Title ICT60215 Advanced Diploma of Network Security – Essaylink

Posted on | by HA

Assessment Details
Qualification Code/Title ICT60215 Advanced Diploma of Network Security
Assessment Type Assessment -02 ( Practical Demonstration) Time allowed
Due Date Location AHIC Term / Year
Student Details
Student Name Student ID
Unit of Competency
National Code/Title ICTNWK608 Configure network devices for a secure network infrastructure
Student Declaration: I declare that the work submitted is my own, and has not been copied or plagiarised from any person or source. Signature:
Date:
Assessor Details
Assessor’s Name
RESULTS (Please Circle) SATISFACTORY NOT SATISFACTORY
Feedback to student:
…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
Student Declaration: I declare that I have been assessed in this unit, and I have been advised of my result. I am also aware of my appeal rights.
Signature: _______________________________
Date: ______/_______/___________
Assessor Declaration: I declare that I have conducted a fair, valid, reliable and flexible assessment with this student, and I have provided appropriate feedback.
Signature: ___________________________________
Date: ______/_______/___________
Instructions to the Candidates
? This assessment is to be completed according to the instructions given below in this document.
? Should you not answer the tasks correctly, you will be given feedback on the results and gaps in knowledge. You will be entitled to one (1) resubmit in showing your
competence with this unit.
? If you are not sure about any aspect of this assessment, please ask for clarification from your assessor.
? Please refer to the College re-submission and re-sit policy for more information.
? If you have questions and other concerns that may affect your performance in the Assessment, please inform the assessor immediately.
? Please read the Tasks carefully then complete all Tasks.
? To be deemed competent for this unit you must achieve a satisfactory result with tasks of this Assessment along with a satisfactory result for the Assessment.
? This is an Open book assessment which you will do in your own time but complete in the time designated by your assessor. Remember, that it must be your own
work and if you use other sources then you must reference these appropriately
? Submitted document must follow the given criteria. Font must be Times New Roman, Font size need to be 12, line spacing has to be Single line and Footer of
submitted document must include Student ID, Student Name and Page Number. Document must be printed double sided.
? This is Individual Assessments. Once you have completed the assessment, please upload the softcopy of the Assessment into AHIC Moodle.
? Plagiarism is copying someone else’s work and submitting it as your own. Any Plagiarism will result in a mark of Zero.
Assessment 02 – Practical Demonstration
Practical 1: Implementing Layer 2 Security
Objectives
1. Assign the Central switch as the root bridge.
2. Secure spanning-tree parameters to prevent STP manipulation attacks.
3. Enable storm control to prevent broadcast storms.
4. Enable port security to prevent MAC address table overflow attacks.
Senario:
There have been a number of attacks on the network recently. For this reason, the network administrator has assigned you the task of configuring Layer 2 security.
For optimum performance and security, the administrator would like to ensure that the root bridge is the 3560 Central switch. To prevent against spanning-tree
manipulation attacks, the administrator wants to ensure that the STP parameters are secure. In addition, the network administrator would like to enable storm control to
prevent broadcast storms. Finally, to prevent against MAC address table overflow attacks, the network administrator has decided to configure port security to limit the
number of MAC addresses that can be learned per switch port. If the number of MAC addresses exceeds the set limit, the administrator would like for the port to be
shutdown.
All devices have been preconfigured with:
? Enable secret password: ciscoenpa55
? Console password: ciscoconpa55
? VTY line password: ciscovtypa55
Your Tasks:
Task 1: Verify Connectivity
Task 2: Create a Redundant Link Between SW-1 and SW-2
Task 3: Enable VLAN 20 as a Management VLAN
Task 4: Enable the Management PC to Access Router R1
Practical 2: Configure IOS Intrusion Prevention System (IPS) using CLI on Cisco routers
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
R1 G0/1 192.168.1.1 255.255.255.0 N/A
S0/0/0 10.1.1.1 255.255.255.0 N/A
R2 S0/0/0 (DCE) 10.1.1.2 255.255.255.0 N/A
S0/0/1 (DCE) 10.2.2.1 255.255.255.0 N/A
R3 G0/1 192.168.3.1 255.255.255.0 N/A
S0/0/0 10.2.2.2 255.255.255.0 N/A
Syslog Server NIC 192.168.1.50 255.255.255.0 192.168.1.1
PC-A NIC 192.168.1.2 255.255.255.0 192.168.1.1
22/01/2021 62893 – Assessment DetailsQualification Code/Title ICT60215 Advanced
https://www.australiabesttutors.com/Recent_Question/62893/Assessment-DetailsQualification-Code-Title-ICT60215 3/5
PC-C NIC 192.168.3.2 255.255.255.0 192.168.3.1
Learning Objectives
1. Enable IOS IPS.
2. Configure logging.
3. Modify an IPS signature.
4. Verify IPS.
Senario:
Your task is to configure router R1 for IPS in order to scan traffic entering the 192.168.1.0 network.
The server labeled ‘Syslog Serve’ is used to log IPS messages. You must configure the router to identify the syslog server in order to receive logging messages.
Displaying the correct time and date in syslog messages is vital when using syslog to monitor the network. Set the clock and configure timestamp service for logging
on the routers. Finally, enable IPS to produce an alert and drop ICMP echo reply packets inline.
The server and PCs have been preconfigured. The routers have also been preconfigured with the following:
? Enable password: ciscoenpa55
? Console password: ciscoconpa55
? SSH username and password: SSHadmin / ciscosshpa55
? OSPF 101
Your Tasks:
Task 1: Enable IOS IPS
Task 2: Modify the Signature
Practical 3: Configuring a Zone-Based Policy Firewall (ZPF) on Cisco routers
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
R1 G0/1 192.168.1.1 255.255.255.0 N/A
S0/0/0 10.1.1.1 255.255.255.252 N/A
R2 S0/0/0 10.1.1.2 255.255.255.252 N/A
S0/0/1 10.2.2.2 255.255.255.252 N/A
R3 G0/1 192.168.3.1 255.255.255.0 N/A
S0/0/1 10.2.2.1 255.255.255.252 N/A
PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1
PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1
Learning Objectives
1. Verify connectivity among devices before firewall configuration.
2. Configure a zone-based policy (ZPF) firewall on router R3.
3. Verify ZPF firewall functionality using ping, SSH and a web browser.
Senario:
Zone-based policy (ZPF) firewalls are the latest development in the evolution of Cisco firewall technologies. In this activity, you configure a basic ZPF on an edge
router R3 that allows internal hosts access to external resources and blocks external hosts from accessing internal resources. You then verify firewall functionality from
internal and external hosts.
The routers have been pre-configured with the following:
? Console password: ciscoconpa55
? Password for vty lines: ciscovtypa55
? Enable password: ciscoenpa55
? Host names and IP addressing
? Local username and password: Admin / Adminpa55
? Static routing
Your Tasks:
Task 1: Verify Basic Network Connectivity
Task 2: Create the Firewall Zones on Router R3
Task 3: Define a Traffic Class and Access List
Task 4: Specify Firewall Policies
Task 5: Apply Firewall Policies
Task 6: Test Firewall Functionality from IN-ZONE to OUT-ZONE
Task 7: Test Firewall Functionality from OUT-ZONE to IN-ZONE
Practical 4: Configuring Context-Based Access Control (CBAC) on Cisco routers
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
R1 Fa0/1 192.168.1.1 255.255.255.0 N/A
S0/0/0 10.1.1.1 255.255.255.252 N/A
R2 S0/0/0 10.1.1.2 255.255.255.252 N/A
S0/0/1 10.2.2.2 255.255.255.252 N/A
R3 Fa0/1 192.168.3.1 255.255.255.0 N/A
S0/0/1 10.2.2.1 255.255.255.252 N/A
PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1
PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1
Learning Objectives
1. Verify connectivity among devices before firewall configuration.
2. Configure an IOS firewall with CBAC on router R3.
3. Verify CBAC functionality using ping, Telnet, and HTTP.
Senario:
Context-Based Access Control (CBAC) is used to create an IOS firewall. In this activity, you will create a basic CBAC configuration on edge router R3. R3 provides
access to resources outside of the network for hosts on the inside network. R3 blocks external hosts from accessing internal resources. After the configuration is
complete, you will verify firewall functionality from internal and external hosts.
The routers have been pre-configured with the following:
? Enable password: ciscoenpa55
? Password for console: ciscoconpa55
? Password for VTY lines: ciscosshpa55
? IP addressing
? Static routing
22/01/2021 62893 – Assessment DetailsQualification Code/Title ICT60215 Advanced
https://www.australiabesttutors.com/Recent_Question/62893/Assessment-DetailsQualification-Code-Title-ICT60215 4/5
? All switch ports are in VLAN 1 for switches S1 and S3
Your Tasks:
Task 1: Block Traffic From Outside
Task 2: Create a CBAC Inspection Rule
Task 3: Verify Firewall Functionality
Task 4: Review CBAC Configuration
Practical 5: Configure and Verify a Site-to-Site IPsec VPN using CLI on Cisco routers
Addressing Table
Device Interface IP Address Subnet Mask
R1 G0/0 192.168.1.1 255.255.255.0
S0/0/0 (DCE) 10.1.1.2 255.255.255.252
R2 S0/0/0 10.1.1.1 255.255.255.252
G0/0 192.168.2.1 255.255.255.0
S0/0/1(DCE) 10.2.2.1 255.255.255.252
R3 S0/0/1 10.2.2.2 255.255.255.252
G0/0 192.168.3.1 255.255.255.0
PC-A NIC 192.168.1.3 255.255.255.0
PC-B NIC 192.168.2.3 255.255.255.0
PC-C NIC 192.168.3.3 255.255.255.0
Learning Objectives
• Verify connectivity throughout the network.
• Configure router R1 to support a site-to-site IPsec VPN with R3.
Senario:
The network topology shows three routers. Your task is to configure routers R1 and R3 to support a site-to-site IPsec VPN when traffic flows from their respective
LANs. The IPsec VPN tunnel is from router R1 to router R3 via R2. R2 acts as a pass-through and has no knowledge of the VPN. IPsec provides secure transmission
of sensitive information over unprotected networks such as the Internet. IPsec acts at the network layer, protecting and authenticating IP packets between participating
IPsec devices (peers), such as Cisco routers.
ISAKMP Phase 1 Policy Parameters
Parameters R1 R3
Key distribution method Manual or ISAKMP ISAKMP ISAKMP
Encryption algorithm DES, 3DES, or AES AES AES
Hash algorithm MD5 or SHA-1 SHA-1 SHA-1
Authentication method Pre-shared keys or RSA pre-share pre-share
Key exchange DH Group 1, 2, or 5 DH 2 DH 2
IKE SA Lifetime 86400 seconds or less 86400 86400
ISAKMP Key vpnpa55 vpnpa55
Bolded parameters are defaults. Only unbolded parameters have to be explicitly configured.
IPsec Phase 2 Policy Parameters
Parameters R1 R3
Transform Set Name VPN-SET VPN-SET
ESP Transform Encryption esp-aes esp-aes
ESP Transform Authentication esp-sha-hmac esp-sha-hmac
Peer IP Address 10.2.2.2 10.1.1.2
Traffic to be encrypted access-list 110 (source 192.168.1.0 dest 192.168.3.0) access-list 110 (source 192.168.3.0 dest 192.168.1.0)
Crypto Map name VPN-MAP VPN-MAP
SA Establishment ipsec-isakmp ipsec-isakmp
The routers have been pre-configured with the following:
• Password for console line: ciscoconpa55
• Password for vty lines: ciscovtypa55
• Enable password: ciscoenpa55
• OSPF 101
• SSH username and password: SSHadmin / ciscosshpa55
Your Tasks:
Task 1: Configure IPsec parameters on R1
Task 2: Configure IPsec Parameters on R3
Task 3: Verify the IPsec VPN

Looking for this assignment?

do my essay homework

Reviews, comments, and love from our customers and community

Article Writing

Great service so far. Keep doing what you do, I am really impressed by the work done.

Alexender

Researcher

PowerPoint Presentation

I am speechless…WoW! Thank you so much! Definitely, the writer is talented person. She provided me with an essay a day early before the due date!

Stacy V.

Part-time student

Dissertation & Thesis

This was a very well-written paper. Great work fast. I was in pretty desperate need for help to finish this paper before the due date, which was in nine hours.

M.H.H. Tony

Student

Annotated Bibliography

I love working with this company. You always go above and beyond and exceed my expectations every time. Kate did a WONDERFUL job. I would highly recommend her.

Francisca N.

Student

Book Report / Review

I received my order wayyyyyyy sooner than I expected. Couldn’t ask for more. Very good at communicating & fast at replying. And change & corrections she put in the effort to go back and change it!

Mary J.

Student

Essay (Any Type)

On time, perfect paper. All concerns & matters I had Tom was able to answer them! I will definitely provide him with more orders!

Prof. Kate (Ph.D)

Student

Case Study

Awesome! Great papers, and early! Thank you so much once again! Definitely recommend to trust James with your assignments! He won’t disappoint!

Kaylin Green

Student

Proofreading & Editing

Thank you Dr. Rebecca for editing my essays! She completed my task literally in 3 hours. For sure will work with her again, she is great and follows all instructions

Rebecca L.

Researcher

Critical Thinking / Review

Extremely thorough summary, understanding and examples found for social science readings, with edits made as needed and on time. It’s like having a tutoring service available (:

Arnold W.

Customer

Coursework

Perfect!I only paid about $80, which i think was a good price considering what my paper entailed. My paper was done early and it was well written!

Joshua W.

Student

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>