Design and implement a security system

Formats and tools

Unit Description
Reconstruct the unit from the xml and display it as an HTML page.
Assessment Tool
an assessor resource that builds a framework for writing an assessment tool
Assessment Template
generate a spreadsheet for marking this unit in a classroom environment. Put student names in the top row and check them off as they demonstrate competenece for each of the unit's elements and performance criteria.
Assessment Matrix
a slightly different format than the assessment template. A spreadsheet with unit names, elements and performance criteria in separate columns. Put assessment names in column headings to track which performance criteria each one covers. Good for ensuring that you've covered every one of the performance criteria with your assessment instrument (all assessement tools together).
Wiki Markup
mark up the unit in a wiki markup codes, ready to copy and paste into a wiki page. The output will work in most wikis but is designed to work particularly well as a Wikiversity learning project.
Evidence Guide
create an evidence guide for workplace assessment and RPL applicants
Competency Mapping Template
Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners. A template for developing assessments for a unit, which will help you to create valid, fair and reliable assessments for the unit, ready to give to trainers and students
Observation Checklist
create an observation checklist for workplace assessment and RPL applicants. This is similar to the evidence guide above, but a little shorter and friendlier on your printer. You will also need to create a seperate Assessor Marking Guide for guidelines on gathering evidence and a list of key points for each activity observed using the unit's range statement, required skills and evidence required (see the unit's html page for details)

Self Assessment Survey
A form for students to assess thier current skill levels against each of the unit's performance criteria. Cut and paste into a web document or print and distribute in hard copy.
Moodle Outcomes
Create a csv file of the unit's performance criteria to import into a moodle course as outcomes, ready to associate with each of your assignments. Here's a quick 'how to' for importing these into moodle 2.x
Registered Training Organisations
Trying to find someone to train or assess you? This link lists all the RTOs that are currently registered to deliver ICANWK601A, 'Design and implement a security system'.
Google Links
links to google searches, with filtering in place to maximise the usefulness of the returned results
Reference books for 'Design and implement a security system' on This online store has a huge range of books, pretty reasonable prices, free delivery in Australia *and* they give a small commission to for every purchase, so go nuts :)

Elements and Performance Criteria

1. Assess the security threats facing network Infrastructure

1.1 Evaluate mitigation methods for network attacks and different types of malware

1.2 Propose a methodical concept of defending network architecture

2. Secure edge devices (routers)

2.1 Secure network routers using software tools

2.2 Secure administration access to routers using the router operating system (OS)

2.3 Secure router OS and its configuration file(s)

3. Implement authentication, authorisation and accounting (AAA) and secure access control system (ACS)

3.1 Evaluate and implement the functions and importance of authentication, authorisation and accounting

3.2 Configure the router using AAA

3.3 Analyse and compare the features of TACACS+ and RADIUS AAA protocols for securing the network

4. Mitigate threats to routers and networks using access control lists (ACLs)

4.1 Assess the functionality of access control lists and document the caveats to be considered when building them

4.2 Configure and verify IP ACLs to mitigate threats and to prevent IP address spoofing using tools

5. Implement secure network management and reporting

5.1 Configure secure shell (SSH) on routers to enable secure management

5.2 Configure routers to send log messages to a log server with tools

6. Mitigate common layer 2 attacks

6.1 Document how to prevent layer 2 attacks by configuring basic switch security and features

6.2 Configure switch to prevent layer 2 attacks

7. Implement the router OS firewall-feature set

7.1 Evaluate and compare the operational strategies and weaknesses of the different firewall technologies

7.2 Implement zone-based firewall to strategically secure group of interfaces

8. Implement the intrusion detection and prevention system (IDPS) feature set in the router OS using secure device manager (SDM)

8.1 Evaluate and compare network based versus host based IDPS to identify malicious activity, log information, attempt to block/stop activity, and report activity

8.2 Explain IDPS technologies, attack responses and monitoring options

8.3 Configure the router OS IDPS operations using secure device manager to monitor network and system activities for malicious activity

9. Implement site-to-site virtual private networks (VPNs) using SDM

9.1 Assess the different methods used in cryptography

9.2 Evaluate internet key exchange (IKE) protocol functionality and phases to support authentication and define the binding blocks of IPSec and the security functions it provides

9.3 Configure and verify an IPSec site-to-site VPN with pre-shared key (PSK) authentication to provide a secure channel between the two parties