NTISthis.com

Evidence Guide: ICANWK607A - Design and implement wireless network security

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICANWK607A - Design and implement wireless network security

What evidence can you provide to prove your understanding of each of the following citeria?

Plan to implement wireless network security

  1. Research and evaluate organisational and regulatory security policies that have been used to benchmark acceptable network security standards
  2. Assess customer requirements and needs against regulatory security compliance and OHS considerations
  3. Produce a plan with security-solution documentation for future growth and security needs
Research and evaluate organisational and regulatory security policies that have been used to benchmark acceptable network security standards

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assess customer requirements and needs against regulatory security compliance and OHS considerations

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Produce a plan with security-solution documentation for future growth and security needs

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Design, implement and test guest access services

  1. Analyse and select the appropriate architecture for guest access services
  2. Produce a map and set up guest access accounts
  3. Configure WLAN controller authorisation
  4. Configure the anchor and internal controllers
  5. Troubleshoot guest access issues
Analyse and select the appropriate architecture for guest access services

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Produce a map and set up guest access accounts

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Configure WLAN controller authorisation

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Configure the anchor and internal controllers

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Troubleshoot guest access issues

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Design, implement and test the security of wireless client devices

  1. Design and configure authentication of clients and management frame protection on clients and controllers
  2. Configure access control servers for integration with wireless network
  3. Configure client and server-side digital certificate services
  4. Troubleshoot secure wireless connectivity services
Design and configure authentication of clients and management frame protection on clients and controllers

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Configure access control servers for integration with wireless network

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Configure client and server-side digital certificate services

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Troubleshoot secure wireless connectivity services

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Design, implement and test the integration of wireless network with organisational network admission control systems

  1. Analyse network admission control architectures to assess the feasibility of network integration
  2. Analyse the high-level authentication process flow to ensure compatible integration
  3. Configure and test the wireless controller for admission control
  4. Troubleshoot integration issues of network with access control
Analyse network admission control architectures to assess the feasibility of network integration

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse the high-level authentication process flow to ensure compatible integration

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Configure and test the wireless controller for admission control

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Troubleshoot integration issues of network with access control

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Evaluate and plan secure wireless connectivity services

  1. Configure the intrusion detection system (IDS) to monitor the network activities for malicious activities or policy violations
  2. Analyse the report produced by the IDS to review threat-mitigation strategies
  3. Update security solution plan to mitigate wireless vulnerabilities to ensure network integrity
Configure the intrusion detection system (IDS) to monitor the network activities for malicious activities or policy violations

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse the report produced by the IDS to review threat-mitigation strategies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Update security solution plan to mitigate wireless vulnerabilities to ensure network integrity

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Manage the requirements to integrate the WLAN with advanced security platforms

  1. Evaluate end-to-end security solutions and assess how they integrate with the planned wireless solutions
  2. Analyse the firewall configuration requirements of WLANs to ensure compliance with organisational policies
  3. Configure and test the WLAN controllers for wired and wireless intrusion prevention and detection system (IPDS) security protection
Evaluate end-to-end security solutions and assess how they integrate with the planned wireless solutions

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse the firewall configuration requirements of WLANs to ensure compliance with organisational policies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Configure and test the WLAN controllers for wired and wireless intrusion prevention and detection system (IPDS) security protection

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to:

conduct research and produce security solutions plan

evaluate, design and implement a WLAN site security plan

evaluate end-to-end security solutions and assess their integrate with the planned wireless solutions

use network tools to test wireless controllers and IPDS solutions.

Context of and specific resources for assessment

Assessment must ensure access to:

site or prototype where network installation may be conducted

hardware and software

organisational guidelines

live network

stand-alone and lightweight WLAN controllers and AP

hardware and software WLAN site survey tools

hardware and software IDS and IPS

appropriate learning and assessment support when required

modified equipment for people with special needs.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

direct observation of the candidate installing, configuring and testing a new or updated network

evaluation of documentation prepared by the candidate outlining testing procedures, test results, recommendation to network changes and completion records

verbal or written questioning of required knowledge.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, where appropriate.

Assessment processes and techniques must be culturally appropriate, and suitable to the communication skill level, language, literacy and numeracy capacity of the candidate and the work being performed.

Indigenous people and other people from a non-English speaking background may need additional support.

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge.

Required Skills and Knowledge

Required skills

communication skills to liaise with internal and external personnel on technical, operational and business-related matters

literacy skills to:

interpret technical documentation

write reports as required

numeracy skills to:

evaluate performance and interoperability of network

interpret results

take test measurements

planning and organisational skills to:

coordinate the process in liaison with others

plan, prioritise and monitor own work

problem-solving and contingency-management skills to:

adapt configuration procedures to requirements of network

reconfigure depending on differing operational contingencies, risk situations and environments

troubleshoot and debug WLAN issues

research skills to investigate appropriate hardware to meet requirements

technical skills to:

select and configure networking devices and assess and implement security requirements

use networking tools.

Required knowledge

configuration, verification and troubleshooting procedures to undertake:

router operation and routing

VLAN switching and inter-switching communications

IOS and IP networking models

intrusion prevention system (IPS) and IDS security protection

threat mitigation strategies

wireless:

current regulations, standards and certifications

deployment schemes

network security technology

network topologies, architectures and elements

networking protocols

WLAN:

advanced security platforms

devices and their specification and use

radio frequencies characteristics and their measuring techniques.

Range Statement

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Security-solution documentation may include:

equipment inventory

naming standards

project management templates and report writing

satisfaction reports

standards:

International Organization for Standardization (ISO)

International Electrotechnical Commission (IEC)

Australian Standards (AS)

version control.

Guest access services may include:

anchor

bandwidth limiting

demilitarised zone or perimeter network (DMZ)

redundancy

scaling

VLAN-based

wired guest access.

Authorisation may include:

authentication

email

external

internal

pass through.

Wireless network may include:

cellular network

mobile services

paging network

wireless LAN (WLAN).

Architectures may include:

agent versus agent

in-band

out-of-band.

Threat-mitigation strategies may include:

client exclusions

custom signature

rogue reporting and location

signature

switch-port tracing.

Wireless vulnerabilities may include:

anomalous behaviour attacks

client misconfiguration

denial of service (DoS)

eavesdropping

hijacking

radio frequency (RF) jamming

signature attacks

social engineering.

Firewall configuration requirements may include:

access control list (ACL)

demilitarised zone (DMZ)

IP port pass-through.