Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners

ICTWEB408 Mapping and Delivery Guide
Ensure basic website security

Version 1.0
Issue Date: May 2024


Qualification -
Unit of Competency ICTWEB408 - Ensure basic website security
Description
Employability Skills
Learning Outcomes and Application This unit describes the skills and knowledge required to provide basic website server, and protocol security appropriate to the level required by an organisation.It applies to individuals employed as web maintenance staff who are required to ensure that a website meets basic security requirements.No licensing, legislative or certification requirements apply to this unit at the time of publication.
Duration and Setting X weeks, nominally xx hours, delivered in a classroom/online/blended learning setting.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances should be typical of those experienced in the website technologies field of work, and include access to:

special purpose tools, equipment, materials

industry software packages

a basic website and web servers

the organisational requirements documentation

website manuals and instructions.

Assessors must satisfy NVR/AQTF assessor requirements.
Prerequisites/co-requisites
Competency Field
Development and validation strategy and guide for assessors and learners Student Learning Resources Handouts
Activities 		Slides
PPT 		Assessment 1 Assessment 2 Assessment 3 Assessment 4
Elements of Competency Performance Criteria              
Element: Determine business security requirements
  • Identify the level of security required based on the business, and the commercial intent of the website
  • Identify whether password protection is needed for the site, or part of the site
  • Decide on minimum or maximum password protection solutions, based on the business requirements
       
Element: Ensure web server security
  • Ensure that the web server password is obscure and non-traceable
  • Install and maintain an effective intrusion detection system, according to business requirements
  • Ensure that user accounts have only the required permissions on the server
  • Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory
  • Ensure that web forms check data before passing it to the server
       
Element: Ensure protocol security
  • Protect the fixed internet connection, and the internet protocol (IP) address
  • Protect shared network resources from intrusion, according to business requirements
  • Ensure that personal computer (PC) protocols and preferences follow security protocols
  • Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing
  • Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled
       


Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Determine business security requirements

1.1 Identify the level of security required based on the business, and the commercial intent of the website

1.2 Identify whether password protection is needed for the site, or part of the site

1.3 Decide on minimum or maximum password protection solutions, based on the business requirements

2. Ensure web server security

2.1 Ensure that the web server password is obscure and non-traceable

2.2 Install and maintain an effective intrusion detection system, according to business requirements

2.3 Ensure that user accounts have only the required permissions on the server

2.4 Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory

2.5 Ensure that web forms check data before passing it to the server

3. Ensure protocol security

3.1 Protect the fixed internet connection, and the internet protocol (IP) address

3.2 Protect shared network resources from intrusion, according to business requirements

3.3 Ensure that personal computer (PC) protocols and preferences follow security protocols

3.4 Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing

3.5 Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled

Evidence of the ability to:

identify the level of security required by the business for the website

implement password protection solutions, for the website and the server

install and maintain, an intrusion detection system

implement protocol security.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

outline the client business domain, including the client organisation structure and business functionality

identify current industry-accepted hardware and software products

outline desktop applications and operating systems, as required

describe firewall functionality

describe hypertext transfer protocol (HTTP) and disk and executing monitor tools (daemons)

outline the range of security protocols, including:

secure socket layer (SSL)

point-to-point network tunnelling protocol (PPTP)

layer 2 tunnelling protocol (L2TP)

define security patches

explain specific purpose security computers, acting as bastion hosts

explain web-server operating systems.

Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assignment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)

Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Determine business security requirements

1.1 Identify the level of security required based on the business, and the commercial intent of the website

1.2 Identify whether password protection is needed for the site, or part of the site

1.3 Decide on minimum or maximum password protection solutions, based on the business requirements

2. Ensure web server security

2.1 Ensure that the web server password is obscure and non-traceable

2.2 Install and maintain an effective intrusion detection system, according to business requirements

2.3 Ensure that user accounts have only the required permissions on the server

2.4 Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory

2.5 Ensure that web forms check data before passing it to the server

3. Ensure protocol security

3.1 Protect the fixed internet connection, and the internet protocol (IP) address

3.2 Protect shared network resources from intrusion, according to business requirements

3.3 Ensure that personal computer (PC) protocols and preferences follow security protocols

3.4 Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing

3.5 Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Identify the level of security required based on the business, and the commercial intent of the website 
Identify whether password protection is needed for the site, or part of the site 
Decide on minimum or maximum password protection solutions, based on the business requirements 
Ensure that the web server password is obscure and non-traceable 
Install and maintain an effective intrusion detection system, according to business requirements 
Ensure that user accounts have only the required permissions on the server 
Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory 
Ensure that web forms check data before passing it to the server 
Protect the fixed internet connection, and the internet protocol (IP) address 
Protect shared network resources from intrusion, according to business requirements 
Ensure that personal computer (PC) protocols and preferences follow security protocols 
Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing 
Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled 

Forms

Assessment Cover Sheet

ICTWEB408 - Ensure basic website security
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:

Assessment Record Sheet

ICTWEB408 - Ensure basic website security

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: