NTISthis.com

Evidence Guide: ICTWEB408 - Ensure basic website security

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTWEB408 - Ensure basic website security

What evidence can you provide to prove your understanding of each of the following citeria?

Determine business security requirements

  1. Identify the level of security required based on the business, and the commercial intent of the website
  2. Identify whether password protection is needed for the site, or part of the site
  3. Decide on minimum or maximum password protection solutions, based on the business requirements
Identify the level of security required based on the business, and the commercial intent of the website

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify whether password protection is needed for the site, or part of the site

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Decide on minimum or maximum password protection solutions, based on the business requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Ensure web server security

  1. Ensure that the web server password is obscure and non-traceable
  2. Install and maintain an effective intrusion detection system, according to business requirements
  3. Ensure that user accounts have only the required permissions on the server
  4. Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory
  5. Ensure that web forms check data before passing it to the server
Ensure that the web server password is obscure and non-traceable

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Install and maintain an effective intrusion detection system, according to business requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Ensure that user accounts have only the required permissions on the server

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Ensure that web forms check data before passing it to the server

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Ensure protocol security

  1. Protect the fixed internet connection, and the internet protocol (IP) address
  2. Protect shared network resources from intrusion, according to business requirements
  3. Ensure that personal computer (PC) protocols and preferences follow security protocols
  4. Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing
  5. Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled
Protect the fixed internet connection, and the internet protocol (IP) address

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Protect shared network resources from intrusion, according to business requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Ensure that personal computer (PC) protocols and preferences follow security protocols

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Determine business security requirements

1.1 Identify the level of security required based on the business, and the commercial intent of the website

1.2 Identify whether password protection is needed for the site, or part of the site

1.3 Decide on minimum or maximum password protection solutions, based on the business requirements

2. Ensure web server security

2.1 Ensure that the web server password is obscure and non-traceable

2.2 Install and maintain an effective intrusion detection system, according to business requirements

2.3 Ensure that user accounts have only the required permissions on the server

2.4 Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory

2.5 Ensure that web forms check data before passing it to the server

3. Ensure protocol security

3.1 Protect the fixed internet connection, and the internet protocol (IP) address

3.2 Protect shared network resources from intrusion, according to business requirements

3.3 Ensure that personal computer (PC) protocols and preferences follow security protocols

3.4 Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing

3.5 Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled

Required Skills and Knowledge

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Determine business security requirements

1.1 Identify the level of security required based on the business, and the commercial intent of the website

1.2 Identify whether password protection is needed for the site, or part of the site

1.3 Decide on minimum or maximum password protection solutions, based on the business requirements

2. Ensure web server security

2.1 Ensure that the web server password is obscure and non-traceable

2.2 Install and maintain an effective intrusion detection system, according to business requirements

2.3 Ensure that user accounts have only the required permissions on the server

2.4 Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory

2.5 Ensure that web forms check data before passing it to the server

3. Ensure protocol security

3.1 Protect the fixed internet connection, and the internet protocol (IP) address

3.2 Protect shared network resources from intrusion, according to business requirements

3.3 Ensure that personal computer (PC) protocols and preferences follow security protocols

3.4 Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing

3.5 Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled

Evidence of the ability to:

identify the level of security required by the business for the website

implement password protection solutions, for the website and the server

install and maintain, an intrusion detection system

implement protocol security.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

outline the client business domain, including the client organisation structure and business functionality

identify current industry-accepted hardware and software products

outline desktop applications and operating systems, as required

describe firewall functionality

describe hypertext transfer protocol (HTTP) and disk and executing monitor tools (daemons)

outline the range of security protocols, including:

secure socket layer (SSL)

point-to-point network tunnelling protocol (PPTP)

layer 2 tunnelling protocol (L2TP)

define security patches

explain specific purpose security computers, acting as bastion hosts

explain web-server operating systems.