Title ICT60215 Advanced Diploma of Network Security

Assessment Details Qualification Code/Title ICT60215 Advanced Diploma of Network Security Assessment Type Assessment -02 ( Practical Demonstration) Time allowed Due Date Location AHIC Term / Year Student Details Student Name Student ID Unit of Competency National Code/Title ICTNWK608 Configure network devices for a secure network infrastructure Student Declaration: I declare that the work submitted is my own, and has not been copied or plagiarised from any person or source. Signature: Date: Assessor Details Assessor’s Name RESULTS (Please Circle) SATISFACTORY NOT SATISFACTORY Feedback to student: ………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………… Student Declaration: I declare that I have been assessed in this unit, and I have been advised of my result. I am also aware of my appeal rights. Signature: _______________________________ Date: ______/_______/___________ Assessor Declaration: I declare that I have conducted a fair, valid, reliable and flexible assessment with this student, and I have provided appropriate feedback. Signature: ___________________________________ Date: ______/_______/___________ Instructions to the Candidates ? This assessment is to be completed according to the instructions given below in this document. ? Should you not answer the tasks correctly, you will be given feedback on the results and gaps in knowledge. You will be entitled to one (1) resubmit in showing your competence with this unit. ? If you are not sure about any aspect of this assessment, please ask for clarification from your assessor. ? Please refer to the College re-submission and re-sit policy for more information. ? If you have questions and other concerns that may affect your performance in the Assessment, please inform the assessor immediately. ? Please read the Tasks carefully then complete all Tasks. ? To be deemed competent for this unit you must achieve a satisfactory result with tasks of this Assessment along with a satisfactory result for the Assessment. ? This is an Open book assessment which you will do in your own time but complete in the time designated by your assessor. Remember, that it must be your own work and if you use other sources then you must reference these appropriately ? Submitted document must follow the given criteria. Font must be Times New Roman, Font size need to be 12, line spacing has to be Single line and Footer of submitted document must include Student ID, Student Name and Page Number. Document must be printed double sided. ? This is Individual Assessments. Once you have completed the assessment, please upload the softcopy of the Assessment into AHIC Moodle. ? Plagiarism is copying someone else’s work and submitting it as your own. Any Plagiarism will result in a mark of Zero. Assessment 02 – Practical Demonstration Practical 1: Implementing Layer 2 Security Objectives 1. Assign the Central switch as the root bridge. 2. Secure spanning-tree parameters to prevent STP manipulation attacks. 3. Enable storm control to prevent broadcast storms. 4. Enable port security to prevent MAC address table overflow attacks. Senario: There have been a number of attacks on the network recently. For this reason, the network administrator has assigned you the task of configuring Layer 2 security. For optimum performance and security, the administrator would like to ensure that the root bridge is the 3560 Central switch. To prevent against spanning-tree manipulation attacks, the administrator wants to ensure that the STP parameters are secure. In addition, the network administrator would like to enable storm control to prevent broadcast storms. Finally, to prevent against MAC address table overflow attacks, the network administrator has decided to configure port security to limit the number of MAC addresses that can be learned per switch port. If the number of MAC addresses exceeds the set limit, the administrator would like for the port to be shutdown. All devices have been preconfigured with: ? Enable secret password: ciscoenpa55 ? Console password: ciscoconpa55 ? VTY line password: ciscovtypa55 Your Tasks: Task 1: Verify Connectivity Task 2: Create a Redundant Link Between SW-1 and SW-2 Task 3: Enable VLAN 20 as a Management VLAN Task 4: Enable the Management PC to Access Router R1 Practical 2: Configure IOS Intrusion Prevention System (IPS) using CLI on Cisco routers Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 10.1.1.1 255.255.255.0 N/A R2 S0/0/0 (DCE) 10.1.1.2 255.255.255.0 N/A S0/0/1 (DCE) 10.2.2.1 255.255.255.0 N/A R3 G0/1 192.168.3.1 255.255.255.0 N/A S0/0/0 10.2.2.2 255.255.255.0 N/A Syslog Server NIC 192.168.1.50 255.255.255.0 192.168.1.1 PC-A NIC 192.168.1.2 255.255.255.0 192.168.1.1 22/01/2021 62893 – Assessment DetailsQualification Code/Title ICT60215 Advanced https://www.nursinggeeks.com/Recent_Question/62893/Assessment-DetailsQualification-Code-Title-ICT60215 3/5 PC-C NIC 192.168.3.2 255.255.255.0 192.168.3.1 Learning Objectives 1. Enable IOS IPS. 2. Configure logging. 3. Modify an IPS signature. 4. Verify IPS. Senario: Your task is to configure router R1 for IPS in order to scan traffic entering the 192.168.1.0 network. The server labeled ‘Syslog Serve’ is used to log IPS messages. You must configure the router to identify the syslog server in order to receive logging messages. Displaying the correct time and date in syslog messages is vital when using syslog to monitor the network. Set the clock and configure timestamp service for logging on the routers. Finally, enable IPS to produce an alert and drop ICMP echo reply packets inline. The server and PCs have been preconfigured. The routers have also been preconfigured with the following: ? Enable password: ciscoenpa55 ? Console password: ciscoconpa55 ? SSH username and password: SSHadmin / ciscosshpa55 ? OSPF 101 Your Tasks: Task 1: Enable IOS IPS Task 2: Modify the Signature Practical 3: Configuring a Zone-Based Policy Firewall (ZPF) on Cisco routers Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 10.1.1.1 255.255.255.252 N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A S0/0/1 10.2.2.2 255.255.255.252 N/A R3 G0/1 192.168.3.1 255.255.255.0 N/A S0/0/1 10.2.2.1 255.255.255.252 N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1 Learning Objectives 1. Verify connectivity among devices before firewall configuration. 2. Configure a zone-based policy (ZPF) firewall on router R3. 3. Verify ZPF firewall functionality using ping, SSH and a web browser. Senario: Zone-based policy (ZPF) firewalls are the latest development in the evolution of Cisco firewall technologies. In this activity, you configure a basic ZPF on an edge router R3 that allows internal hosts access to external resources and blocks external hosts from accessing internal resources. You then verify firewall functionality from internal and external hosts. The routers have been pre-configured with the following: ? Console password: ciscoconpa55 ? Password for vty lines: ciscovtypa55 ? Enable password: ciscoenpa55 ? Host names and IP addressing ? Local username and password: Admin / Adminpa55 ? Static routing Your Tasks: Task 1: Verify Basic Network Connectivity Task 2: Create the Firewall Zones on Router R3 Task 3: Define a Traffic Class and Access List Task 4: Specify Firewall Policies Task 5: Apply Firewall Policies Task 6: Test Firewall Functionality from IN-ZONE to OUT-ZONE Task 7: Test Firewall Functionality from OUT-ZONE to IN-ZONE Practical 4: Configuring Context-Based Access Control (CBAC) on Cisco routers Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 Fa0/1 192.168.1.1 255.255.255.0 N/A S0/0/0 10.1.1.1 255.255.255.252 N/A R2 S0/0/0 10.1.1.2 255.255.255.252 N/A S0/0/1 10.2.2.2 255.255.255.252 N/A R3 Fa0/1 192.168.3.1 255.255.255.0 N/A S0/0/1 10.2.2.1 255.255.255.252 N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1 Learning Objectives 1. Verify connectivity among devices before firewall configuration. 2. Configure an IOS firewall with CBAC on router R3. 3. Verify CBAC functionality using ping, Telnet, and HTTP. Senario: Context-Based Access Control (CBAC) is used to create an IOS firewall. In this activity, you will create a basic CBAC configuration on edge router R3. R3 provides access to resources outside of the network for hosts on the inside network. R3 blocks external hosts from accessing internal resources. After the configuration is complete, you will verify firewall functionality from internal and external hosts. The routers have been pre-configured with the following: ? Enable password: ciscoenpa55 ? Password for console: ciscoconpa55 ? Password for VTY lines: ciscosshpa55 ? IP addressing ? Static routing 22/01/2021 62893 – Assessment DetailsQualification Code/Title ICT60215 Advanced https://www.nursinggeeks.com/Recent_Question/62893/Assessment-DetailsQualification-Code-Title-ICT60215 4/5 ? All switch ports are in VLAN 1 for switches S1 and S3 Your Tasks: Task 1: Block Traffic From Outside Task 2: Create a CBAC Inspection Rule Task 3: Verify Firewall Functionality Task 4: Review CBAC Configuration Practical 5: Configure and Verify a Site-to-Site IPsec VPN using CLI on Cisco routers Addressing Table Device Interface IP Address Subnet Mask R1 G0/0 192.168.1.1 255.255.255.0 S0/0/0 (DCE) 10.1.1.2 255.255.255.252 R2 S0/0/0 10.1.1.1 255.255.255.252 G0/0 192.168.2.1 255.255.255.0 S0/0/1(DCE) 10.2.2.1 255.255.255.252 R3 S0/0/1 10.2.2.2 255.255.255.252 G0/0 192.168.3.1 255.255.255.0 PC-A NIC 192.168.1.3 255.255.255.0 PC-B NIC 192.168.2.3 255.255.255.0 PC-C NIC 192.168.3.3 255.255.255.0 Learning Objectives • Verify connectivity throughout the network. • Configure router R1 to support a site-to-site IPsec VPN with R3. Senario: The network topology shows three routers. Your task is to configure routers R1 and R3 to support a site-to-site IPsec VPN when traffic flows from their respective LANs. The IPsec VPN tunnel is from router R1 to router R3 via R2. R2 acts as a pass-through and has no knowledge of the VPN. IPsec provides secure transmission of sensitive information over unprotected networks such as the Internet. IPsec acts at the network layer, protecting and authenticating IP packets between participating IPsec devices (peers), such as Cisco routers. ISAKMP Phase 1 Policy Parameters Parameters R1 R3 Key distribution method Manual or ISAKMP ISAKMP ISAKMP Encryption algorithm DES, 3DES, or AES AES AES Hash algorithm MD5 or SHA-1 SHA-1 SHA-1 Authentication method Pre-shared keys or RSA pre-share pre-share Key exchange DH Group 1, 2, or 5 DH 2 DH 2 IKE SA Lifetime 86400 seconds or less 86400 86400 ISAKMP Key vpnpa55 vpnpa55 Bolded parameters are defaults. Only unbolded parameters have to be explicitly configured. IPsec Phase 2 Policy Parameters Parameters R1 R3 Transform Set Name VPN-SET VPN-SET ESP Transform Encryption esp-aes esp-aes ESP Transform Authentication esp-sha-hmac esp-sha-hmac Peer IP Address 10.2.2.2 10.1.1.2 Traffic to be encrypted access-list 110 (source 192.168.1.0 dest 192.168.3.0) access-list 110 (source 192.168.3.0 dest 192.168.1.0) Crypto Map name VPN-MAP VPN-MAP SA Establishment ipsec-isakmp ipsec-isakmp The routers have been pre-configured with the following: • Password for console line: ciscoconpa55 • Password for vty lines: ciscovtypa55 • Enable password: ciscoenpa55 • OSPF 101 • SSH username and password: SSHadmin / ciscosshpa55 Your Tasks: Task 1: Configure IPsec parameters on R1 Task 2: Configure IPsec Parameters on R3 Task 3: Verify the IPsec VPN

Is this the question you were looking for? If so, place your order here to get started!

Related posts

New Technologies in Nursing

New Technologies in Nursing New Technologies in Nursing Introduction The current nursing technologies have transformed how nurses conduct their duties. Evidently, such technologies and new healthcare systems have endured establishing better services to patients. According to the reports of...