City of Dublin Education & Training Board. Programme Module for. Network Security. leading to. Level 6 QQI. Network Security 6N0720

City of Dublin Education & Training Board

Programme Module for

Network Security

leading to

Level 6 QQI

Network Security 6N0720

Introduction

This programme module may be delivered as a standalone module leading to certification in a QQI minor award. It may also be delivered as part of an overall validated programme leading to a Level 6 QQI Certificate.

The teacher/tutor should familiarise themselves with the information contained in [Named Provider’s] programme descriptor for the relevant validated programme prior to delivering this programme module.

The programme module is structured as follows: 1. Title of Programme Module

2. QQI Component Title and Code 3. Duration in hours

4. Credit Value of QQI Component 5. Status

6. Special Requirements

7. Aim of the Programme Module 8. Objectives of the Programme Module 9. Learning Outcomes

10. Indicative Content 11. Assessment

a. Assessment Technique(s)

b. Mapping of Learning Outcomes to Assessment Technique(s) c. Guidelines for Assessment Activities

12. Grading

13. Learner Marking Sheet(s), including Assessment Criteria

Integrated Delivery and Assessment

The teacher/tutor is encouraged to integrate the delivery of content where an overlap between content of this programme module and one or more other programme modules is identified. This programme module will facilitate the learner to develop the academic and vocational language, literacy and numeracy skills relevant to the themes and content of the module.

Likewise the teacher/tutor is encouraged to integrate assessment where there is an opportunity to facilitate a learner to produce one piece of assessment evidence which demonstrates the learning outcomes from more than one programme module. The integration of the delivery and assessment of level 6 Communications and level 6 Mathematics modules with that of other level 6 modules is specifically encouraged, as appropriate.

Indicative Content

The indicative content in Section 10 does not cover all teaching possibilities. The teacher/tutor is encouraged to be creative in devising and implementing other approaches, as appropriate. The use of examples is there to provide suggestions. The teacher/tutor is free to use other examples, as appropriate. The indicative content ensures all learning outcomes are addressed but it may not

follow the same sequence as that in which the learning outcomes are listed in Section 9. It is the teacher’s/tutor’s responsibility to ensure that all learning outcomes are included in the delivery of this programme module.

1. Title of Programme Module

Network Security

2. Component Name and Code

Network Security 6N0720

3. Duration in Hours

150 Hours (typical learner effort, to include both directed and self directed learning)

4. Credit Value

15 Credits

5. Status

This programme module may be compulsory or optional within the context of the validated programme. Please refer to the relevant programme descriptor, Section 9 Programme Structure

6. Special Requirements

NONE

7. Aim of the Programme Module

This programme module aims to give the student an understanding of the fundamental concepts in Network Security and an ability to implement best practice solutions in the protection of computer system.

8. Objectives of the Programme Module

 To enable the learner to understand the fundamental concepts and terminology in Network Security.

 To enable the learner to explain the importance of auditing and compliance in Network Security.

 To assist the learner to analyse the features of and implement the various techniques used to protect computer systems.

 To enable the learner to understand the concepts behind and implement secure communication on a computer system.

 To assist the learner to develop the academic and vocational language, literacy and

numeracy skills related to Network Security through the medium of the indicative content  To enable the learner to exercise substantial personal autonomy and responsibility.

9. Learning Outcomes of Level 6 Network Security 6N0720 Learners will be able to:

1. Demonstrate an understanding of and apply key (fundamental) concepts and principles in communication and infrastructure security

2. Identify security threats to, and weaknesses of, network solutions and deployments—both external and internal

3. Demonstrate an understanding of the concepts and modalities commonly exploited in network, system and software compromise strategies and demonstrate how to protect against such attacks

4. Analyse the capabilities of network protection and threat remediation solutions, and issue recommendations thereof

5. Define and enforce robust security, compliance, auditing and updating policies 6. Implement and test proactive security solutions across a variety of platforms

7. Establish and implement a centralised system update and software patching regimen 8. Secure common software and internet services

9. Use a VPN to securely connect, and route remote traffic, into a corporate network

10. Establish secure wireless connectivity for devices and users within a corporate network (e.g. WPA, WPA2, EAP, 802.1x)

11. Engage in systematic security auditing, system hardening and penetration testing for all network devices and services

12. Describe a training, auditing and compliance system for an organisation’s computer system 13. Demonstrate an understanding of the different methods used for software restriction

policies, and implement and evaluate one such method

14. Investigate hardware and software encryption solutions for securing information on modern networkable systems

10. Indicative Content

This section provides suggestions for programme content but is not intended to be prescriptive. The programme module can be delivered through classroom based learning activities, group discussions, one-to-one tutorials, field trips, case studies, role play and other suitable activities, as appropriate.

Section 1 : Fundamental Concepts (1,2,3)

Facilitate the learner to:

 Explain the importance of Confidentiality, Integrity and Availability in Network Security.

 Explain the importance of access control and explore the different models that are available, including

o Mandatory Access Control (MAC), o Role Based Access Control (RBAC), o Discretionary Access Control (DAC),

o Rule Based Access Control (RBAC or RB-RBAC)  Explain common terminology in security, including

o Asset o Threat o Threat Agent o Vulnerability o Exploit o Risk

 Describe the different types of attackers that might threaten security, including:

o Hackers o Script kiddies o Spies o Employees o Cybercriminals o Cyberterrorists

 Outline the steps involved in an attack, including: o Probing for information (Enumeration) o Penetrating any defenses

o Modification of security settings o Circulation to other systems

 Explain the methods used in common network attacks and what defences might be used against them, including:

o Viruses, Worms, Spyware, Key loggers

o Social Engineering Attacks, e.g. Phishing, Spoofing, Pharming

o Botnets

o Rootkits

o Man in the Middle Attacks

Section 2: Auditing and Protection (5,11,12,7,8,4,6,13)

Facilitate the learner to:

 Develop an Auditing Policy for a company to include sections on: o Who can use resources

o Proper use of the resources o Granting access & use

o System Administrator privileges o User rights & responsibilities

o What to do with sensitive information o Desired security configurations of systems  Explain briefly, RFC 1244 and ISO 27001

 Demonstrate a familiarity with privacy and data protection laws and regulations, and the importance of compliance with these.

 Explain the importance of an update policy in protecting a system from vulnerabilities.  Implement a centralised update system. E.g configure Windows Server Update Services  Explain the Bootstrapping problem, propose methods of overcoming the problem, e.g.

examining source code and compiling the software  Describe and be able to use common auditing tools, e.g.

o Nmap

 Run scans from nmap using different options and compare the results that are returned

 Use the results from nmap to formulate a simple report in a word processor.  Identify vulnerable services by checking their version numbers against online

exploit databases.

 Harden a system against attack using measures including, for example o Configure standard and extended ACLs on a router

 Block traffic based on protocol, e.g. block pings by blocking ICMP o Password complexity

 Enforce complexity rules on a Windows Operating system o Installing a firewall

 Install a firewall from, for example, Norton on a PC

 Configure the firewall to allow or disallow particular software to

communicate on the Internet, e.g. disable itunes ability to communicate over the internet.

o Applying Software restrictions

 Configure a computer to allow or disallow particular software, e.g on Windows use the Software Restriction Policy.

o Explain the various methods of restricting software, including:  Hash rules

 Certificate Rules  Path Rules  Zone Rules

o Disabling any unnecessary services

 Demonstrate how to start, restart, and stop services running on a host.  Describe the operation of, and demonstrate the use of common penetration testing tools,

for example: o Wireshark

 Use Wireshark to capture packets from the Network.  Filter packets based on Protocol, Address, etc. o Password cracking tools, e.g. John the ripper

 Set up some user accounts with short insecure passwords and test how long it takes to crack them.

o Metasploit

 Set up a virtual machine with an vulnerable OS ,e.g. Metasploitable and use metasploit to attack the system. Explain how meatsploitable is used in Network attacks.

o Aircrack-ng

 Use aircrack-ng to gather information about access points and hosts on a wireless network

 Explain how aircrack might be used to crack passwords on a wireless network

 Describe a training, auditing and compliance system for an organisation’s computer system  Examine the key features of different Network Security Suites, e.g. Norton, Kaspersky with a

view to making a recommendation as to their suitability in different contexts, e.g. Home use, Corporate use

 Install and use a security suite, e.g. Norton, MacAfee and test its effectiveness

o E.g Setup a security suite on one machine and run an Nmap scan from another to see if it will pick up the scan.

Section 3: Secure Communication (9,14,10)

Facilitate the learner to:

 Use a VPN client to connect to a securely connect to a remote network. o Explain the how a VPN can be used as a proxy

 Describe how encryption is used to secure information  Describe modern encryption algorithms, including:

o Symmetric key algorithms  Block ciphers  Stream Ciphers  Hash Functions o Public Key algorithms

 Implement encryption to protect data, including: o Encrypt a partition on a harddrive

o Send an encrypted email, using open software, e.g. PGP o Encrypt a text file

o Generate an md5 hash for a file

 Establish secure wireless connectivity for devices and users within a corporate network (e.g. WPA, WPA2, EAP, 802.1x)

11. Assessment

11a. Assessment Techniques Skills Demonstration 60% (Practical) Exam (Theory) 40%%

11b. Mapping of Learning Outcomes to Assessment Techniques

In order to ensure that the learner is facilitated to demonstrate the achievement of all learning outcomes from the component specification; each learning outcome is mapped to an assessment technique(s). This mapping should not restrict an assessor from taking an integrated approach to assessment.

Learning Outcome Assessment

Technique

1. Demonstrate an understanding of and apply key (fundamental) concepts and principles in communication and infrastructure security

Exam

2. Identify security threats to, and weaknesses of, network solutions and deployments—both external and internal

Exam

3. Demonstrate an understanding of the concepts and modalities commonly exploited in network, system and software compromise strategies and demonstrate how to protect against such attacks

Exam and Skills Demonstration

4. Analyse the capabilities of network protection and threat remediation solutions, and issue recommendations thereof

Exam

5. Define and enforce robust security, compliance, auditing and updating policies

Skills

Demonstration 6. Implement and test proactive security solutions across a variety of

platforms

Skills

Demonstration 7. Establish and implement a centralised system update and software

patching regimen

Skills

Demonstration 8. Secure common software and internet services Skills

Demonstration 9. Use a VPN to securely connect, and route remote traffic, into a

corporate network

Skills

Demonstration 10. Establish secure wireless connectivity for devices and users within a

corporate network (e.g. WPA, WPA2, EAP, 802.1x)

Skills

Demonstration 11. Engage in systematic security auditing, system hardening and

penetration testing for all network devices and services

Skills

Demonstration 12. Describe a training, auditing and compliance system for an

organisation’s computer system

13. Demonstrate an understanding of the different methods used for software restriction policies, and implement and evaluate one such method

Skills

Demonstration

14. Investigate hardware and software encryption solutions for securing information on modern networkable systems

Skills

11c. Guidelines for Assessment Activities

The assessor is required to devise assessment briefs and marking schemes for the skills

demonstrations, examination papers, marking schemes and outline solutions for the examination. In devising the assessment briefs and examination papers , care should be taken to ensure that the learner is given the opportunity to show evidence of achievement of ALL the learning outcomes. Assessment briefs may be designed to allow the learner to make use of a wide range of media in presenting assessment evidence, as appropriate. Quality assured procedures must be in place to ensure the reliability of learner evidence.

Learning outcomes 3 and 5 are assessed by both examination and skills demonstration. It is intended that knowledge of the concepts involved is assessed by examination and that the learner

demonstrates practical skills and techniques in the skills demonstration.

Skills Demonstrations 60%

Each skills demonstration should take from 2 to 3 hours each over the duration of the course. Skills Demonstration 1(3,6)

 Demonstrate how to protect against common attacks against Networks and Software. Using various software, including

o Firewall, install a host based firewall and observe any warnings that are triggered as the user uses the Internet in a typical session. The installation may be tested by for example, running an nmap scan from another machine and check the firewall log.

o Intrusion Detection System, setup an IDS, e.g. Snort and simulate an attack using for instance nmap or metasploit. Examine the logs to see if the attack was recorded

o Anti-virus software, install anti-virus software, update the database and run a full scan

Skills Demonstration 2(5,7,13)

 Develop a policy for, and implement a system for delivering updates across a system. o Outline a policy that looks at for example, how to check for updates, update

intervals, what changes are made, what if an update breaks the system  Implement a software restriction policy.

o In a real or fictional organisation, identify what software resources are available, what user groups exist, what access requirements exist and what are restrictions are necessary

Skills Demonstration 3(9,10,14)

 Demonstrate various methods of secure communications, including o VPN

o

o Encryption

o Securing Wireless communication, e.g. implementing WPA2 on a wireless access point

 Use methods of securing software and Internet Services through o Using SSH, SSL

 Connect to a remote machine using ssh and perform some routine tasks on that machine, such as, for example, create a new user, list the contents of the current directory, etc.

 Use wireshark to monitor a http session and an encrypted session using ssl, describe the difference between the captures.

(8,11)SkillsDemonstration 4

 Use scanning software to enumerate a network an list any vulnerable software and any available exploits

o Use nmap to scan a remote machine for open ports and use an online exploit database to see if there are any vulnerabilities in the services

o Create a report identifying the out of date/vulnerable software o Make any recommendations

 Use software such as metasploit to attempt to exploit any vulnerability found. (It is not necessary to gain access to the vulnerable machine, only to demonstrate the techniques an attacker might use)

 Using Access Control Lists to limit access to common services, e.g. o HTTP

o FTP o ICMP

Evidence for this assessment technique may take the form of written or digital evidence, or any combination of these Any audio, video or digital evidence must be provided in a suitable format. All instructions for the learner must be clearly outlined in an assessment brief.

Exam 40%

2 Hours (1,2,3,4,5,12)

Devise an exam paper, with 4 structured questions, where the student must answer all questions.

Questions should cover the following areas:

 Common terminology and key concepts in Network Security(1) o e.g. Access control, Attack methodologies

 Identify different attacks that are performed on a Network, explain how they are achieved(2,3)

 Explain the various methods of protection that are available, including appropriate policies(4,5)

 Describe the importance of auditing and compliance in Network Security.(12)

Structured questions are divided into a number of related parts and generally require the learner to demonstrate more in-depth knowledge and understanding of a topic.

All instructions for the learner must be clearly outlined in an examination paper.

Distinction: 80% - 100% Merit: 65% - 79% Pass: 50% - 64% Unsuccessful: 0% - 49%

At levels 4, 5 and 6 major and minor awards will be graded. The grade achieved for the major award will be determined by the grades achieved in the minor awards.

Learner’s Name: ________________________________ Learner’s PPSN: ________________

Assessment Criteria

Maximum

Mark

Learner

Mark

Skills Demonstration 1

Use software solutions to defend against attacks against software and Networks, including:

 Firewall

o Installed correctly o Tested

 Intrusion Detection System o Installed Correctly

o Logs checked and interpreted correctly  Anti-virus software o Installed correctly o Updated o Tested 6 4 6 4 4 3 3 Subtotal 30 Skills Demonstration 2

Creating a Software update and restriction policy:  Document a software update policy

 Implement a system for delivering updates across a system  Document a software restriction policy

 Implement software restriction policy

5 10 5 10 Subtotal 30 Skills Demonstration 3

Use various methods of securing communications, including:  Connect to a remote network via a VPN

 Connect to a remote network via a SSH  Capture a SSL session using wireshark  Encrypt a text document, email

 Securing Wireless communication, e.g. implementing WPA2 on a wireless access point

6 6 6 6 6 Subtotal 30

Network Security

6N0720

Learner Marking Sheet 1

Skills Demonstration

Skills Demonstration 4

Using Access Control Lists to limit access to common services, e.g.  HTTP

 FTP  ICMP

Use penetration testing and auditing software to test a systems defences,  Use scanning software to enumerate a network

 List any vulnerable software and any available exploits

 Use Penetration testing software to try to connect to a computer

8 8 8 6 Subtotal 30 Total 120 Total Mark(Total 60

Assessor’s Signature: _________________________ Date: ___________________ External Authenticator’s Signature: _________________________ Date: ___________________

Learner’s Name: ________________________________ Learner’s PPSN: ________________

Assessment Criteria

Maximum

Mark

Learner

Mark

Section A:Structured Questions

1. Common terminology and key concepts in Network Security 2. Identify different attacks that are performed on a Network, explain

how they are achieved

3. Explain the various methods of protection that are available, including appropriate policies

4. Describe the importance of auditing and compliance in Network Security.

Assessor’s Signature: _________________________ Date: ___________________

External Authenticator’s Signature: _________________________ Date: ___________________

Network Security

6N0720

Learner Marking Sheet 2

Examination