+4474648-84564 Unit 46 Network Security
· Aim
To provide learners with opportunities to manage, support and implement a secure network infrastructure for a commercial LAN or WAN environment.
· Unit abstract
ICT professionals managing a complex network infrastructure for a large corporate entity, as well as individuals maintaining small systems or personal access, all have to contemplate and implement a variety of network security intrusion prevention and detection methods.
Attacks evolve and threats change as systems increase in speed, capacity and use and as technologies change. The network security expert needs to ensure their skills remain current and maintain an understanding of the technological issues along with the social and commercial impact.
This unit explores the social impact of network security, and by designing a network security solution learners will understand the importance of enabling the IT user to remain safe whilst being able to use the system without unreasonable restrictions.
Learners will research, design and implement secure environments protecting IT systems and therefore individuals from attack. The protection will include intrusion detection and prevention, user and resource access management and the maintenance of malware defence. Learners will implement a proposed networked security solution, and manage the implemented solution.
· Learning outcomes
On successful completion of this unit a learner will:
- Understand the impact on the social and commercial environment of network security design
- Be able to design network security solutions
- Be able to implement network security solutions
- Be able to manage network security solutions.
Unit content
1 Understand the impact on the social and commercial environment of network security design
Threats: management of threats eg awareness, current threats, patches, updates, access policies, maintenance of systems, expertise management
Social impact: organisation trust eg data credibility, good will, corporate trust, financial trust; individual impact; corporate impact; social engineering; public relations management; law enforcement involvement
Security policy: review and management eg access to systems, establishment and review of personal, corporate and technical trust; vetting of staff; forensic analysis of systems
Impact on productivity: loss eg systems recovery, data recovery, loss of good will, loss of custom, loss of services; systemic review; legal proceedings
Estimating risk: penetration testing; audits eg internal and external; procedures eg establishment of baseline operating model, contingency planning, scrutiny and due diligence, vetting of contractors and commercial partners
2 Be able to design network security solutions
LAN design: technical response eg STP (Spanning Tree Protocol) prioritisation, MAC control, VLAN (Virtual Local Area Network) security, ARP (Address Resolution Protocol) poisoning, client access, wireless, device trust; VLAN design; trunk design; segregation of LAN segments
WAN design: technical response eg routing protocol authentication, access control lists, route maps, passive interfaces, traffic filters, network segregation, DMZ (Demilitarised Zone)management
Server deployment: security needs according to server specification eg printer access, file management, data management, email
Border systems: Intrusion Detection Systems (IDS) eg firewalls filters and rules, email monitoring, application and packet monitoring, signature management, trust, network behavioural norms; access control eg traffic filters, route redirection
User access: user group eg group membership, user group allocation, attribution of rights; user eg personal attribution of rights, continual review of rights allocation; rights eg file, server, service, data, hardware, printer, email
Physical security: power resilience and supply; physical
access control eg lock and key,
electronic access control, personnel based security, biometrics; hardware and
systems redundancy; backup eg data, configuration, imaging; recovery policies
3 Be able to implement network security solutions
Core systems: components eg servers, switch systems, router systems, firewalls
Communication: methods eg routing protocols, STP, hash exchanges, VLANs, dot1q
Cryptography: tunnelling eg GRE, VPN; key exchange methodology; crypto method eg RSA, IPSec, ISAKMP, IKE, DES, 3DES
Intrusion detection: precautions eg establishment of signatures, establish network behavioural norms
Intrusion prevention: tools eg firewalls, access control, traffic filters
Malware: policy levels eg desktop, server, router; virus definition deployments
Rights: access eg user, group, network, device, VLAN, address range, file, database, time based
Testing: systematic; type eg port, address, protocol, load, access, known exploits
4 Be able to manage network security solutions
User access: physical access; systems access
Environment testing: security audits; penetration testing
Policy review: access policy review; periodic review of user access (physical and system level)
System monitoring: monitoring eg load, traffic types, peak flow, trend analysis, user access patterns, device behaviour, logging servers
Change management: infrastructure eg network device removal/addition, server
addition/removal, network addition/removal; procedural eg user group
addition/removal, service addition/removal; impact on productivity
Learning outcomes and assessment criteria
| Learning outcomes On successful completion of this unit a learner will: | Assessment criteria for pass The learner can: |
| LO1 Understand the impact on the social and commercial environment of network security design | evaluate a current system’s network securitydiscuss the potential impact of a proposed network designdiscuss current and common threats and their impact |
| LO2 Be able to design network security solutions | design a network security solution to meet a given specificationevaluate design and analyse feedback |
| LO3 Be able to implement network security solutions | using a design, implement a complex network security solutionsystematically test the complex network security solutiondocument and analyse test results |
| LO4 Be able to manage network security solutions | manage a network security solutionanalyse ongoing network security policies and practicesrecommend potential change management. |
Guidance
Links to National Occupational Standards, other BTEC units, other BTEC qualifications and other relevant units and qualifications
The learning outcomes associated with this unit are closely linked with:
| Level 3 | Level 4 | Level 5 |
| Unit 32: Networked Systems Security | Unit 24: Networking Technologies | Unit 44: Local Area Networking Technologies |
| Unit 25: Routing Concepts | Unit 45: Wide Area Networking Technologies | |
| Unit 26: Design a Small or Home Office Network | Unit 48: IT Security Management | |
| Unit 27: Network Operating Systems |
This unit has links to the Level 4 and Level 5 National Occupational Standards for IT and Telecoms Professionals, particularly the areas of competence of:
- IT Security Management.
