ICTNWK416
Build security into virtual private networks


Application

This unit describes the skills and knowledge required to build security into a virtual private network (VPN).

It applies to individuals with competent information and communications technology (ICT) skills and who are working in the network area and are required to ensure that VPNs contain required security.

No licensing, legislative or certification requirements apply to this unit at the time of publication.


Elements and Performance Criteria

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Configure router to provide for network security monitoring and management

1.1 Create and apply audit rules consistent with policies, standards, protocols and management systems

1.2 Configure router to provide appropriate level of asset security and monitoring of security consistent with commercial and business requirements

1.3 Monitor and manage system to assess the level of security and attempts to breach security of framework components

1.4 Employ appropriate hardware and software to monitor and address security issues and provide VPN solutions

2. Secure a site-to-site VPN

2.1 Configure internet key exchange (IKE) and internet protocol security (IPSec)

2.2 Configure site-to-site IPSec VPN using pre-shared keys

2.3 Configure site-to-site IPSec VPN using digital certificates

3. Secure a remote access VPN

3.1 Configure a VPN server

3.2 Install and administer a router management console

3.3 Develop documentation on current system settings and framework components, and file securely for future reference

Evidence of Performance

Evidence of the ability to:

configure a router to provide the required security

implement and maintain security functionality for a virtual private network (VPN), including:

site to site VPN

remote access VPN

produce security documentation.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.


Evidence of Knowledge

To complete the unit requirements safely and effectively, the individual must:

outline the characteristics of a VPN system, including:

site to site

remote access systems

network protocols and operating systems relevant to VPN, including its features, issues and functions

describe the security requirements for a VPN, including:

auditing and penetration testing techniques

configuration of routers and switches

security protocols, standards and data encryption

processes and techniques related to security perimeters and their functions

security threats, including eavesdropping, data interception, data corruption and data falsification

transmission control protocol or internet protocol (TCP/IP) protocols and applications audit and intrusion detection systems

authentication issues

recognise and describe the differences between common networks, including:

local area network (LAN)

wireless local area network (WLAN)

wide area networks (WAN)

identify and describe organisational issues surrounding:

security cryptography

screened subnets

virus detection software.


Assessment Conditions

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

network technical requirements

network infrastructure, including servers and security hardware and software.

Assessors must satisfy NVR/AQTF assessor requirements.


Foundation Skills

This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.

Skill

Performance Criteria

Description

Reading

1.1

Gathers, interprets and analyses current industry rules from a range of sources and identifies relevant and key information

Writing

1.1, 3.3

Prepares workplace documentation that incorporates an evaluation of information and specialised and cohesive language in a format and style appropriate to a specific audience

Navigate the world of work

1.1

Recognises and follows explicit and implicit protocols, and meets expectations associated with own role

Get the work done

1.2-1.4, 2.1-2.3, 3.1-3.3

Uses a combination of formal, logical planning processes and an increasingly intuitive understanding of context to identify relevant information and risks

Understands the importance of secure information in relation to own work and takes personal responsibility for identifying and managing risk

Understands the purposes, specific functions and key features of common digital systems and tools, and operates them effectively to complete routine tasks

Initiates standard procedures when responding to familiar problems within the immediate context


Sectors

Networking