ICTNWK607 Design and Implement Wireless Network Security Assessment 02 Answer
|Qualification Code/Title||ICT50415 Diploma of Information Technology Networking|
|Assessment Type||Assessment -02 ( Project )|
|Unit of Competency|
|National Code/Title||ICTNWK607 Design and implement wireless network security|
Devon Technical College is a private Registered Training Organisation (RTO) with a campus based in Western Melbourne. It offers over 40 certificate and diploma level qualifications in the Vocational Education and Training (VET) sector for a large number of subject areas including business, community services, education, information technology, health, hospitality, and many others.
Students select from one of two study shifts (morning or afternoons) to undertake study which is self-directed in nature or trainer led, and to undertake assessments. With the self-directed courses, trainers/assessors are on hand to handle student’s queries, while other courses are trainer led.
There are currently 450 students that attend the institute across a wide range of classrooms.
The RTO has basic Wi-Fi for the students, staff and visitors. Stakeholders use different devices like phones, tablets and laptops. The current Wi-Fi has the following issues:
- No security for Wi-Fi
- Some areas do have Wi-Fi access
- Access point is not setup properly
- Slow or no internet
|Organisational and regulatory policies|
|The wireless network for the RTO must meet the following needs:|
1. Complete network coverage with wired and wireless network, providing constant stable network access for students, staff and visitors.
2. Network isolation between students, staff and visitors, ensuring network safety.
3. Access authentication, access permission management, and advertising promotion.
4. Simple network maintenance and management, low cost for devices maintenance.
5. All the data must be store in a safe location and make sure data is backed up every three hours
6. All the students information including Id’s must be safe and secure
Also, the Work Health and Safety Policies for installation of Wireless Network for the RTO states the following:
Ensuring safety in the network installation sector
The wireless network setup including the Access Points-AP are all handled and managed by the IT department of the RTO. The IT department is responsible for not only providing the Wireless Access to the customers and the staff members but also responsible for the management of the whole IT and the Network infrastructure of the RTO.
The IT network itself is comprised of the Servers, Computers, Printers, Scanners, Online CCTV camera setup along with the wireless access point. This IT infrastructure is all connected with an efficient and sophisticated Local Area Network. As highlighted earlier while establishing the Access Point the IT department has already segmented into multiple access control parameters ensuring the segregation of customers, staff of different shops and the IT staff of the account.
IT department needs to design and implement a wireless network security solution of the RTO. The IT department is headed by the ICT Manager Steve who is responsible for the management and the administration of the whole IT setup of the RTO while Smith the Network Security Engineer works in coordination with the ICT Manager to manage and setup the network infrastructure of the RTO. The job responsibilities of both the key IT personal along with the Network Diagram of the RTO to illustrate the network infrastructure and Wireless access points are given below:
Job description of the ICT Manager:
- Analysing information needs and specifying technology to meet those needs
- Formulating and directing information and communication technology (ICT) strategies, policies and plans
- Directing the selection and installation of ICT resources and the provision of user training
- Directing ICT operations and setting priorities between system developments, maintenance and operations
- Overseeing the security of ICT systems
- Running regular checks on network and data security
- Identifying and acting on opportunities to improve and update software and systems
- Developing and implementing IT policy and best practice guides for the organisation
- Designing training programs and workshops for staff
- Conducting regular system audits
- Running and sharing regular operation system reports with senior staff
- Overseeing and determining timeframes for major IT projects including system updates, upgrades, migrations and outages
- Managing and reporting on allocation of IT budget
- Providing direction for IT team members
- Identifying opportunities for team training and skills advancement
Job description of the Network Engineer:
- Planning, engineering, and monitoring the security arrangements for the protection of the network systems.
- Identifying, monitoring, and defining the requirements of the overall security of the system.
Creating different ways to solve the existing threats and security issues.
- Configuring and implementing intrusion detection systems and firewalls.
- Testing and checking the system for weaknesses in software and hardware.
- Maintaining firewalls, virtual private networks, web protocols, and email security.
- Creating virus and threat detection systems.
- Configuring and installing security infrastructure devices.
- Investigating intrusion and hacking incidents, collecting incident responses, and carrying out forensic investigations.
- Determining latest technologies and processes that improve the overall security of the system.
- Using industry-standard analysis criteria to test the security level of the firm.
- Developing tracking documents to note system vulnerabilities.
- Reporting the security analysis and monitoring findings.
- Supervising the configuration and installation of new software and hardware.
- Implementing regulatory systems in accordance with IT security.
- Informing the company about the security incidents as soon as possible.
- Modifying the technical, legal, and regulatory aspects of the system security.
- Defining and maintaining security policies.
- Occasionally replacing the security system protocol and architecture.
- Maintaining switches and servers.
Network diagram of the RTO to give illustration of all the all the computers, printers, scanners, servers, Wi-Fi access points, switches, routers
Task 1: Wireless Network Security Plan
The IT department is keen to design and implement wireless network security for Devon Technical College to ensure efficient and more secured usage of network resources for the students, staff members and visitors. For the design and the implementation of the wireless network security the IT department needs to draft and document a wireless network security plan. This security plan will help to understand both the requirements of the security parameters and the implementation mechanism to be followed for the wireless network security.
The student will act as the Network Security Engineer and will prepare the wireless network security plan as per the requirements specified by the ICT Manager and the management of Devon Technical College. The Network Security Engineer will prepare the security plan under the assistance of the ICT Manager and as per the network infrastructure of the RTO. Also, the Network Security Manager needs to ensure that the plan is according to continuous growth of the IT setup and as per the security needs and that can also be used for the future correspondence.
The Wireless Network Security Plan must include the following and also the student needs to complete the template for the security plan given below:
- Review given organisational and regulatory policies to identify security standards
- Review RTO stakeholders issues and requirements against WHS and security compliance requirements
- Develop a wireless network security plan including the following
- Purpose of the plan
- Define stakeholder
- Issues with the current wireless system
- Hardware and software required
- Wi-Fi protection (Security)
- Security threats and risks
- Firewall requirements of wireless security
Template for Wireless Network Security Plan
|Wireless Network Security Plan|
Issues with the current wireless system
Hardware and software
Wi-Fi protection (Security)
Security threats and risks
Firewall requirements of wireless security
Task 2: Analysis of Guest Access Services
For the design and implementation of the guest access services, you need to discuss with the ICT Manager about different architectures of guest access services and need to elaborate each and select one in consultation with the ICT Manager as per your requirements.
The trainer/assessor will act as the ICT Manager and will discuss and sort out all the queries relating the guest access service. The guest access service will help to define the mechanisms of granting access to the different users including the permanent and the guest users. Also, complete the minutes of meetings given below for the analysis of the guest access services.
You need to complete this task in 10-15 minutes and your trainer may provide you additional time if required.
You are required to complete the following meeting minute’s template and submit to your trainer/assessor.
|Minutes of Meeting|
|No||Points Discussed||Actions Suggested||Target Date|
|Signature of attendee 1: Signature of attendee 2:|
Signature of attendee 3: Signature of attendee 4:
Activity 2: Design, implement and test a wireless local area network (WLAN) site security plan
Task 1: Design a wireless local area network (WLAN) site security plan
In this task you need to produce a map for wireless network for the RTO. In the map you need to include:
- Access points
- Guest access
You are required to prepare a map in a packet tracer software and provide IP address to the relevant devices.
You need to submit you network map to your trainer and assessor. You need to complete this task in 1-2 hours. Trainer may provide you additional time if required.
Task 2: Implement and test a wireless local area network (WLAN) site security plan
Note: This activity is continuing of a previous activity.
Reference to the wireless network security plan developed in the previous activity, you are being the Network Security Engineer needs to implement the WLAN security plan. You need to implement the plan in coordination with the ICT Manager which will be acted by the trainer/assessor. For the implementation of the network security, you need to perform the tasks in the environment of a Live Network environment provided by the trainer/assessor.
The trainer/assessor will act as a supervisor and will guide you through the initial process of implementation the network security plan on the network infrastructure.
You need to complete this task in 6-8 hours. Your trainer may provide you additional time if required.
Note: For This activity RTO/Assessor will provide you the following:
- A site or prototype where network installation may be conducted
- Hardware and software (Included in the security plan)
- Organisational guidelines (Scenario)
- Live network
- Stand-alone and lightweight WLAN controllers and access points (AP)
- Hardware and software WLAN site survey tools
- Hardware and software IDS and IPS.
The student needs to perform the WLAN security implementation including the following:
- Setup and configure guest access accounts
- Set the Guest Username Policy
- Set the Employee Name Policy
- Create a self-registered portal
- Manage guests account
- Manage Employee Accounts
- Configure WLAN controller authorisation
- Configure DHCP
- Configure Virtual Gateway IP
- Use Broadcast SSID
- Enable Local Client Profiling
- Configure the anchor and internal controllers
- Configuration of the authentication of clients and management frame protection on clients and controllers
- Restrictions for Management Frame Protection
- Viewing the Management Frame Protection Settings (GUI)
- Debugging Management Frame Protection Issues
- Configure access control servers for integration with wireless network
- Configure client- and server-side digital certificate services
- Test, verify and troubleshoot the following:
- Guest Access Issues
- Wireless Connectivity Services
- IP Connectivity Failure