Unit of competency
Modification History
Release |
Comments |
Release 1 |
This version first released with ICT Information and Communications Technology Training Package Version 6.0. |
Application
This unit describes the skills and knowledge required to use software tools, equipment and protocols to configure network devices in the design of the infrastructure of a secure network.
It applies to individuals with advanced Information and Communications Technology (ICT) expertise, who adapt router and switch operating system capabilities to mitigate attacks.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Networking
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
Elements describe the essential outcomes. |
Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Implement layer two security |
1.1 Configure router operating system (OS) commands and mitigate layer two attacks 1.2 Implement identity-based networking services (IBNS) and provide layer two security 1.3 Implement required identity management and use access control system (ACS) |
2. Configure router OS intrusion prevention system (OS-IPS) |
2.1 Evaluate advanced capabilities of router OS-IPS firewall feature set and include event action processing (EAP) 2.2 Configure and verify IPS features, identify threats and dynamically block from network 2.3 Maintain, update and tune required IPS signatures 2.4 Configure and verify context-based access control (CBAC) and network address translation (NAT) and dynamically mitigate identified network threats 2.5 Configure and verify zone-based firewall (ZFW), advanced application inspections and uniform resource locator (URL) filtering |
3. Configure virtual private networks (VPNs) |
3.1 Analyse and evaluate internet protocol security (IPSec) and generic routing encapsulation (IPSec/GRE) features and functionality 3.2 Configure secure connectivity for site-to-site VPN using certificate authorities 3.3 Analyse required dynamic multipoint VPN (DMVPN) features and capabilities 3.4 Configure and verify secure connectivity for site-to-site VPN operations |
4. Provide secure connectivity for site-to-site and remote access communications |
4.1 Provide highly secure network access with secure socket layer (SSL) VPN to deliver remote access connectivity features and benefits 4.2 Evaluate EasyVPN benefits and configure EasyVPN server with dynamic virtual tunnel interface (DVTI) to create a virtual access interface on the virtual tunnel interface 4.3 Configure and verify EasyVPN remote to establish a site-to-site connection using both router and VPN software clients 4.4 Implement group-encrypted transport (GET) VPN features to simplify the provisioning and management of VPN |
5. Implement network foundation protection (NFP) |
5.1 Evaluate NFP infrastructure protection features and document outcomes 5.2 Secure management plane, data plane and control plane and use OS features of the router 5.3 Determine functionality against technical specifications 5.4 Report on evaluation outcomes and obtain sign off from required personnel |
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
S KILL |
D ESCRIPTION |
Learning |
|
Numeracy |
|
Oral communication |
|
Reading |
|
Writing |
|
Planning and organising |
|
Problem solving |
|
Self-management |
|
Unit Mapping Information
Supersedes and is equivalent to ICTNWK608 Configure network devices for a secure network infrastructure.
Links
Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2