manage network security

pdf

School

Albright Institute of Business and Language *

*We aren’t endorsed by this school

Course

546

Subject

Information Systems

Date

Feb 20, 2024

Type

pdf

Pages

16

Uploaded by Moondimz

Report
ASSESSMENT RECORD / FEEDBACK SHEET Course: ICT60215 Advanced Diploma of Network Security Name: Student ID Unit Name and Code: ICTNWK546 Manage network security Assessment Task Number and Title: 2# Practical Demonstration Date Submitted: 1/March/2021 Trainer's Name: Surgndra Pathak_‘ = All assessments must be in a neat and readable format. = Students are required to retain a duplicate of any assignment submitted, both written & disk copy. = Please refer to the Student Handbook for the Assessment Policy. = Plagiarism is an academic misconduct and is unacceptable to Pacific College of Technology. M I certify that the work submitted is my own. | have acknowledged material taken from websites, textbooks and articles. To be completed by Trainer [0 Competent [0 Not yet competentl] to be FEEDBACK Signed (Trainer/Assessor) ~ Date: DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 10f16
Course : ICT60215 Advanced Diploma of Network Security Unit Code and Name : ICTNWK546 Manage network security Trainer/Assessor Assessment item : #2- Practical Demonstration Due date : Week 2 (Extension upon trainer’s approval only) Context and Purpose of the assessment: This assessment will assess your skills and knowledge in the area of ‘ICTNWK546 Manage network security’ unit. This assessment activity deals with the following elements of performance and critical aspects of evidence: Activity Element | Performance Criteria 1 1,2 1.5, 1.6, 2.1, o The assessment tasks for the unit assume that you will work in the Information Technology industry. Practical demonstration used in this assessment reflects a workplace scenario. o The student must have access to a Computer, Printer and Microsoft Office Suite Applications for doing the assessment for this unit. o If you are not sure about any aspect of this assessment, please ask for clarification from your assessor. If the assessment is not satisfactory, the trainer will allow one more attempt to the assessment item. o The responses to assessment questions should be in your own words and examples from workplace should be used wherever possible. DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 2 of 16
1. Assessment environment for this Unit The assessment of this Unit will be in a simulated environment where you will be provided access to: e atelecommunications operations site e a mentor or supervisor appropriately experienced in relevant telecommunications technology and infrastructure e Networked computers and relevant software. Your trainer will provide further instructions on assessment conditions. 2. The Assessment will cover You are expected to demonstrate the ability to perform following key tasks: e explain administrative network management systems evaluate algorithms used in IP network security specify the purpose of cryptography in security systems explain encapsulation and encryption in data transmission describe examples of enterprise solutions explain firewalls outline common network topologies summarise operations network management systems explain routing theory explain and give examples of system threats outline transaction protocols. 3. Specific instructions To do this activity you'll need: e CISCO Packet Tracer e Router, switch, servers, firewall and PCs. DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 3 0f16
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4. Tasks include: Create an efficient VLSM design given requirements, Assign appropriate addresses to interfaces and document, Cable a network according to the Topology Diagram, Erase the start up configuration and reload a router to the default state, Configure routers including OSPF, Configure and propagate a static default route, Verify OSPF operation, Test and verify full connectivity, Reflect upon and document the network implementation OSPF configuration source file can be retrieved from the Assessment folder. Note: Put all the screenshot of your configuration under this note. £ Fa0/2 Fa0 Fa0/1 960-24TT “PC-PT Fa0/0 / PC-PT S Switch2 PC2 HQ ® s20/0/0 P o e L seo/o/1? D=elm Fa0/0 104 1. 1841 (o0l Branch? Fa0/1 g_‘ R Fao/z’ 2960-24TT i ha(h::g‘l” 2960-24TT Switch3 g5 PC1 Switch1 Pea Learning Objectives Upon completion of this lab, you will be able to: Create an efficient VLSM design given requirements Assign appropriate addresses to interfaces and document Cable a network according to the Topology Diagram Erase the startup configuration and reload a router to the default state « Configure routers including OSPF DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 4 of 16
« Configure and propagate a static default route » Verify OSPF operation « Test and verify full connectivity « Reflect upon and document the network implementation Scenario In this lab activity, you will be given a network address that must be subnetted using VLSM to complete the addressing of the network shown in the Topology Diagram. A combination OSPF routing and static routing will be required so that hosts on networks that are not directly connected will be able to communicate with each other. OSPF area ID of 0 and process ID of 1 will be used in all OSPF configurations. Answer: & User Profile X Name: | Michelle | E-Mail: || | Additional Info: PCT190233 I OK | Cancel Figure 1: User Profile Deev Ic Intceerfa IP Address Subnet Mask GD;feav:";; Fa0/0 | 172.20.0.1 255.255.224.0 N/A 50/0/0 | 172.20.56.1 | 255.255.255.252 N/A S0/0/1 | 172.20.56.5 | 255.255.255.252 N/A Lol 10.10.10.1 | 255.255.255.252 N/A Fa0/0 | 172.20.32.1 | 255.255.240.0 N/A Bralr‘Ch S0/0/0 | 172.20.56.2 | 255.255.255.252 N/A S0/0/1 | 172.20.56.9 | 255.255.255.252 N/A Branch | Fa0/0 | 172.20.48.1 | 255.255.248.0 N/A 2 [50/0/0 | 172.20.56.10 | 255.255.255.252 N/A DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 50f 16
S0/0/1 172.20.56.6 255.255.255.252 N/A PC1 NIC 172.20.47.254 255.255.240.0 172.20.32.1 PC2 NIC 172.20.3.254 255.255.224.0 172.20.0.1 PC3 NIC 172.20.55.254 255.255.248.0 172.20.48.1 Learning Objectives Upon completion of this lab, you will be able to: Scenario In this lab activity, you will be given a network address that must be Create an efficient VLSM design given requirements Assign appropriate addresses to interfaces and document Cable a network according to the Topology Diagram Erase the startup configuration and reload a router to the default state Configure routers including OSPF Configure and propagate a static default route Verify OSPF operation Test and verify full connectivity Reflect upon and document the network implementation subnetted using VLSM to complete the addressing of the network shown in the Topology Diagram. A combination OSPF routing and static routing will be required so that hosts on networks that are not directly connected will be able to communicate with each other. OSPF area ID of 0 and process ID of 1 will be used in all OSPF configurations. Task 1: Subnet the Address Space. Step 1: Examine the network requirements. The addressing for the Network has the following requirements. e The 172.20.0.0/16 network must be subnetted to provide addresses for the LANs and serial links. The HQ LAN will require 8000 addresses o) o) 0 0 The Branchl LAN will require 4000 addresses The Branch 2 LAN will require 2000 addresses The links between the routers will require two addresses for each link « The loopback address representing the link between the HQ router and the ISP will use the 10.10.10.0/30 network. DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 6 0f 16
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Step 2: Consider the following questions when creating your network design. How many subnets need to be created from the 172.20.0.0/16 network? _ 6 How many total IP addresses are required from the 172.16.0.0/16 network? _ 14006 What subnet mask will be used for the HQ LAN subnet? 255.255.224.0 or19 What is the maximum number of host addresses that could be used on this subnet? 8190 What subnet mask will be used for the Branchl LAN subnet?_ 255.255.240.0 or 20 What is the maximum number of host addresses that could be used on this subnet? 4094 What subnet mask will be used for the Branch2 LAN subnet? _ 255.255.248.0 or 21 What is the maximum number of host addresses that could be used on this subnet? 2046 What subnet mask will be used for the links between the three routers? _ 255.255.255.252 or 30 What is the maximum number of host addresses that could be used on each of these subnets? 2 Step 3: Assign subnetwork addresses to the Topology Diagram. 1. Assign subnet O of the 172.20.0.0/16 network to the HQ LAN subnet. What is the network address of this subnet? _172.20.0.0/19 2. Assign subnet 1 of the 172.20.0.0/16 network to the Branchl LAN subnet. What is the network address of this subnet? _ 172.20.32.0/20 3. Assign subnet 2 of the 172.20.0.0/16 network to the Branch2 LAN subnet. What is the network address of this subnet? _ 172.20.48.0/21 DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 7 of 16
4. Assign subnet 3 of the 172.20.0.0/16 network to the link between the HQ and Branchl routers. What is the network address of this subnet? 172.20.56.0/30 5. Assign subnet 4 of the 172.20.0.0/16 network to the link between the HQ and Branch?2 routers. What is the network address of this subnet? 172.20.56.4/30 6. Assign subnet 5 of the 172.20.0.0/16 network to the link between the Branchl and Branch?2 routers. What is the network address of this subnet? 172.20.56.8/30 Task 2: Determine Interface Addresses. Assign appropriate addresses to the device interfaces. 1. Assign the first valid host address in the 10.10.10.0/30 network to the Loopback 1 interface on the HQ router. Assign the first valid IP address of the HQ LAN network to the LAN interface of the HQ router. 3. Assign the last valid IP address of the HQ LAN network to PC2. 4, Assign the first valid IP address of the Branchl LAN network to the LAN interface of the Branchl router. 5. Assign the last valid IP address of the Branchl LAN network to PC1. 6. Assign the first valid IP address of the Branch2 LAN network to the LAN interface of the Branch2 router. 7. Assign the last valid IP address of the Branch2 LAN network to PC3. 8. Assign the first valid IP address of the HQ to Branchl link network to 9 N the Serial 0/0/0 interface of the HQ router. . Assign the last valid IP address of the HQ to Branchl link network to the Serial0/0/0 interface of the Branch router. 10. Assign the first valid IP address of the HQ to Branch2 link network to the Serial 0/0/1 interface of the HQ router. 11. Assign the last valid IP address of the HQ to Branch2 link network to the Serial0/0/1 interface of the Branch2 router. 12. Assign the first valid IP address of the Branchl to Branch?2 link network to the Serial 0/0/1 interface of the Branchl router. 13, Assign the last valid IP address of the Branchl to Branch2 link network to the Serial0/0/0 interface of the Branch?2 router. Document the addresses to be used in the table provided under the Topology Diagram. Task 3: Prepare the Network. Step 1: Cable a network that is similar to the one in the Topology Diagram. You can use any current router in your lab as long as it has the required DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 8 0f 16
interfaces as shown in the topology. Step 2: Clear any existing configurations on the routers. Task 4: Perform Basic Router Configurations. Perform basic configuration of the BRANCH, HQ, and ISP routers according to the following guidelines: Configure the router hostname. Disable DNS lookup. Configure an EXEC mode password. Configure a message-of-the-day banner. Configure a password for console connections. Configure a password for VTY connections. Synchronize unsolicited messages and debug output with solicited output and prompts for the console and virtual terminal lines. Configure an EXEC timeout of 15 minutes. NoukwNH o Task 5: Configure and Activate Serial and Ethernet Addresses. Step 1: Configure the interfaces on the HQ, Branchl, and Branch2 routers with the IP addresses from the table provided under the Topology Diagram. When you have finished, be sure to save the running configuration to the NVRAM of the router. Step 2: Configure the Ethernet interfaces of PC1, PC2, and PC3 with the IP addresses from the table provided under the Topology Diagram. Configure serial DCE interfaces with clock rates of 64000. Step 3: Configure the correct bandwidth for the serial interfaces on the Branch 1 router. What commands are required to accomplish this? Configure Terminal Interface serial 10/0/0 Bandwidth 128 Interface serial 0/0/1 Bandwidth 64 Step 4: Configure the correct bandwidth for the serial interfaces on the Branch 2 router. What commands are required to accomplish this? Configure Terminal DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 9 0f 16
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Interface serial 10/0/0 Bandwidth 64 Interface serial 0/0/1 Bandwidth 256 Step 5: Configure the correct bandwidth for the serial interfaces on the HQ router. What commands are required to accomplish this? Configure Terminal Interface serial 10/0/0 Bandwidth 128 Interface serial 0/0/1 Bandwidth 256 Task 6: Verify Connectivity to Next Hop Device. You should NOT have connectivity between end devices yet. However, you can test connectivity between two routers and between and end device and its default gateway. Step 1: Verify that the HQ, Branchl, and Branch2 routers can ping each of the neighboring routers across the WAN links. Step 2: Verify that PC1, PC2, and PC3 can ping their respective default gateway. Task 7: Configure OSPF Routing on the Branchl Router. Step 1: Consider the networks that need to be included in the OSPF updates that are sent out by the Branchl router. What directly connected networks are present in the Branch1 routing table? 172.20.32.0/20 172.20.56.0/30 172.20.56.8/30 What commands are required to enable OSPF and include the connected networks in the routing updates? network ospf 1 Network 172.20.32.0.0.0.15.255 area O Network 172.20.56.0.0.0.0.3 area O Network 172.20.56.8.0.0 DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 10 of 16
Are there any router interfaces that do not need to have OSPF updates sent out? yes What command is used to disable OSPF updates on these interfaces? passive -interface fastethernet0/0 Task 8: Configure OSPF and Static Routing on the HQ Router. Step 1: Consider the type of static routing that is needed on HQ. A static default route will need to be configured to send all packets with destination addresses that are not in the routing table to the loopback address representing the link between the HQ router and the ISP. What command is needed to accomplish this? ip-route 0.0.0.0.0.0.0.0 loopbackl What directly connected networks are present in the HQ routing table? 10.10.10.0/30 172.20.0.0/19 172.20.56.0/30 172.20.56.4/30 Will the networks of the HQ LAN and the links between the Branch 1 and Branch2 routers need to have the subnet mask information included in the network statements? Yes What commands are required to enable OSPF and include the appropriate networks in the routing updates? ip-route ospf 1 Network 172.20.0.0 0.0.31.255 area 0 Network 172.20.56.0 0.0.0.3 area 0 Network 172.20.56.4 0.0.0.3 area 0 Are there any router interfaces that do not need to have OSPF updates sent out? _Yes What command is used to disable OSPF updates on these interfaces? passive-interface Fastethernet 0/0 Passive-interface loopbackl Default-information originate DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 11 of 16
The HQ router needs to send the default route information to the Branchl and Branch2 routers in the OSPF updates. What command is used to configure this? default-information originate Task 9: Configure OSPF Routing on the Branch2 Router. Step 1: Consider the networks that need to be included in the OSPF updates that are sent out by the Branch2 router. What directly connected networks are present in the Branch2 routing table? 172.20.48.0/21 172.20.56.4/30 172.20.56.8/30 What commands are required to enable OSPF and include the connected networks in the routing updates? router ospf 1 network 172.20.48.0 0.0.7.255 area 0 network 172.20.56.40.0.0.3 area 0O network172.20.56.8 0.0.0.3 area 0 Are there any router interfaces that do not need to have OSPF updates sent out? What command is used to disable OSPF updates on these interfaces? passive-interface FastEthernet0/00 Task 10: Verify the Configurations Answer the following questions to verify that the network is operating as expected. From PC1, is it possible to ping PC2? Yes From PC1, is it possible to ping the PC3? Yes The answer to the above questions should be ‘yes’. If any of the above pings failed, check your physical connections and configurations. Refer to your basic troubleshooting techniques used in the Chapter 1 labs. What OSPF routes are present in the routing table of the Branchl router? DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 12 of 16
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
172.20.0.0/19 [110/782] via 172.20.56.1 172.20.48.0/21 [110/1172] via 172.20.56.1 172.20.56.4/30 [110/1171] via 172.20.56.1 0.0.0.0/0 [110/1] via 172.20.56.1 What is the gateway of last resort in the routing table of the Branchl router? 3 172.20.56.1 to network 0.0.0.0 What OSPF routes are present in the routing table of the HQ router? 172.20.32.0/20 [110/782] via 172.20.56.2 172.20.48.0/21 [110/391] via 172.20.56.6 172.20.56.8/30 [110/1952] via 172.20.56 172.20.56.8/30 [110/1952] via 172.20.56 .56.6 .56.6 What is the gateway of last resort in the routing table of the HQ router? 0.0.0.0 to network 0.0.0.0 What OSPF routes are present in the routing table of the Branch2 router? 172.20.0.0/191110/391] via 172.20.56.5 172.20.32.0/20[110/1172] via 172.20.56.5 172.20.56.0/30[110/1171] via 172.20.56.5 0.0.0.0/0 [110/1] via 172.20.56.5 What is the gateway of last resort in the routing table of the Branch2 router? 172.20.56.5 to network 0.0.0.0 Task 11: Reflection On PC1, use the tracert command to examine the route that is used between PC1 and PC3. What are the hops in the route to PC3? 172.20.32.1, The FastEthernet0/0 interface of the branch 1 router 172.20.56.1, the Serial0/0/0 interface of the HQ router 172.20.56.6, the Serial0/0/1 interface of the branch 2 router 172.20.55.254, the |IP address of PC3. Is this the least number of hops that can be used to reach PC3? _NO DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 13 of 16
If the answer is no,Why is a path with more than the minimum amount of hops used? Answer: The serial connection between the branchl and HQ router and the connection between the HQ and Branch 2 routers have a higher bandwidth that the link between the branch 1 and Branch 2 router. Routers with higher value have a lower calculated cost. The router with the lowest cost is chosen as the router to the branch 2 LAN At the end of this activity your completion rate should be 100%. If the completion rate is not 100%, use the Check Results button and troubleshoot as necessary. Q Cisco Packet Tracer Student - C:\Users\lenovo\Desktop\PCT\Advance Diploma\TERM N\IC.. O X File Edit Options View Tools BExtensions Help Activity Results Time Elapsed: 00:32:58 Congratulations Michelle! You completed the activity. Overall Feedback Assessment Items Connectivity Tests ‘Expand/Collapse All Score : 46/46 N\ Assessment Items Status Points A Item Count 5 46/46 = Network = Branch1l Component Items/Total Score &~ Host Name Correct 1 Ip 27/27 27/27 B %SfiF o g Other 212 2/2 =} Process : = Passive Interface 0 :hy:cal 129; lzgé ‘& FastEthernet0/0 Correct 1 g = Ports o = FastEthernet0/0 . Connectivity ' & IP Address Correct 1 Connectivity Tests 2/2 0/0 & Port Status Correct 1 | & Subnet Mask Correct 1 = Serial0/0/0 : & Clock Rate Correct 1 & IP Address Correct 1 & Port Status Correct 1 | & Subnet Mask Correct 1 = Serial0/0/1 & IP Address Correct 1 & Port Status Correct 1 & Subnet Mask Correct 1 v < > Close Figure 2: Activity Result DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 14 of 16
1. OBSERVATION CHECKLIST (Assessor to complete) Trainer/Assessor: Student Name: Student ID: Satisfactory | Assessor’s performance |comments | Yes/No 1. Analyse operation of the internet 1.1 Evaluate the interrelationship of IP to open systems interconnect (OSI) seven layer model and the impact on network topologies and network elements 1.2 Assess media access control (MAC) and IP addressing, and their application in security 1.3 Report on transmission control protocol/internet protocol (TCP/IP) operations and use of transport protocols for transmitting data over the network 1.4 Examine various types of routing protocols and the implications on security 1.5 Analyse forms of label switching as applied to data packets 1.6 Use software to simulate least-cost algorithms 4. Analyse features and types of network security 4.1 Analyse procedures and processes used for Students have security attacks and use of protection mechanisms ggt?att'lzgslr?”d 4.2 Researc_h conver_mtlonal encryption algorl_thms ICTNWK544 and determine possible locations of encryption devices 4.3 Produce a report on conventional encryption key distribution problems and how message authentication and verification is achieved 4.4 Research one-way hashing and secure hashing functions 4.5 Produce a report on digital signature standard (DSS) principles, including public key cryptography algorithms for network security | Feedback to candidate: DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 15 of 16
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Overall Performance: [1 Satisfactory (S) [1 Not Satisfactory (NS) Assessor: Date: DS-SP-02/21 PD-ICTNWK546 V2.3 RTO Provider Code: 91151 CRICOS Provider Code: 02668F Page 16 of 16

Related Documents

eBook _ Chapter 4 Mitigating Risk When Connecting to the Internet.pdf
ICTNWK540 Simulation Pack (Case Study).docx
ICTNWK540 Assessment 1 Guideline.docx
BSBPMG530 Assessment 1.pdf
Assignment 1.docx
Assignment 8 BB.docx
CCJS 421 .pdf
CCJS 421 -Discussion.pdf
CCJS 421 - Discussion 6.pdf
CCJS 421 - Discussion 1.pdf
dad 220 mod 2 lab.docx
Project One Project Plan Project Management (1).docx