeter to enable continuity of service in the event of device failure

4. Plan, design and configure a VPN solution

4.1 Configure perimeter for site-to-site virtual private networks (VPNs)

4.2 Configure perimeter as a remote access VPN server

4.3 Configure perimeter to allow VPN tunnel forwarding

4.4 Diagnose and resolve VPN connectivity issues

5. Test and verify design performance

5.1 Test functionality of basic features

5.2 Test functionality of advanced features

5.3 Perform penetration testing to verify that the perimeter meets security requirements

5.4 Monitor perimeter device performance

5.5 Monitor security breaches

5.6 Document test results and report to appropriate person

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Determine level and nature of security needed to meet enterprise requirements 
Identify security threats 
Research available perimeter security options 
Design security perimeter to meet identified enterprise requirements 
Deploy perimeter devices according to design 
Configure perimeter topology 
Configure basic functionality of devices to allow access 
Configure advanced functions 
Back up device configuration 
Design and configure perimeter to enable continuity of service during upgrade of devices 
Design and configure perimeter to enable continuity of service in the event of device failure 
Configure perimeter for site-to-site virtual private networks (VPNs) 
Configure perimeter as a remote access VPN server 
Configure perimeter to allow VPN tunnel forwarding 
Diagnose and resolve VPN connectivity issues 
Test functionality of basic features 
Test functionality of advanced features 
Perform penetration testing to verify that the perimeter meets security requirements 
Monitor perimeter device performance 
Monitor security breaches 
Document test results and report to appropriate person 

Forms

Assessment Cover Sheet

ICTNWK509 - Design and implement a security perimeter for ICT networks
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

ICTNWK509 - Design and implement a security perimeter for ICT networks

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: