62893 – Assessment DetailsQualification Code/Title ICT60215 Advanced

SOLUTION AT Australian Expert Writers

Assessment Code/Title ICT60215 Diploma of Network SecurityAssessment Type Assessment -02 ( Practical Demonstration) Time allowedDue Date Location AHIC Term / YearStudent DetailsStudent Name Student IDUnit of CompetencyNational Code/Title ICTNWK608 Configure network devices for a secure network infrastructureStudent : I declare that the work submitted is my own, and has not been copied or plagiarised from any person or source. Signature:Date:Assessor DetailsAssessor’s NameRESULTS (Please Circle) SATISFACTORY NOT SATISFACTORYFeedback to student:………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………Student Declaration: I declare that I have been assessed in this unit, and I have been advised of my result. I am also aware of my appeal rights.Signature: _______________________________Date: ______/_______/___________Assessor Declaration: I declare that I have conducted a fair, valid, reliable and flexible assessment with this student, and I have provided appropriate feedback.Signature: ___________________________________Date: ______/_______/___________Instructions to the Candidates? This assessment is to be completed according to the instructions given below in this document.? Should you not answer the correctly, you will be given feedback on the results and gaps in knowledge. You will be entitled to one (1) resubmit in showing your competence with this unit.? If you are not sure about any aspect of this assessment, please ask for clarification from your assessor.? Please refer to the College re-submission and re-sit policy for more information.? If you have questions and other concerns that may affect your performance in the Assessment, please inform the assessor immediately.? Please read the Tasks carefully then complete all Tasks.? To be deemed competent for this unit you must achieve a satisfactory result with tasks of this Assessment along with a satisfactory result for the Assessment.? This is an Open book assessment which you will do in your own time but complete in the time designated by your assessor. Remember, that it must be your own work and if you use other sources then you must reference these appropriately? Submitted document must follow the given criteria. Font must be Times New Roman, Font size need to be 12, line spacing has to be Single line and Footer of submitted document must include Student ID, Student Name and Page Number. Document must be printed double sided.? This is Assessments. Once you have completed the assessment, please upload the softcopy of the Assessment into AHIC Moodle.? Plagiarism is copying someone else’s work and submitting it as your own. Any Plagiarism will result in a mark of Zero.Assessment 02 – Practical DemonstrationPractical 1: Implementing Layer 2 SecurityObjectives1. Assign the Central switch as the root bridge.2. Secure spanning-tree parameters to prevent STP manipulation attacks.3. Enable storm control to prevent broadcast storms.4. Enable port to prevent MAC address table overflow attacks.Senario:There have been a number of attacks on the network recently. For this reason, the network administrator has assigned you the task of configuring Layer 2 security.For optimum performance and security, the administrator would like to ensure that the root bridge is the 3560 Central switch. To prevent against spanning-tree manipulation attacks, the administrator wants to ensure that the STP parameters are secure. In addition, the network administrator would like to enable storm control to prevent broadcast storms. Finally, to prevent against MAC address table overflow attacks, the network administrator has decided to configure port security to limit the number of MAC addresses that can be learned per switch port. If the number of MAC addresses exceeds the set limit, the administrator would like for the port to be shutdown.All devices have been preconfigured with:? Enable secret password: ciscoenpa55? Console password: ciscoconpa55? VTY line password: ciscovtypa55Your Tasks:Task 1: Verify ConnectivityTask 2: Create a Redundant Link Between SW-1 and SW-2Task 3: Enable VLAN 20 as a Management VLANTask 4: Enable the Management PC to Access Router R1Practical 2: Configure IOS Intrusion Prevention System (IPS) CLI on Cisco routersAddressing TableDevice Interface IP Address Subnet Mask Default GatewayR1 G0/1 192.168.1.1 255.255.255.0 N/AS0/0/0 10.1.1.1 255.255.255.0 N/AR2 S0/0/0 (DCE) 10.1.1.2 255.255.255.0 N/AS0/0/1 (DCE) 10.2.2.1 255.255.255.0 N/AR3 G0/1 192.168.3.1 255.255.255.0 N/AS0/0/0 10.2.2.2 255.255.255.0 N/ASyslog Server NIC 192.168.1.50 255.255.255.0 192.168.1.1PC-A NIC 192.168.1.2 255.255.255.0 192.168.1.1PC-C NIC 192.168.3.2 255.255.255.0 192.168.3.1Learning Objectives1. Enable IOS IPS.2. Configure logging.3. Modify an IPS signature.4. Verify IPS.Senario:Your task is to configure router R1 for IPS in order to scan traffic entering the 192.168.1.0 network.The server labeled ‘Syslog Serve’ is used to log IPS messages. You must configure the router to identify the syslog server in order to receive logging messages. Displaying the correct time and date in syslog messages is vital when using syslog to monitor the network. Set the clock and configure timestamp service for logging on the routers. Finally, enable IPS to produce an alert and drop ICMP echo reply packets inline.The server and PCs have been preconfigured. The routers have also been preconfigured with the following:? Enable password: ciscoenpa55? Console password: ciscoconpa55? SSH username and password: SSHadmin / ciscosshpa55? OSPF 101Your Tasks:Task 1: Enable IOS IPSTask 2: Modify the SignaturePractical 3: Configuring a Zone-Based Policy Firewall (ZPF) on Cisco routersAddressing TableDevice Interface IP Address Subnet Mask Default GatewayR1 G0/1 192.168.1.1 255.255.255.0 N/AS0/0/0 10.1.1.1 255.255.255.252 N/AR2 S0/0/0 10.1.1.2 255.255.255.252 N/AS0/0/1 10.2.2.2 255.255.255.252 N/AR3 G0/1 192.168.3.1 255.255.255.0 N/AS0/0/1 10.2.2.1 255.255.255.252 N/APC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1Learning Objectives1. Verify connectivity among devices before firewall configuration.2. Configure a zone-based policy (ZPF) firewall on router R3.3. Verify ZPF firewall functionality using ping, SSH and a web browser.Senario:Zone-based policy (ZPF) firewalls are the latest development in the evolution of Cisco firewall technologies. In this activity, you configure a basic ZPF on an edge router R3 that allows internal hosts access to external resources and blocks external hosts from accessing internal resources. You then verify firewall functionality from internal and external hosts.The routers have been pre-configured with the following:? Console password: ciscoconpa55? Password for vty lines: ciscovtypa55? Enable password: ciscoenpa55? Host names and IP addressing? Local username and password: Admin / Adminpa55? Static routingYour Tasks:Task 1: Verify Basic Network ConnectivityTask 2: Create the Firewall Zones on Router R3Task 3: Define a Traffic Class and Access ListTask 4: Specify Firewall PoliciesTask 5: Apply Firewall PoliciesTask 6: Test Firewall Functionality from IN-ZONE to OUT-ZONETask 7: Test Firewall Functionality from OUT-ZONE to IN-ZONEPractical 4: Configuring Context-Based Access Control (CBAC) on Cisco routersAddressing TableDevice Interface IP Address Subnet Mask Default GatewayR1 Fa0/1 192.168.1.1 255.255.255.0 N/AS0/0/0 10.1.1.1 255.255.255.252 N/AR2 S0/0/0 10.1.1.2 255.255.255.252 N/AS0/0/1 10.2.2.2 255.255.255.252 N/AR3 Fa0/1 192.168.3.1 255.255.255.0 N/AS0/0/1 10.2.2.1 255.255.255.252 N/APC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1Learning Objectives1. Verify connectivity among devices before firewall configuration.2. Configure an IOS firewall with CBAC on router R3.3. Verify CBAC functionality using ping, Telnet, and HTTP.Senario:Context-Based Access Control (CBAC) is used to create an IOS firewall. In this activity, you will create a basic CBAC configuration on edge router R3. R3 provides access to resources outside of the network for hosts on the inside network. R3 blocks external hosts from accessing internal resources. After the configuration is complete, you will verify firewall functionality from internal and external hosts.The routers have been pre-configured with the following:? Enable password: ciscoenpa55? Password for console: ciscoconpa55? Password for VTY lines: ciscosshpa55? IP addressing? Static routing? All switch ports are in VLAN 1 for switches S1 and S3Your Tasks:Task 1: Block Traffic From OutsideTask 2: Create a CBAC Inspection RuleTask 3: Verify Firewall FunctionalityTask 4: Review CBAC ConfigurationPractical 5: Configure and Verify a Site-to-Site IPsec VPN using CLI on Cisco routersAddressing TableDevice Interface IP Address Subnet MaskR1 G0/0 192.168.1.1 255.255.255.0S0/0/0 (DCE) 10.1.1.2 255.255.255.252R2 S0/0/0 10.1.1.1 255.255.255.252G0/0 192.168.2.1 255.255.255.0S0/0/1(DCE) 10.2.2.1 255.255.255.252R3 S0/0/1 10.2.2.2 255.255.255.252G0/0 192.168.3.1 255.255.255.0PC-A NIC 192.168.1.3 255.255.255.0PC-B NIC 192.168.2.3 255.255.255.0PC-C NIC 192.168.3.3 255.255.255.0Learning Objectives• Verify connectivity throughout the network.• Configure router R1 to support a site-to-site IPsec VPN with R3.Senario:The network topology shows three routers. Your task is to configure routers R1 and R3 to support a site-to-site IPsec VPN when traffic flows from their respective LANs. The IPsec VPN tunnel is from router R1 to router R3 via R2. R2 acts as a pass-through and has no knowledge of the VPN. IPsec provides secure transmission of sensitive information over unprotected networks such as the Internet. IPsec acts at the network layer, protecting and authenticating IP packets between participating IPsec devices (peers), such as Cisco routers.ISAKMP Phase 1 Policy ParametersParameters R1 R3Key distribution method Manual or ISAKMP ISAKMP ISAKMPEncryption algorithm DES, 3DES, or AES AES AESHash algorithm MD5 or SHA-1 SHA-1 SHA-1Authentication method Pre-shared keys or RSA pre-share pre-shareKey exchange DH Group 1, 2, or 5 DH 2 DH 2IKE SA Lifetime 86400 seconds or less 86400 86400ISAKMP Key vpnpa55 vpnpa55Bolded parameters are defaults. Only unbolded parameters have to be explicitly configured.IPsec Phase 2 Policy ParametersParameters R1 R3Transform Set Name VPN-SET VPN-SETESP Transform Encryption esp-aes esp-aesESP Transform Authentication esp-sha-hmac esp-sha-hmacPeer IP Address 10.2.2.2 10.1.1.2Traffic to be encrypted access-list 110 (source 192.168.1.0 dest 192.168.3.0) access-list 110 (source 192.168.3.0 dest 192.168.1.0)Crypto Map name VPN-MAP VPN-MAPSA Establishment ipsec-isakmp ipsec-isakmpThe routers have been pre-configured with the following:• Password for console line: ciscoconpa55• Password for vty lines: ciscovtypa55• Enable password: ciscoenpa55• OSPF 101• SSH username and password: SSHadmin / ciscosshpa55Your Tasks:Task 1: Configure IPsec parameters on R1Task 2: Configure IPsec Parameters on R3Task 3: Verify the IPsec VPN

Order from Australian Expert Writers
Best Australian Academic Writers

QUALITY: 100% ORIGINAL NO PLAGIARISM – CUSTOM PAPER