Unit 46:Network Security




Unit 46:Network Security







Unit code:D/601/1956

QCF Level 5:BTEC Higher National


Credit value:15






Aim

To provide learners with opportunities to manage, support and implement a secure network infrastructure for a commercial LAN or WAN environment.


Unit abstract

ICT professionals managing a complex network infrastructure for a large corporate entity, as well as individuals maintaining small systems or personal access, all have to contemplate and implement a variety of network security intrusion prevention and detection methods.

Attacks evolve and threats change as systems increase in speed, capacity and use and as technologies change. The network security expert needs to ensure their skills remain current and maintain an understanding of the technological issues along with the social and commercial impact.

This unit explores the social impact of network security, and by designing a network security solution learners will understand the importance of enabling the IT user to remain safe whilst being able to use the system without unreasonable restrictions.

Learners will research, design and implement secure environments protecting IT systems and therefore individuals from attack. The protection will include intrusion detection and prevention, user and resource access management and the maintenance of malware defence. Learners will implement a proposed networked security solution, and manage the implemented solution.


Learning outcomes

On successful completion of this unit a learner will:

1     Understand the impact on the social and commercial environment of network security design

2     Be able to design network security solutions

3     Be able to implement network security solutions

4     Be able to manage network security solutions.




Unit content




1     Understand the impact on the social and commercial environment of network security design

Threats: management of threats eg awareness, current threats, patches, updates, access policies, maintenance of systems, expertise management

Social impact: organisation trust eg data credibility, good will, corporate trust, financial trust; individual impact; corporate impact; social engineering; public relations management; law enforcement involvement

Security policy: review and management eg access to systems, establishment and review of personal, corporate and technical trust; vetting of staff; forensic analysis of systems

Impact on productivity: loss eg systems recovery, data recovery, loss of good will, loss of custom, loss of services; systemic review; legal proceedings

Estimating risk: penetration testing; audits eg internal and external; procedures eg establishment of baseline operating model, contingency planning, scrutiny and due diligence, vetting of contractors and commercial partners


2     Be able to design network security solutions

LAN design: technical response eg STP (Spanning Tree Protocol) prioritisation, MAC control, VLAN (Virtual Local Area Network) security, ARP (Address Resolution Protocol) poisoning, client access, wireless, device trust; VLAN design; trunk design; segregation of LAN segments

WAN design: technical response eg routing protocol authentication, access control lists, route maps, passive interfaces, traffic filters, network segregation, DMZ (Demilitarised Zone)management

Server deployment: security needs according to server specification eg printer access, file management, data management, email

Border systems: Intrusion Detection Systems (IDS) eg firewalls filters and rules, email monitoring, application and packet monitoring, signature management, trust, network behavioural norms; access control eg traffic filters, route redirection

User access: user group eg group membership, user group allocation, attribution of rights; user eg personal attribution of rights, continual review of rights allocation; rights eg file, server, service, data, hardware, printer, email

Physical security: power resilience and supply; physical access control eg lock and key, electronic access control, personnel based security, biometrics; hardware and systems redundancy; backup eg data, configuration, imaging; recovery policies







3     Be able to implement network security solutions

Core systems: components eg servers, switch systems, router systems, firewalls

Communication: methods eg routing protocols, STP, hash exchanges, VLANs, dot1q

Cryptography: tunnelling eg GRE, VPN; key exchange methodology; crypto method eg RSA, IPSec, ISAKMP, IKE, DES, 3DES

Intrusion detection: precautions eg establishment of signatures, establish network behavioural norms

Intrusion prevention: tools eg firewalls, access control, traffic filters

Malware: policy levels eg desktop, server, router; virus definition deployments

Rights: access eg user, group, network, device, VLAN, address range, file, database, time based

Testing: systematic; type eg port, address, protocol, load, access, known exploits


4     Be able to manage network security solutions

User access: physical access; systems access

Environment testing: security audits; penetration testing

Policy review: access policy review; periodic review of user access (physical and system level)

System monitoring: monitoring eg load, traffic types, peak flow, trend analysis, user access patterns, device behaviour, logging servers

Change management: infrastructure eg network device removal/addition, server addition/removal, network addition/removal; procedural eg user group addition/removal, service addition/removal; impact on productivity








Learning outcomes and assessment criteria



Learning outcomes

On successful completion of this unit a learner will:



Assessment criteria for pass

The learner can:



LO1

Understand the impact on the social and commercial environment of network security design


1.1 evaluate a current system’s network security

1.2 discuss the potential impact of a proposed network design

1.3 discuss current and common threats and their impact



LO2

Be able to design network security solutions

2.1 design a network security solution to meet a given specification

2.2 evaluate design and analyse feedback


LO3

Be able to implement network security solutions


3.1 using a design, implement a complex network security solution

3.2 systematically test the complex network security solution

3.3 document and analyse test results



LO4

Be able to manage network security solutions


4.1 manage a network security solution

4.2 analyse ongoing network security policies and practices

4.3 recommend potential change management.







Guidance




Links to National Occupational Standards, other BTEC units, other BTEC qualifications and other relevant units and qualifications

The learning outcomes associated with this unit are closely linked with:



Level 3


Level 4


Level 5

Unit 32: Networked Systems Security

Unit 24: Networking Technologies

Unit 44: Local Area Networking Technologies





Unit 25: Routing Concepts


Unit 45: Wide Area Networking Technologies






Unit 26: Design a Small or Home Office Network

Unit 48: IT Security Management





Unit 27: Network Operating Systems








This unit has links to the Level 4 and Level 5 National Occupational Standards for IT and Telecoms Professionals, particularly the areas of competence of:

•     IT Security Management.


Essential requirements

A centre delivering this unit must have access to suitable network routing or switch technology as a live or emulated resource. The primary focus is practice based and therefore this unit cannot be delivered in a theoretical context.


Resources

Books

Bhaiji Y Network Security Technologies and Solutions: CCIE Professional Development (Cisco Press, 2008) ISBN-10: 1587052466

Clem A Network Management Fundamentals (Cisco Press, 2006) ISBN-10: 1587201372

Stallings W Network Security Essentials: Applications and Standards (Pearson, 2008) ISBN-10: 0132303787

White G et al CompTIA Security+ All-in-One Exam Guide, Second Edition (McGraw Hill, 2009) ISBN-10: 0071601279









Websites

www.developers.net/ciscoshowcase/view/1162

www.eogogics.com/talkgogics/tutorials/SNMP/

www.networktutorials.info/wireless_sec.html


Employer engagement and vocational contexts

Liaison with network (or internet) security experts from local or national organisations would enhance the delivery of this unit. If the learner is employed, a contextual assessment based on their working environment with the support of their supervisory management would be of considerable value. Care must be taken to ensure any real work projects are not detrimental to their employer or employment.





Comments