Unit of competency
Modification History
Release |
Comments |
Release 1 |
This version first released with ICT Information and Communications Technology Training Package Version 6.0. |
Application
This unit describes the skills and knowledge required to use software tools, equipment and protocols to implement a security system.
It applies to individuals who work in ICT roles that involve the planning and implementing of networks, including budgeting, and determining and resolving network security threats.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Networking
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
Elements describe the essential outcomes. |
Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Assess network infrastructure threats |
1.1 Identify major industry standard network attacks and malware 1.2 Evaluate mitigation methods for required network attacks and malware according to organisational network architecture 1.3 Determine and document options for defending network architecture |
2. Secure edge devices (routers) |
2.1 Secure required network routers according to technical requirements 2.2 Secure required administration access to routers using the router operating system (OS) 2.3 Secure required router OS and its configuration file(s) |
3. Implement authentication, authorisation and accounting (AAA) and secure access control system (ACS) |
3.1 Determine and implement required authentication and authorisation 3.2 Configure router and use AAA according to technical requirements 3.3 Analyse and compare Terminal Access Controller Access-Control System Plus (TACACS+) and Remote Authentication Dial In User Service (RADIUS) AAA protocols for securing the network |
4. Mitigate threats to routers and networks using access control lists (ACLs) |
4.1 Assess and document access control list functionality and requirements 4.2 Configure and verify IP ACLs to mitigate threats and prevent internet protocol (IP) address spoofing 4.3 Test IP ACLs functionality against organisational and technical requirements |
5. Implement secure network management and reporting |
5.1 Configure secure shell (SSH) on routers and enable secure management 5.2 Configure routers to send log messages to a log server with tools 5.3 Document layer two attack prevention methods and confirm basic switch security features 5.4 Configure layer two attack prevention switch |
6. Implement intrusion detection and prevention system (IDPS) feature set in the router OS using secure device manager (SDM) |
6.1 Evaluate and compare network based and host based IDPS and identify malicious activity, log information, attempt to stop activity and document reported activity 6.2 Determine IDPS technologies, attack responses and monitoring options 6.3 Configure router OS IDPS operations according to organisational and technical requirements 6.4 Finalise reports and documentation and submit to required personnel |
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
S KILL |
D ESCRIPTION |
Numeracy |
|
Oral communication |
|
Reading |
|
Writing |
|
Teamwork |
|
Planning and organising |
|
Problem solving |
|
Self-management |
|
Technology |
|
Unit Mapping Information
Supersedes and is equivalent to ICTNWK601 Design and implement a security system.
Links
Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2