Higher National Unit Specification. General information for centres. Unit title: Enhancing Network Security and Configuring Remote Access Methods



Similar documents
Higher National Unit Specification. General information for centres. Unit title: Software Development: Applications Development. Unit code: D76N 34

Higher National Unit specification: general information

Higher National Unit Specification. General information for centres. Unit code: DV6C 35

Unit title: Network Infrastructure 2: Planning and Maintenance

Unit title: Network Design: Directory Services and Network Infrastructure

A candidate is encouraged to use the internet in any research, etc. However, the evidence produced must be the candidate s own written words.

VPN. Date: 4/15/2004 By: Heena Patel

Types of Software Specification and Their Use

Higher National Unit specification: general information

Bring Your Own Device (BYOD): Introduction (SCQF level 7)

Higher National Unit Specification. General information for centres. Database Design Fundamentals. Unit code: DV6E 34

National Unit Specification: general information. UNIT Computing: Computer Networking Fundamentals (SCQF level 5) CODE F1KH 11 SUMMARY OUTCOMES

Module 10: Supporting Remote Users

Higher National Unit specification: general information

Higher National Unit specification: general information

7.1. Remote Access Connection

1 Higher National Unit credit at SCQF level 8: (8 SCQF credit points at SCQF level 8)

Higher National Unit specification: general information

Higher National Integrative Assessment Specification

Web Development: Dynamically Generated Content

ERserver. iseries. Remote Access Services: PPP connections

Higher National Unit Specification. General information for centres. Unit title: Network Server Operating System. Unit code: DF9N 34

Higher National Unit specification: general information

Cornerstones of Security

Higher National Unit specification: general information. Developing Mobile Web Based Applications: An Introduction

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

2 HN Credits at SCQF level 8: (16 SCQF credit points at SCQF level 8)

Higher National Unit Specification. General information for centres. Unit code: F19T 35

Higher National Unit Specification. General information for centres. Occupational Therapy Support: Audit. Unit code: F3NE 34

Financial Accounting Statements: An Introduction

Design for Print: Automated Digital Workflows for Pre-Press

Higher National Unit Specification. General information for centres. Applied Industrial Plant Maintenance. Unit code: DT9W 35

Model 2120 Single Port RS-232 Terminal Server Frequently Asked Questions

How To Understand And Understand The Security Of A Key Infrastructure

Higher National Unit specification. General information for centres. Unit title: Developing the Individual within a Team. Unit code: F870 34

Technical papers Virtual private networks

Windows Server 2003 Remote Access Overview

MCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access

Higher National Unit specification. General information for centres. Unit title: Economic Issues: An Introduction. Unit code: F7J8 34

This Unit is a mandatory Unit of the Business Management (Intermediate 2) Course and is also available as a free standing Unit.

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

How Virtual Private Networks Work

Remote Access Security

This Unit is suitable for candidates wishing to acquire a basic understanding of the theory and practice of music remixing.

UNIT Painting and Decorating: Colour Schemes (SCQF level 6)

Case Study for Layer 3 Authentication and Encryption

Network Security 1 Module 4 Trust and Identity Technology

Unit title: Marketing: Brand Management (SCQF level 8)

Chapter 17 Determining Windows 2000 Network Security Strategies

Linux Web Based VPN Connectivity Details and Instructions

Experiment # 6 Remote Access Services

Higher National Unit specification. General information for centres. Web Development: Website Optimisation. Unit code: F6C5 35

FUNDAMENTALS OF REMOTE ACCESS

Higher National Unit specification. General information. Unit title: Big Data (SCQF level 7) Unit code: H8W8 34. Unit purpose.

SLIP and PPP. Gursharan Singh Tatla

Executive Summary and Purpose

Web Authentication Application Note

Windows Web Based VPN Connectivity Details & Instructions

Higher National Unit specification: general information

Managing Information Systems to Develop a Small Business (SCQF level 8)

Higher National Unit specification: general information. Relational Database Management Systems

Unit title: Cyber Security Fundamentals (SCQF level 4)

This Unit is aimed at candidates who have no previous experience of computer programming.

L2F Case Study Overview

Introduction to Security and PIX Firewall

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Domain 6.0: Network Security

BCM Rls 6.0. Remote Access. Task Based Guide

CTS2134 Introduction to Networking. Module Network Security

Unit title: Curriculum and Assessment in an Early Years and Childcare Setting

UNIT Shorthand: An Introduction (SCQF level 5)

SSL VPN Technology White Paper

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

Ti m b u k t up ro. Timbuktu Pro Enterprise Security White Paper. Contents. A secure approach to deployment of remote control technology

Connecting Remote Users to Your Network with Windows Server 2003

UNIT Art and Design: Web Project (SCQF level 6)

Higher National Unit specification. General information. Software Development: Analysis and Design (SCQF level 7) Unit code: HA4C 34.

The Shift to Wireless Data Communication

MAC Web Based VPN Connectivity Details and Instructions

Higher National Unit specification. General information. Unit title: Data Science (SCQF level 8) Unit code: H8W9 35. Unit purpose.

Advanced Certificate in Networking (Microsoft) G5J9 17. Group Award Requirements

Art and Design: 3D: Basic Construction Skills (SCQF level 5)

ICAB5238B Build a highly secure firewall

Step-by-Step Configuration

Virtual Private Networks

VPN. VPN For BIPAC 741/743GE

ICANWK406A Install, configure and test network security

Computing: Website Design and Development (SCQF level 5)

Graded Unit Title: HND Human Resource Management: Graded Unit 2

10 WIRELESS, REMOTE, AND WIDE AREA NETWORKING

2006 Network + Domain 2 - Study Guide

Unit title: Web Apps: Word Processing (SCQF level 4)

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

VPN PPTP Application. Installation Guide

Management of Marketing and Operations (National 5) level 5 (6 SCQF credit points)

UNIT Art and Design: Animation Project (SCQF level 6)

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Higher National Unit specification. General information for centres. IT in Business: Advanced Spreadsheets. Unit code: F849 35

Transcription:

Higher National Unit Specification General information for centres Unit code: D7JV 35 Unit purpose: This Unit is designed to enable candidates to increase network security through authentication, encryption and to configure remote access methods. The Unit prepares candidates for this task by ensuring they apply advanced and specialised knowledge to configure network equipment, network services and software. Practical experience is gained in implementing typical network services using industry-standard equipment and protocols. The Unit is primarily intended for candidates who expect to work in a network installation environment, as a network administrator or in a network support role. On completion of the Unit the candidate should be able to: 1. Deploy Certificate Services 2. Implement Internet Protocol Security (IPSec) 3. Configure common remote access methods Credit value: 1 HN Credit(s) at SCQF level 8: (8 SCQF credit points at SCQF level 8) SCQF (the Scottish Credit and Qualifications Framework) brings Scottish qualifications into a single framework of 12 levels ranging from SQA Access 1 to doctorates. The SCQF includes degrees; HNC/Ds; SQA National Qualifications; and SVQs. Each SQA Unit is allocated a number of SCQF credit points at a specific level. 1 SCQF point = 10 hours of learning. HN candidates are normally expected to input a further number of hours, matched to the credit value of the Unit, of non-contact time or candidate-led effort to consolidate and reinforce learning. Recommended prior knowledge and skills: Access to this Unit will be at the discretion of the Centre, however it is recommended that candidates should have a good working knowledge of Networking and Protocols. It would be useful if candidates had either completed or were currently studying the HN Units D75T 34 Computer Networks: Building Local Area Networks or D77B 35 Computer Networks: Administering Network Systems or Computer Systems Security and Data Assurance. Core skills: There may be opportunities to gather evidence towards core skills in this Unit, although there is no automatic certification of core skills or core skills components. HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 1

General information for centres (cont) Context for delivery: If this Unit is delivered as part of a group award, it is recommended that it should be taught and assessed within the subject area of the group award to which it contributes. Assessment: Two instruments of assessment could assess this Unit. The first would require candidates to produce short or restricted responses to written questions testing their underpinning knowledge. The second would contain a series of assignments testing their practical abilities to install network services. HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 2

Higher National Unit specification: statement of standards Unit code: The sections of the Unit stating the Outcomes, knowledge and/or skills, and evidence requirements are mandatory. Where evidence for Outcomes is assessed on a sample basis, the whole of the content listed in the knowledge and/or skills section must be taught and available for assessment. Candidates should not know in advance the items on which they will be assessed and different items should be sampled on each assessment occasion. Outcome 1 Deploy Certificate Services Knowledge and/or skills Public Key Cryptography (PKI) concepts Deploy and Manage certificates Evidence requirements Candidates will need evidence to demonstrate their knowledge and/or skills by showing that they can: Describe the basic concepts of Public/Private key authentication and Digital Signatures. Describe the importance of Public Key Cryptography for e-commerce, Intranets and webenabled applications. The above must be assessed as a set of extended response questions that cover the basic concepts of both PKI and Digital Signatures. There should be at least one question on both of the knowledge and/or skills items shown above. The candidates response must be a minimum of 300 words for each item. Candidates must additionally be assessed on the importance of PKI for e-commerce, intranets and web-enabled applications. This may be sampled with only one of the three areas being covered and should include a description of a working example. It should be assessed by an extended response question of a minimum of 300 words. This assessment will be open book. Candidates are required to obtain a pass mark of 60% overall in order to pass this section of Outcome 1. Candidates will demonstrate that they can deploy certificate services by implementing a certification service to deploy and use key certificates. Candidates must have full access to HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 3

documentation throughout the completion of this task. Candidates must be able to create a private public key pair for a user or a group of users and have this used as authentication. Higher National Unit specification: statement of standards The evidence for this section of Outcome 1 will be produced in the form of an observation checklist that covers all the points listed above. Assessment guidelines All assessments in Outcome 1 should be open book. It is suggested that when investigating the importance of PKI that the candidates should try and identify a real life example of their chosen area. When configuring a key certificate server it is suggested that only one area is covered, such as intranets or e-commerce. This assessment is suited to candidates working in groups and each group may cover a different area in which PKI is suited. Outcome 2 Implement Internet Protocol Security (IPSec) Knowledge and/or skills Common security issues Goals of IPSec Implement IPSec Evidence requirements Candidates will need evidence to demonstrate their skills and/or knowledge by showing that they can: Identify common security issues Network monitoring, data modification, passwords, address spoofing, and denial of service. At least 3 of these should be sampled. Identify the goals of IPSec including mutual authentication and encryption of data. The above should be assessed using 5 short response questions. This must be a closed book assessment held under controlled conditions and of 1 hour s duration. Candidates are required to obtain a pass mark of 60% overall in order to pass this section of Outcome 2. Candidates must implement IPSec between two different machines. The evidence for this section of Outcome 2 will be produced in the form of an observation checklist that covers all the points listed above. Candidates should have full access to documentation throughout this task. HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 4

Assessment guidelines Candidates should demonstrate a firm understanding of potential problems when administering TCP/IP based networks. This should especially be emphasised on externally connected networks to the Internet. Higher National Unit specification: statement of standards (cont) Candidates should demonstrate that they have successfully configured IP sec between two machines. A packet sniffer (TCP Dump Linux) or network monitoring tool may be used to demonstrate before and after IP/SEC is running for a service such as FTP. Outcome 3 Configure common remote access methods Knowledge and/or skills Common connectivity options. Remote Access Protocols Remote Access Authentication protocols Remote Authentication Dial-In User Service (RADIUS) Configure server for remote access. Evidence requirements Candidates will need evidence to demonstrate their knowledge and/or skills by showing that they can identify: Common remote connectivity options. As a minimum, Dial Up Connection and Virtual Private Network (VPN) must be assessed. Remote access protocols. A minimum of two protocols must be assessed. Common hardware connection options should be stated- PSTN, ISDN, ADSL, and cable modem, X.25. A minimum of one hardware connection option must be assessed. A remote access authentication protocol selection. RADIUS as an authentication and accounting service for interoperability between vendors. The above should be assessed using a set of 10 restricted response questions with two questions for each of the five topics shown above. This should be a closed-book assessment of 1 hours duration carried out under controlled conditions. Candidates are required to obtain a pass mark of 60% overall in order to pass this section of Outcome 3. Configure a server for remote access including permissions, caller id, callback. A minimum of two of these options must be configured. The evidence for this section of HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 5

Outcome 3 will be produced in the form of an observation checklist that covers all the points listed above. Candidates should have full access to documentation throughout this task. HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 6

Higher National Unit specification: statement of standards (cont) Assessment guidelines Remote access protocols may include PPP, SLIP, Microsoft RAS, AppleTalk Remote Access Protocol (ARAP), LAN Protocols TCP/IP, NWLink, NetBEUI, Appletalk or others as appropriate. Remote authentication protocol may include PAP, SPAP, CHAP, MS-CHAP or others as appropriate. The examining centre must provide all facilities for remote access whether it is done by dial up connection or by use of a protocol over a fixed network. Administrative Information Unit code: D7JV 35 Unit title: Enhancing Network Security and Configuring Remote Access Superclass category: CB Date of publication: 1 October 2001 Source: SQA Scottish Qualifications Authority 2001 This publication may be reproduced in whole or in part for educational purposes provided that no profit is derived from reproduction and that, if reproduced in part, the source is acknowledged. Additional copies of this Unit specification can be purchased from the Scottish Qualifications Authority. The cost for each Unit specification is 2.50 (minimum order 5.00). HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 7

Higher National Unit specification: support notes This part of the Unit specification is offered as guidance. The support notes are not mandatory. While the exact time allocated to this Unit is at the discretion of the centre, the notional design length is 40 hours. Guidance on the content and context for this Unit It is important to demonstrate to the candidate the importance of network security in a world where we are becoming more reliant on using communications technologies. Hardly a day goes past without some organisation having its security procedures breached. Networks are no longer closed domains with staff working away from the office building wishing to connect to the company s data as well as potential clients and customers. Making data available is advantageous for most companies, but this does have its pitfalls. The aim of this Unit is to highlight a few of these pitfalls and produce modern solutions to help keep data safe. Outcome 1 is aimed at introducing the candidate to the importance of Public Key Cryptography and the facilities of key certification. This would be aided by a demonstration or investigation of SSL and by looking at trusted systems such as Verisign. Analogies such as passport generation which contains a unique number, attributes such as expiration date, name, address, etc, and is issued by a trusted simple may aid understanding. Once a general knowledge in this area is demonstrated then the candidate should be introduced to internally generated key certification. This may be done via Windows 2000, Unix, Novell or another appropriate system. Outcome 2 deals with investigating common security issues on an IP based network. Topical examples should be used to help generate an awareness of security issues. Packet sniffers should also be used to demonstrate what information could be obtained by monitoring a line, especially services such as FTP and Telnet, without the use of encrypted passwords. The security issues involved in traffic monitoring, such as quiet and busy times and the information that can be obtained from this basic data should be investigated. This should lead into an investigation of the challenges faced by network administrators to ensure that data is safe from modification, interception, viewing, copying and being accessed by unauthenticated parties. This then leads to standard encryption techniques such as IPSec to secure communications within an intranet and to create secure virtual private network (VPN) solutions across the Internet. A short description of the goals of IPSec including the differences between computer-to-computer and network-to-network should also be included in Outcome 2. HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 8

Higher National Unit specification: support notes (cont) Outcome 3 is concerned with the issues involved in trying to access a network from an external location. This should cover dial up and virtual private network (VPN) connections. ISPs and the Internet would make a good starting point for common remote access to a network using a protocol such as PPP. Security features such as called id and call back should be introduced when talking about more private networks. Discussion of authentication and of RADIUS should provide one point of authentication between different network systems. Guidance on the delivery and assessment of this Unit Wherever possible, provide the candidates with examples of current real life scenarios of breaches of security. A candidate should have a clear understanding of what they are trying to achieve on all practical exercises before commencement. All practical exercises should only be attempted after a clear understanding of the theory is demonstrated in the written assessments. There is no importance placed on the order of delivery for the Outcomes although it is suggested that Outcomes 1 and 2 be closely linked in delivery. All software required for PKI and network monitoring should be made available to the candidates from the beginning of the Unit. Assessment Summary Outcome 1 Two extended responses of at least 300 words on Public/Private key authentication and Digital Signatures. Open Book. One extended response of at least 300 words on one of the following Public Key Cryptography for e-commerce, Intranets and web enabled applications. Open Book. Configure a Key Certification server to deploy and manage certificates. Outcome 2 Five short response questions on common security issues and the goals of IPSec Implement IPSec between two machines Outcome 3 Ten restricted response questions. Closed book. Configure a server for remote access. HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 9

Higher National Unit specification: support notes (cont) Open learning If this Unit is delivered by open or distance learning methods, additional planning and resources may be required for candidate support, assessment and quality assurance. A combination of new and traditional authentication tools may have to be devised for assessment and re-assessment purposes. For further information and advice, please see Assessment and Quality Assurance for Open and Distance Learning (SQA, February 2001 publication code A1030). For information on normal open learning arrangements, please refer to the SQA guide Assessment and Quality Assurance of Open and Distance Learning (SQA, 2000). Special needs This Unit specification is intended to ensure that there are no artificial barriers to learning or assessment. Special needs of individual candidates should be taken into account when planning learning experiences, selecting assessment instruments or considering special alternative Outcomes for Units. For information on these, please refer to the SQA document Guidance on Special Assessment and Certification Arrangements for Candidates with Special Needs and Candidates for whom English is an Additional Language (SQA, 2000). HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 10

General information for candidates This Unit is primarily targeted at those of you expecting to work in a Networking Support or Administration role, but it is also relevant to those who want a greater awareness of security issues and solutions. This Unit should provide you with an understanding and appreciation of the complexities of securing data and access on a network, while still enabling availability to services and data for the appropriate personnel. You will develop hands on skills in installing, configuring, and managing a key certification server. With more and more people having to communicate over networks its important that you understand the key concepts involved in making sure your transmitted data is secure. It is also important that users and computers can identify themselves in a secure manner and not have impostors forge your identity. Key Certificates are becoming a more common way for connected machines and users to have trust in today s technologies. This may be done in a transparent manner such as SSL or by users carrying around their key certificates in devices such as smart cards and USB dongles. You will also be introduced to secure remote access methods, which allow any user either locally, or remotely to connect safely to any network. This will be looked at from both the hardware and software sides. Before commencement of this Unit you should have a good grounding in network technologies such as protocols and hardware required to construct and connect LANs and WANs. It would also be advantageous to have a good understanding basic network security and the Internet. In Outcome 1 you will be assessed using a set of extended response questions that cover the basic concepts of both PKI and Digital Signatures. Your response must be a minimum of 300 words for each item. Additionally, you will be assessed on the importance of PKI for one of, e-commerce, intranets and web-enabled applications. Again, your response to this question must be a minimum of 300 words. This assessment will be open book and you need to obtain a pass mark of 60% overall in order to pass this section of Outcome 1. There will be a further practical assessment where you must demonstrate that you can deploy certificate services by implementing a certification service to deploy and use key certificates. During this activity you will demonstrate that you can apply your practical knowledge and skills appropriately to your tutor/lecturer who will observe you during this period. You should have full access to documentation throughout this task. In Outcome 2 you will be assessed using 5 short response questions to test your theoretical knowledge and understanding of implementing Internet Protocol Security (IPSec). This will be a closed book assessment held under controlled conditions and of 1 hour s duration. You will need to obtain a pass mark of 60% overall in order to pass this section of Outcome 2. Additionally, there will be a practical assessment where you must implement IPSec between two different machines. During this activity you will demonstrate that you can apply your practical knowledge and skills appropriately to your tutor/lecturer who will observe you during this period. You should have full access to documentation throughout this task. HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 11

General information for candidates Outcome 3 will be assessed using a set of 10 restricted response questions to test your theoretical knowledge and understanding of configuring common remote access methods. This will be a closed-book assessment of 1 hours duration carried out under controlled conditions. You will need to obtain a pass mark of 60% overall in order to pass this section of Outcome 3. Additionally, you will be given a practical exercise in which you configure a server for remote access including permissions, caller id and call-back you must demonstrate that you can configure at least two of these. During this activity you will demonstrate that you can apply your practical knowledge and skills appropriately to your tutor/lecturer who will observe you during this period. You should have full access to documentation throughout this task. HN Unit D7JV 35: Enhancing Network Security and Configuring Remote Access 12