Application
This unit describes the skills and knowledge required to implement advanced server security using secure authentication and network services on a network server.
It applies to individuals working as information and communications technology (ICT) network specialists, ICT network engineers, network security specialists, network security planners and network security designers.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Plan advanced network server security according to business needs | 1.1 Consult with client and key stakeholders to identify security requirements in an advanced network server environment 1.2 Analyse and review existing client security documentation and predict network service vulnerabilities 1.3 Research network authentication and network service configuration options and implications to produce network security solutions 1.4 Ensure features and capabilities of network service security options meet the business needs 1.5 Produce or update server security design documentation to include new solutions 1.6 Obtain sign-off for the security design from the appropriate person |
2. Prepare for Network server security implementation | 2.1 Prepare for work in line with site-specific safety requirements and enterprise occupational health and safety (OHS) processes and procedures 2.2 Identify safety hazards and implement risk control measures in consultation with appropriate personnel 2.3 Consult appropriate person to ensure the task is coordinated effectively with others involved at the worksite 2.4 Back up server before implementing configuration changes |
3. Configure the advanced network server security according to design | 3.1 Configure update services to provide automatic updates to ensure maximum security and reliability 3.2 Configure network authentication, authorisation and accounting services to log and prevent unauthorised access to the server 3.3 Configure basic service security and access control lists to limit access to authorised users, groups or networks 3.4 Implement encryption as required by the design 3.5 Configure advanced network service security options for services and remote access 3.6 Configure the operating system or third-party firewall to filter traffic in line with security requirements 3.7 Ensure security of server logs and log servers are appropriately implemented for system integrity 3.8 Implement backup and recovery methods to enable restoration capability in the event of a disaster |
4. Monitor and test network server security | 4.1 Test server to assess the effectiveness of network service security according to agreed design plan 4.2 Monitor server logs, network traffic and open ports to detect possible intrusions 4.3 Monitor important files to detect unauthorised modifications 4.4 Investigate and verify alleged violations of server or data security and privacy breaches 4.5 Recover from, report and document security breaches according to security policies and procedures 4.6 Evaluate monitored results and reports to implement and test improvement actions required to maintain the required level of network service security |
Evidence of Performance
Evidence of the ability to:
identify network service security vulnerabilities and appropriate controls
plan, design and configure a secure network authentication service
secure a wide range of network services to ensure server and data security, including:
dynamic name system (DNS)
web and proxy
file transfer protocol (FTP)
firewall
implement cryptographic techniques
monitor the server for security breaches.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
explain auditing and penetration testing techniques
summarise best practice procedures for implementing backup and restore
outline cryptographic techniques
clarify the procedures for error and event logging and reporting
explain intrusion detection and recovery procedures
outline network service configuration, including:
DNS
dynamic host configuration protocol (DHCP)
web
FTP
server messages block (SMB)
network time protocol (NTP)
proxy
summarise network service security features, options and limitations
outline network service vulnerabilities
summarise operating system help and support utilities
describe planning, configuration, monitoring and troubleshooting techniques
outline security protection mechanisms
summarise security threats and risks
explain server firewall configuration
explain server monitoring and troubleshooting tools and techniques, including network monitoring and diagnostic utilities
summarise user authentication and directory services.
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the networking industry, and include access to:
a site where server installation may be conducted
relevant server specifications
cabling
networked (LAN) computers
server diagnostic software
switch
client requirements
WAN service point of presence
workstations
relevant regulatory documentation that impacts on installation activities.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.2, 1.3, 3.6, 4.1, 4.3, 4.5, 4.6 | Recognises and interprets technical enterprise security procedures, policies, specifications, and vendor notifications to determine and confirm job requirements |
Writing | 1.5, 4.5 | Develops a broad range of material including security reports for a specific audience, using clear and detailed language to convey explicit information, requirements and recommendations |
Oral Communication | 1.1, 2.2, 2.3, 4.5 | Uses listening and questioning skills to confirm understanding for requirements Articulates clearly, using specific and relevant language suitable to audience, and participates in verbal exchanges of ideas and solutions |
Interact with others | 1.6 | Actively identifies the requirements of important communication exchanges, selecting appropriate channels, format, tone and content to suit purpose and audience |
Navigate the world of work | 2.1 | Keeps up to date on changes to legislation or regulations relevant to own rights and responsibilities, and considers implications of these when planning, negotiating and undertaking work |
Get the work done | 1.2, 1.4, 2.2, 2.4, 3.1-3.8, 4.1, 4.2, 4.4-4.6 | Considers the strategic and operational potential of digital trends to achieve work goals, enhance work processes, create opportunities and enhance or reduce risks Uses a broad range of strategies to store, access and organise virtual information, recognising that design choices will influence what information is retrieved and how it may be interpreted and used Is acutely aware of the importance of understanding, monitoring and controlling access to digitally stored and transmitted information May operate from a broad conceptual plan, developing the operational detail in stages, regularly reviewing priorities and performance during implementation, and identifying and addressing issues Uses nuanced understanding of context to detect, investigate and recover from security breaches |
Sectors
Networking