Course Title: Implement network security infrastructure for an organisation

Part B: Course Detail

Teaching Period: Term2 2024

Course Code: INTE5066

Course Title: Implement network security infrastructure for an organisation

School: 520T Future Technologies

Campus: City Campus

Program: C4424 - Certificate IV in Cyber Security

Course Contact: Tim Bek

Course Contact Phone: +61 3 9925 1409

Course Contact Email: tim.bek@rmit.edu.au


Name and Contact Details of All Other Relevant Staff

Nominal Hours: 80

Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.

Pre-requisites and Co-requisites

VU23213 - Utilise basic network concepts and protocols required in cyber security

Course Description

In this course you will gain the skills and knowledge required to recognise the key features that make up the network security for an organisation.
It required the ability to investigate threats and mitigation techniques, network security models, administration protection and user access methods, introduction to firewall setup and configuration, intrusion prevention and intrusion detection systems (IPS/IDS) and software used to protect an organisation. 


National Codes, Titles, Elements and Performance Criteria

National Element Code & Title:

VU23218 Implement network security infrastructure for an organisation

Element:

1 Examine the different models of security solutions for an organisation

Performance Criteria:

1.1    Physical security system solutions for an organisation are described


1.2    Hybrid security system solutions for an organisation are explained


1.3    Cloud based security system solutions for an organisation are described


1.4    Potential risks of network perimeter security devices for an organisation are identified

Element:

2 Investigate methods used to authenticate users to a network

Performance Criteria:

2.2    Authentication, Authorization and Accounting (AAA) procedures to access network devices are described
2.3    AAA authentication from a local server is implemented
2.4    Multifactor Authentication (MFA) processes to add security to an organisation’s network access are examined

Element:

3 Investigate the operation and role of software tools to monitor traffic and security in an organisation

Performance Criteria:

3.1    Examples of Network Access Control (NAC) features are described and demonstrated
3.2    Function and role of End Point Protection (EPP), End point Detection and Response (EDR), Extended Detection and Response (XDR) and Data Loss Prevention (DLP) systems for end points is defined
3.3    Features of network monitoring tools are identified and demonstrated 

Element:

4 Prepare and implement a firewall

Performance Criteria:

4.1    Features of basic and next generation firewalls are compared
4.2    Methods of traffic flow control for firewalls are identified
4.3    Function and operation of a firewall to mitigate network attacks is described and implemented
4.4    Basic configuration of firewall security zones is  demonstrated and implemented
4.5    Basic packet filtering is demonstrated and implemented

Element:

5 Investigate intrusion prevention and intrusion detection systems (IPS/IDS)

Performance Criteria:

5.1    Differences between intrusion prevention and intrusion detection systems are clarified
5.2    Process of detecting malicious traffic using signatures is demonstrated
5.3    Artificial Intelligence (AI) and Machine Learning (ML) methods and tools to detect malicious data streams are investigated

Element:

6 Examine proxy server vulnerability issues

Performance Criteria:

6.1    Function and operation of a proxy server is explained
6.2    Methods used to compromise the security of a proxy server are identified
6.3    Mitigation strategies to protect a proxy server are defined

Element:

7 Investigate wireless security access and common vulnerabilities

Performance Criteria:

7.1    Overview of the 802.11 Wireless Local Area Network (WLAN) Standard is provided
7.2    Relationship between the Data Layer and the Physical layers for WLANs is defined
7.3    WLAN architecture of a typical system is defined and demonstrated
7.4    Authentication and Association methods for wireless clients are described and demonstrated
7.5    Strengths and weaknesses of WLAN encryption techniques are identified
7.6    Current tools to discover details about available WLANs are selected and utilised
7.7    WLAN security checklist is developed

Element:

8 Demonstrate the fundamental operation of cryptographic systems

Performance Criteria:

8.1    Overview of cryptography is provided
8.2    Process of working with symmetric & asymmetric algorithms is defined
8.3    Function and operation of encryption, hashes and digital signatures to secure a network is explained
8.4    Data integrity and authentication utilising encryption algorithms are defined
8.5    Data confidentiality utilizing encryption algorithms are summarised
8.6    Process of public key encryption to ensure data confidentiality is demonstrated
8.7    Cryptography standards and protocols are summarised
8.8    Common use of protocols that utilise cryptography are demonstrated

Element:

9 Demonstrate the fundamentals of Virtual Private Networks (VPN's)

Performance Criteria:

9.1    Advantages and operation of VPN’s are explained
9.2    Operation of tunnelling is described and demonstrated
9.3    Operation of Internet Protocol Security (IPSec) VPN’s is summarised
9.4    Site to site IPSec VPN with pre shared key authentication is demonstrated
9.5    Different software VPN software packages enabling remote access to an organisations network are compared
9.6    VPN-Less alternatives for secure remote access to an organisations network are examined 


Learning Outcomes


On successful completion of this course you will have developed and applied the skills and knowledge required to demonstrate competency in the above elements. 


Details of Learning Activities

This unit describes the performance outcomes, skills and knowledge required to comprehend how data travels around the internet. It includes the function and operation of protocols such as Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) suite and devices that facilitate data transfer. The exposure to these protocols is at an intermediate level in this unit. The unit applies to individuals working as cyber security technicians and supports their ability to detect breaches in security infrastructure.

In addition, students will become proficient in securing networks through the use of AAA modules, Zone-Based Firewalls, designing and deploying stand-alone and managed wireless networks, setting up VPNs, implementing switchport solutions, and deploying Adaptive Security Appliances.

Learning activities may be modified during the semester to meet the needs of students in the current program.

Activities will come from a range of the following:

  • Classroom and online presentations
  • Classroom and Laboratory Activities and Activity Tasks
  • PowerPoint presentations
  • Internet research
  • Assessments/Portfolios


Teaching Schedule

Week Number Topics Assessment Tasks
1 Modern Network Security Threats  
2 Securing Network Devices  
3 FHRP Concepts   
4 Authentication, Authorization, and Accounting  Lab Check in
5 Managing a Secure Network  Theory exam Released Due week 16
6 Proxy Servers Practical Assessment 1 Released Due Week 12
7 WLAN   
  Inter-semester break  Lab Check in
8 Implementing Firewall Technologies   
9 Implementing Intrusion Prevention  
10 Securing the Local Area Network   
11 Cryptographic Systems  Lab Check in
12 Implementing Virtual Private Networks  Final Practical Exam Released Due week 16 
13 Implementing the Cisco Adaptive Security Appliance  
14 Network Troubleshooting  Lab Check in.
15 and 16 Assessment Week Final Week all assessment and demonstrations due by end of week 16.

 


Learning Resources

Prescribed Texts


References


Other Resources

This unit utilises Cisco's Networking Academy courses that are centered on Routing and Switching, Network Security and Network Automation.


Overview of Assessment

Assessment for this course is ongoing throughout the semester. Your knowledge and understanding of course content is assessed through participation in class exercises, oral/written presentations and through the application of learned skills and insights. Full assessment briefs will be provided and can be found on CANVAS.


Assessment Tasks

There are three Assessment Tasks for this unit:

  • Assessment Task 1 - Knowledge Assessment
  • Assessment Task 2 - Project
  • Assessment Task 3 - Project


Assessment Matrix

Elements/Performance Criteria Assessment 1 Assessment 2 Assessment 3
1.1  x x x
1.2  x x x
1.3  x x x
2.1  x x x
2.2  x x x
3.1 x x x
3.2 x x x
3.3 x x x
4.1 x x x
4.2 x x x
5.1 x   x
5.2 x   x
5.3 x   x
6. x   x
7 x   x
8. x   x
9.1 x   x
9.2 x   x
9.3 x   x
10 x   x

 

Course Overview: Access Course Overview