Diploma of Network Security Skills and Knowledge Activity Activity 5 – Major Activity

FIND A SOLUTION AT Academic Writers Bay

Assessment Details
Qualification Code/Title
ICT60215 Advanced Diploma of Network Security
Assessment Type
Assessment -02 ( Practical Demonstration)
Time allowed

Due Date

Location
AHIC
Term / Year

Student Details
Student Name

Student ID

Unit of Competency
National Code/Title
ICTNWK608 Configure network devices for a secure network infrastructure
Student Declaration: I declare that the work submitted is my own, and has not been copied or plagiarised from any person or source.
Signature: Date:
Assessor Details
Assessor’s Name

RESULTS (Please Circle)
SATISFACTORY
NOT SATISFACTORY
Feedback to student:
………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
Student Declaration: I declare that I have been assessed in this unit, and I have been advised of my result. I am also aware of my appeal rights. Signature: _______________________________ Date: ______/_______/___________
Assessor Declaration: I declare that I have conducted a fair, valid, reliable and flexible assessment with this student, and I have provided appropriate feedback. Signature: ___________________________________ Date: ______/_______/___________
Instructions to the Candidates This assessment is to be completed according to the instructions given below in this document. Should you not answer the tasks correctly, you will be given feedback on the results and gaps in knowledge. You will be entitled to one (1) resubmit in showing your competence with this unit. If you are not sure about any aspect of this assessment, please ask for clarification from your assessor. Please refer to the College re-submission and re-sit policy for more information. If you have questions and other concerns that may affect your performance in the Assessment, please inform the assessor immediately. Please read the Tasks carefully then complete all Tasks. To be deemed competent for this unit you must achieve a satisfactory result with tasks of this Assessment along with a satisfactory result for the Assessment. This is an Open book assessment which you will do in your own time but complete in the time designated by your assessor. Remember, that it must be your own work and if you use other sources then you must reference these appropriately Submitted document must follow the given criteria. Font must be Times New Roman, Font size need to be 12, line spacing has to be Single line and Footer of submitted document must include Student ID, Student Name and Page Number. Document must be printed double sided. This is Individual Assessments. Once you have completed the assessment, please upload the softcopy of the Assessment into AHIC Moodle. Plagiarism is copying someone else’s work and submitting it as your own. Any Plagiarism will result in a mark of Zero.
Assessment 02 – Practical Demonstration
Practical 1: Implementing Layer 2 Security
Objectives
Assign the Central switch as the root bridge.
Secure spanning-tree parameters to prevent STP manipulation attacks.
Enable storm control to prevent broadcast storms.
Enable port security to prevent MAC address table overflow attacks.
Senario:
There have been a number of attacks on the network recently. For this reason, the network administrator has assigned you the task of configuring Layer 2 security.
For optimum performance and security, the administrator would like to ensure that the root bridge is the 3560 Central switch. To prevent against spanning-tree manipulation attacks, the administrator wants to ensure that the STP parameters are secure. In addition, the network administrator would like to enable storm control to prevent broadcast storms. Finally, to prevent against MAC address table overflow attacks, the network administrator has decided to configure port security to limit the number of MAC addresses that can be learned per switch port. If the number of MAC addresses exceeds the set limit, the administrator would like for the port to be shutdown.
All devices have been preconfigured with:
Enable secret password: ciscoenpa55
Console password: ciscoconpa55
VTY line password: ciscovtypa55
Your Tasks:
Task 1: Verify Connectivity
Task 2: Create a Redundant Link Between SW-1 and SW-2
Task 3: Enable VLAN 20 as a Management VLAN
Task 4: Enable the Management PC to Access Router R1
Practical 2: Configure IOS Intrusion Prevention System (IPS) using CLI on Cisco routers
Addressing Table
Device
Interface
IP Address
Subnet Mask
Default Gateway
R1
G0/1
192.168.1.1
255.255.255.0
N/A

YOU MAY ALSO READ ...  MP223 HOMEWORK 9

S0/0/0
10.1.1.1
255.255.255.0
N/A
R2
S0/0/0 (DCE)
10.1.1.2
255.255.255.0
N/A

S0/0/1 (DCE)
10.2.2.1
255.255.255.0
N/A
R3
G0/1
192.168.3.1
255.255.255.0
N/A

S0/0/0
10.2.2.2
255.255.255.0
N/A
Syslog Server
NIC
192.168.1.50
255.255.255.0
192.168.1.1
PC-A
NIC
192.168.1.2
255.255.255.0
192.168.1.1
PC-C
NIC
192.168.3.2
255.255.255.0
192.168.3.1
Learning Objectives
Enable IOS IPS.
Configure logging.
Modify an IPS signature.
Verify IPS.
Senario:
Your task is to configure router R1 for IPS in order to scan traffic entering the 192.168.1.0 network.
The server labeled ‘Syslog Serve’ is used to log IPS messages. You must configure the router to identify the syslog server in order to receive logging messages. Displaying the correct time and date in syslog messages is vital when using syslog to monitor the network. Set the clock and configure timestamp service for logging on the routers. Finally, enable IPS to produce an alert and drop ICMP echo reply packets inline.
The server and PCs have been preconfigured. The routers have also been preconfigured with the following:
Enable password: ciscoenpa55
Console password: ciscoconpa55
SSH username and password: SSHadmin / ciscosshpa55
OSPF 101
Your Tasks:
Task 1: Enable IOS IPS
Task 2: Modify the Signature
Practical 3: Configuring a Zone-Based Policy Firewall (ZPF) on Cisco routers
Addressing Table
Device
Interface

YOU MAY ALSO READ ...  Reflection on the Groupwork Taskrepresents your language and literacy journeyHealthcare Informatics Overviewanalyzing the solution to a programDescription of the Core Assessment Instrumentdatabase shown in Project Part 2 ERD in DB2count and display the number of occurrences

IP Address
Subnet Mask
Default Gateway
R1
G0/1

192.168.1.1
255.255.255.0
N/A
S0/0/0

10.1.1.1
255.255.255.252
N/A
R2
S0/0/0

10.1.1.2
255.255.255.252
N/A
S0/0/1

10.2.2.2
255.255.255.252
N/A
R3
G0/1

192.168.3.1
255.255.255.0
N/A
S0/0/1

10.2.2.1
255.255.255.252
N/A
PC-A
NIC

192.168.1.3
255.255.255.0
192.168.1.1
PC-C
NIC

192.168.3.3
255.255.255.0
192.168.3.1
Learning Objectives
Verify connectivity among devices before firewall configuration.
Configure a zone-based policy (ZPF) firewall on router R3.
Verify ZPF firewall functionality using ping, SSH and a web browser.
Senario:
Zone-based policy (ZPF) firewalls are the latest development in the evolution of Cisco firewall technologies. In this activity, you configure a basic ZPF on an edge router R3 that allows internal hosts access to external resources and blocks external hosts from accessing internal resources. You then verify firewall functionality from internal and external hosts.
The routers have been pre-configured with the following:
Console password: ciscoconpa55
Password for vty lines: ciscovtypa55
Enable password: ciscoenpa55
Host names and IP addressing
Local username and password: Admin / Adminpa55
Static routing
Your Tasks:
Task 1: Verify Basic Network Connectivity
Task 2: Create the Firewall Zones on Router R3
Task 3: Define a Traffic Class and Access List
Task 4: Specify Firewall Policies
Task 5: Apply Firewall Policies
Task 6: Test Firewall Functionality from IN-ZONE to OUT-ZONE
Task 7: Test Firewall Functionality from OUT-ZONE to IN-ZONE
Practical 4: Configuring Context-Based Access Control (CBAC) on Cisco routers
Addressing Table
Device
Interface
IP Address
Subnet Mask
Default Gateway
R1
Fa0/1
192.168.1.1
255.255.255.0
N/A
S0/0/0
10.1.1.1
255.255.255.252
N/A
R2
S0/0/0
10.1.1.2
255.255.255.252
N/A
S0/0/1
10.2.2.2
255.255.255.252
N/A
R3
Fa0/1
192.168.3.1
255.255.255.0
N/A
S0/0/1
10.2.2.1
255.255.255.252
N/A
PC-A
NIC
192.168.1.3
255.255.255.0
192.168.1.1
PC-C
NIC
192.168.3.3
255.255.255.0
192.168.3.1
Learning Objectives
Verify connectivity among devices before firewall configuration.
Configure an IOS firewall with CBAC on router R3.
Verify CBAC functionality using ping, Telnet, and HTTP.
Senario:
Context-Based Access Control (CBAC) is used to create an IOS firewall. In this activity, you will create a basic CBAC configuration on edge router R3. R3 provides access to resources outside of the network for hosts on the inside network. R3 blocks external hosts from accessing internal resources. After the configuration is complete, you will verify firewall functionality from internal and external hosts.
The routers have been pre-configured with the following:
Enable password: ciscoenpa55
Password for console: ciscoconpa55
Password for VTY lines: ciscosshpa55
IP addressing
Static routing
All switch ports are in VLAN 1 for switches S1 and S3
Your Tasks:
Task 1: Block Traffic From Outside
Task 2: Create a CBAC Inspection Rule
Task 3: Verify Firewall Functionality
Task 4: Review CBAC Configuration
Practical 5: Configure and Verify a Site-to-Site IPsec VPN using CLI on Cisco routers
Addressing Table
Device
Interface
IP Address
Subnet Mask
R1
G0/0
192.168.1.1
255.255.255.0
S0/0/0 (DCE)
10.1.1.2
255.255.255.252
R2
S0/0/0
10.1.1.1
255.255.255.252
G0/0
192.168.2.1
255.255.255.0
S0/0/1(DCE)
10.2.2.1
255.255.255.252
R3
S0/0/1
10.2.2.2
255.255.255.252
G0/0
192.168.3.1
255.255.255.0
PC-A
NIC
192.168.1.3
255.255.255.0
PC-B
NIC
192.168.2.3
255.255.255.0
PC-C
NIC
192.168.3.3
255.255.255.0
Learning Objectives
Verify connectivity throughout the network.
Configure router R1 to support a site-to-site IPsec VPN with R3.
Senario:
The network topology shows three routers. Your task is to configure routers R1 and R3 to support a site-to-site IPsec VPN when traffic flows from their respective LANs. The IPsec VPN tunnel is from router R1 to router R3 via R2. R2 acts as a pass-through and has no knowledge of the VPN. IPsec provides secure transmission of sensitive information over unprotected networks such as the Internet. IPsec acts at the network layer, protecting and authenticating IP packets between participating IPsec devices (peers), such as Cisco routers.
ISAKMP Phase 1 Policy Parameters
Parameters
R1
R3
Key distribution method
Manual or ISAKMP
ISAKMP
ISAKMP
Encryption algorithm
DES, 3DES, or AES
AES
AES
Hash algorithm
MD5 or SHA-1
SHA-1
SHA-1
Authentication method
Pre-shared keys or RSA
pre-share
pre-share
Key exchange
DH Group 1, 2, or 5
DH 2
DH 2
IKE SA Lifetime
86400 seconds or less
86400
86400
ISAKMP Key

YOU MAY ALSO READ ...  STAT600: Data Analysis and Interpretation

vpnpa55
vpnpa55
Bolded parameters are defaults. Only unbolded parameters have to be explicitly configured.
IPsec Phase 2 Policy Parameters
Parameters
R1
R3
Transform Set Name
VPN-SET
VPN-SET
ESP Transform Encryption
esp-aes
esp-aes
ESP Transform Authentication
esp-sha-hmac
esp-sha-hmac
Peer IP Address
10.2.2.2
10.1.1.2
Traffic to be encrypted
access-list 110 (source 192.168.1.0 dest 192.168.3.0)
access-list 110 (source 192.168.3.0 dest 192.168.1.0)
Crypto Map name
VPN-MAP
VPN-MAP
SA Establishment
ipsec-isakmp
ipsec-isakmp
The routers have been pre-configured with the following:
Password for console line: ciscoconpa55
Password for vty lines: ciscovtypa55
Enable password: ciscoenpa55
OSPF 101
SSH username and password: SSHadmin / ciscosshpa55
Your Tasks:
Task 1: Configure IPsec parameters on R1
Task 2: Configure IPsec Parameters on R3
Task 3: Verify the IPsec VPN Bottom of Form

Order from Academic Writers Bay
Best Custom Essay Writing Services

QUALITY: 100% ORIGINAL PAPERNO PLAGIARISM – CUSTOM PAPER