Task 1 – 4phones case study
Instructions to Learners:
• This summative assessment can be completed in class or at any other convenient location.
• Students are required to complete this task using digital tools and ensure to submit in an acceptable format, e.g. .docx, .pdf, .pptx, or as advised by your assessor.
• Please use the following formatting guidelines to complete this assessment task:
? Font Size: 12; Line Spacing: Double; Font Style: Times New Roman
• Assessment activities can be completed either in real workplace environment or in a simulated environment such as your classroom. In both cases, appropriate evidence of the assessment activities must be provided.
Instruction to Assessors:
• You must assess student’s assessment according to the provided Marking Criteria.
• You must complete and record any evidence related to assessment activities including role-plays and presentations using appropriate forms which must be attached with student assessment submission.
• You must provide students with detailed feedback within 10 working days from submission.
This case study is set in 4phones – a small IT company. The 4phones intranet site contains company policies, processes, procedures, memos, minutes of meetings, reports, staff members and financial information.
David Blair, the IT manager at 4phones, is in charge of IT systems development. Look at what he has to say and follow the steps to view 4phones documentation.

Step 1 – Confirm scope of Internet services
The first step in configuring an Internet gateway is to confirm the scope of Internet services used at 4phones. Go to the 4phones intranet site
(http://lrrpublic.cli.det.nsw.edu.au/lrrSecure/Sites/Web/sys_admin/ICAS5192A/applets/4phones/4p hones_index.htm), then go to QMS Procedures and review the following documents:
• IT systems
• Security policy
• Network policy
Also review the Security plan located in QMS, Reference, Report 6. Now answer the following questions:
• Are you able to determine the scope of the Internet services required?
• What type of gateway is 4phones using?
• Who is the ISP?
• What type of networking equipment is used?
• How many network segments are there?
• Does 4 phones have a DMZ?
• How many gateways are at 4phones?
Step 2 – Review security issues
Now that you have confirmed the scope of Internet services, it’s time to review the security issues faced by 4phones. Go to the 4phones intranet site
(http://lrrpublic.cli.det.nsw.edu.au/lrrSecure/Sites/Web/sys_admin/ICAS5192A/applets/4phones/4p hones_index.htm) then go to QMS, References and open Report 6 Security Plan.
Now answer the following questions:
• What security issues are identified in the Security plan?
• What type of Internet gateway features are required by 4phones?
• Are they feasible?
• What type of firewall is used by 4phones?
• Has training been identified for educating users on the hazards of Internet use?
Step 3 – Install and configure a gateway
The next step is to review the installation and configuration options of the gateway. Go to the 4phones intranet site
(http://lrrpublic.cli.det.nsw.edu.au/lrrSecure/Sites/Web/sys_admin/ICAS5192A/applets/4phones/4p hones_index.htm), then go to QMS, Archives, Memos and open Memo X.
• Review the inbound / outbound ports. Are layer 3 protocols identified?
• Is there enough information from the memo to configure the gateway?
• What is missing?
• Which ports would you recommend opening and closing?
Step 4 – Configure workstation
Finally, you will need to configure the workstation to use the new gateway.
Slide 1 Note:
There is a new workstation that has been added to the 4phones network. I need you to configure the workstation’s IP, Gateway, DNS and WINS addresses. Also, the proxy settings need to be configured in Internet explorer. Use the network diagram provided to get the relevant IP address, which can be viewed any time by rolling your mouse over the orange square at the top right of the

Slide 2
Note: Click the Properties button
Slide 3 Note:

Slide 4
Note: Click Internet Protocol
Slide 5
Note: Click the Properties button

Slide 6
Note: Match settings to IP address
Match the network setting of the workstation to their relevant IP addresses. Refer to the network diagram for clarification.
A) 192.168.60.101
B) 192.168.60.80
Correct - Click to continue
Slide 7
Note: Select the Use the following IP address radio button

Slide 8
Note: Select the IP address text box
Slide 9
Note: Select the Subnet mask text box Text will be automatically entered for you

Slide 10
Note: Select the Default gateway text box
Slide 11
Note: Select the Preferred DNS server text box

Slide 12
Note: Click the Advanced... button
Slide 13
Note: Select the WINS tab

Slide 14
Note: Click the Add... button
Slide 15
Note: Click the Add button

Slide 16
Note: Click the OK button
Slide 17
Note: Click the OK button

Slide 18
Note: Click the Close button
Slide 19 Note:

Slide 20
Note: Good work. You will now need to configure Internet Explorer to use the proxy server. Click next to continue
Slide 21 Note:

Slide 22
Note: Click the Tools button
Slide 23
Note: Select the Internet Options menu item

Slide 24 Note:
Slide 25
Note: Select the Connections tab

Slide 26
Note: Click the LAN settings button
Slide 27
Note: Select the Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections). Check box

Slide 28
Note: Select the Address text box
Slide 29
Note: Select the Bypass proxy server for local addresses check box

Slide 30
Note: Click the OK button
Slide 31
Note: Click the OK button

Slide 32
Note: Fantastic. You have successfully completed this activity.

TASK 1 – MARKING CRITERIA
ICTNWK531 Configure an internet gateway S NYS
Learner’s name:
Assessor’s name:
Observation Criteria S NS
Confirmed and validated client requirements
Determined scope of internet services with reference to client
Requirements
Identified and installed both hardware and software components
Verified equipment specifications and availability of components
Assessed security features of internet gateways with reference to
architecture and security plan
Reviewed security measures with the internet service provider (ISP) with
reference to firewalls and other measures as required
Briefed users on the security plan with reference to internet use and
hazard possibilities
Identified and selected installation and configuration options
Installed and configured gateway products and equipment as required by
technical guidelines
Planned and executed tests with reference to client requirements and
network impact
Analysed error reports and made changes as required
Assigned node to specific gateway as required by network architecture
and client requirements
Determined connection type and configured with reference to network
architecture and client requirements
Ensured node software and hardware are configured as required
according to vendor specifications and client requirements
Feedback to Learner:
Assessor’s Signature: Date:

Task 2 – Configure an Internet Gateway
Instructions to Learners:
• This summative assessment can be completed in class or at any other convenient location.
• Students are required to complete this task using digital tools and ensure to submit in an acceptable format, e.g. .docx, .pdf, .pptx, or as advised by your assessor.
• Please use the following formatting guidelines to complete this assessment task:
? Font Size: 12; Line Spacing: Double; Font Style: Times New Roman
• Assessment activities can be completed either in real workplace environment or in a simulated environment such as your classroom. In both cases, appropriate evidence of the assessment activities must be provided.
Instruction to Assessors:
• You must assess student’s assessment according to the provided Marking Criteria.
• You must complete and record any evidence related to assessment activities including role-plays and presentations using appropriate forms which must be attached with student assessment submission.
• You must provide students with detailed feedback within 10 working days from submission.
Part 1 – Confirm client requirements and network equipment
For this workplace task, you need to confirm client requirements and network equipment. You may do this by accessing the following documents at your workplace that contains the following information:
• record client requirements (business needs analysis, business and technical requirements, etc.)
• network diagrams and IT system diagrams
• ISP service level agreement
• security plan
• security policies.
Step 1
• Review the needs analysis documentation. Why did the organisation need the gateway?
• What were the main internal and external drivers?
• Was the document easy to understand?
• How were client requirements validated?
Step 2
• Review the network and IT system diagrams and the security plan and policies. Are you able to identify the major parts of the system?
• Is there a DMZ?
• How many access point to the Internet are there?
• What Internet services are hosted locally?
• Which ports and protocols are open at the gateway?
• Is there a proxy server?
Part 2 – Review security features
In this workplace task you will review security issues of the Internet gateway. You may do this by accessing the following documents at your workplace that contain information about
• IT security (security plan, firewall policy, etc.)
• Gateway technical documentation (user and installation guides, policies and procedures, etc.)
Step 1
• Review the IT security plan and policies’ documentation and the gateway technical documentation. Do the security features of the gateway fulfil the requirements of the security plan?
• Why or why not?
• What type of gateway is in use?
• Does it have proxy functionality?
• Does the firewall perform stateful inspection of packets?
Part 3 – Install and configure gateway products and equipment
In this workplace task you are going to review the installation, configuration and testing process for installing a gateway. To do this task you may need access to the following types of documents:
• installation and configuration documentation
• testing documentation.
Step 1
• Review the installation and configuration documentation. What gateway options have been installed? Which ports and protocols have been permitted and denied?
Step 2
• Review the testing documentation. Does it adequately test the security of the gateway?
• Were there any errors or faults identified?
• How was the testing carried out?
• Was a third party involved?
• What type of testing was conducted?
TASK 2 - MARKING CRITERIA
ICTNWK531 Configure an internet gateway S NYS
Learner’s name:
Assessor’s name:
Observation Criteria S NS
Confirmed and validated client requirements
Determined scope of internet services with reference to client
Requirements
Identified and installed both hardware and software components
Verified equipment specifications and availability of components
Assessed security features of internet gateways with reference to
architecture and security plan
Reviewed security measures with the internet service provider (ISP) with
reference to firewalls and other measures as required
Briefed users on the security plan with reference to internet use and
hazard possibilities
Identified and selected installation and configuration options
Installed and configured gateway products and equipment as required by
technical guidelines
Planned and executed tests with reference to client requirements and
network impact
Analysed error reports and made changes as required
Assigned node to specific gateway as required by network architecture
and client requirements
Determined connection type and configured with reference to network
architecture and client requirements
Ensured node software and hardware are configured as required
according to vendor specifications and client requirements
Feedback to Learner:
Assessor’s Signature: Date:

Knowledge Assessment (Written Tasks)
1. A friend wants you to make a recommendation on what can be done to allow easy access to the Internet from both of the family’s home computers. Read up on Microsoft’s Home and Small Office Network Topologies at http://search.technet.microsoft.com/search/default.aspx?siteId=1&tab=0&query=network+topol ogies and determine the appropriate options for your friend. Set out the considerations you make for the various requirements that your friend may have.
Consider under what circumstances you would recommend the following solutions:
• residential gateway
• using a host computer with ICS (Internet connection sharing)
• using a host computer with another Internet sharing program
• individual dial-up connections for each computer.
2. To gain an insight into the variety of devices available for larger business and enterprise situations, have a look at the following demonstration from Cisco about their ASA (adaptive security appliance) product range at http://www.cisco.com/cdc_content_elements/flash/asa/flash.html (Cisco ASA demo)
This demo requires Macromedia Software Flash to be installed and will take approximately seven minutes for the Introduction section to download on a dial-up connection. It will take longer if other downloads are also being processed. If the demo is unavailable you might try http://www.cisco.com/go/asa for more information.
3. Read the scenario and answer the questions that follow.
Compstat is an SME that provides market research to over 100 clients Australia-wide. Compstat’s head office is located in Perth and has three remote offices located in Sydney, Melbourne and Brisbane. Currently, remote sites are connected to the head office via ISDN links. They are looking to upgrade their network to utilise new applications that have improved data-gathering methods. Currently, market research participants fill in a paper- based form that is then transferred into electronic format by data entry personnel. Compstat wants to change this paper-based system to a computer-based system that utilises web technologies. This will allow the collection and storage of research data in one step instead of many, saving time and money.
Compstat wants to be able to provide a computer kiosk system where the participant completes the questionnaire online in a remote area like a shopping centre. They want to use wireless broadband technologies to connect the kiosk computers to the Compstat web servers anywhere and anytime wireless broadband access is available. This environment will need to be safe and secure.
Internet Gateway - Scope of Internet services required
Foundation Services Required TCP Port(s) UDP Port(s)
Firewall Yes N/A N/A
NAT Yes N/A N/A
HTTP Yes 80 N/A
DNS Yes 53 53
SMTP Yes 25 25
POP3 Yes 110 110
Windows Updates Yes 80 80
Anti-Virus Updates Yes 80 80
Anti-Malware
Updates Yes 80 80
Additional Services Required TCP Port(s) UDP Port(s)
HTTPS Yes 443 443
FTP Yes 20,21 20,21
VoIP No 5060 (SIP) 5060 (SIP),
Dynamic Ports
VPN No To be assigned
IM No
Anti-Virus No
Intrusion Detection No
DMZ Servers Required Port(s) Forward To
Web No 80
Web Secure No 443
FTP No 20,21
FTP Secure No 22
Mail No 25,110
DNS No 53
IP Addressing IP Address Network Mask Network
Address Gateway
WAN connection Dynamic Dynamic
LAN Connection 192.168.10.200 255.255.255.0 192.168.10.0/2
4 WAN
Static Routes Research 192.168.8.0/24 192.168.10.8
IT Testing 192.168.17.0/2
4 192.168.10.17
Are the client’s requirements valid? Can they be fulfilled?
4. Make a comparison of the specifications of the following products and identify what Internet gateway services they are suitable for.
Download the product specification sheets, datasheets and/or user guides or manuals for these products:
Home and small business components
TP-Link – TL-460 multifunction router http://www.tp-link.com/. Click on the Cable/DSL Routers image then click on the TL-460 image.
MSI – Residential Gateway http://www.msicomputer.com.au. Search for RG54GS and select the appropriate result link.
Billion – BiPAC 5200 ADSL2+ Modem/Router http://www.billion.com/product/adsl.htm. Click on the BiPAC 5200 image.
Enterprise components
Cisco – ASA http://www.cisco.com/go/asa. Scroll down to related documents and click Datasheets. Click on the ASA Platform and Module datasheet link, then download the PDF or read the web page.
Symantec – Gateway Security 5400 Series http://enterprisesecurity.symantec.com.au/products. Click on the Symantec Gateway Security 5400 Series link.
5. Examine the security features of an Internet connection you have access to by researching and answering the following questions:
• What do you use to share Internet access at your home or business?
• Is there a network administrator or ‘computer person’ that you can ask some information from
at work?
• What services are provided from your side of the Internet link?
• Are there open ports for special programs?
You might also find the following sites helpful in making your decision: http://www.cert.org/tech_tips/home_networks.html (CERT – Home Network Security) http://www.webcamsoft.com/en/faq/firewall.html (Configure for DMZ servers) http://www.haxial.com/faq/routerconfig (Port forwarding examples)
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chap ter09186a00801162eb.html (Configuring PIX firewall)
http://www.portforward.com/help/porttrigger.htm (Explanation of ports, NAT and port forwarding)
http://www.portforward.com/help.htm (Basic help and definitions) http://www.irchelp.org/irchelp/security/fwfaq.html (Firewall FAQ)
6. Check for information about the security arrangements provided by your ISP. Look for FAQs, information pages, connection details and similar pages in order to find out what security measures are in place at the ISP premises that could potentially affect you or your client.
• What does your ISP do for you?
• Do they provide virus scanning of emails?
• Are any ports blocked at their premises such as port 25 or others? Do they explain why they have done this?
• Do they provide static IP addresses?
7. What is the best way to get the information across? You will provide different formats for the security measures depending on your method of deployment of the information. Have a look at the following sites and see the range of information you may need to be providing:
Search Google for technology acceptable-use policy within Australia:
• Security policies – guides and examples http://www.infosyssec.org/infosyssec/security/secpol1.htm (Information security portal for information system security professionals.) Note that many links do not work so keep trying different ones.
• Site security policy development: http://www.windowsecurity.com/whitepaper/info/policy/AusCERT.html (Window Security site)
• Computer and information security policy: http://www.windowsecurity.com/whitepaper/info/policy/hk_polic.html (Window Security site)
For the different methods listed in the Reading notes, describe how you may get this information across.
These methods were
• induction packages for employees
• seminars
• emails
• log-on notices
• messages of the day
• default home page.
Write your answers in the box below:
Method of delivery Information format
Induction packages
Seminars
Emails
Log on notices
Messages of the day
Default home page
8. Access the Microsoft website in order to find information on Internet connection sharing. You could go to the Microsoft home page at http://www.microsoft.com/en/us/default.aspx and search for Internet connection sharing or follow these links:
• http://support.microsoft.com/default.aspx?scid=kb;en-us;234815 (Description of Internet connection sharing)
• http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.mspx (Use of the Internet connection firewall)
• http://support.microsoft.com/kb/237254/ (How to enable Internet connection sharing on a network connection in Windows 2000)
• http://support.microsoft.com/kb/314066/EN-US/ (How to enable Internet connection sharing on a home or small office network connection in Windows XP)
Can you confirm the following information regarding ICS from these sites?
• An IP address of 192.168.0.1 with network mask of 255.255.255.0 is given to the ICS host computer.
• The above settings cannot be changed without disabling ICS.
• Internet connection firewall or Windows firewall are recommended.
• Dial-up connections are automatically dialled whenever anyone tries to access the Internet.
9. The following link is for a manufacturer of a proprietary Internet phone system. Their software requires routers or firewalls to be configured to allow the service to be accessed from the Internet on their client’s computers. The feature that allows this is often called port forwarding.
• Click on the link provided below and scroll down to the bottom of the page where you will find links for a variety of routers and firewalls.
• Click on each of these links in turn (use the Back button in between) and assess the differences in terminology and the logical grouping of services in the various menu systems used in these routers and firewalls.
• Specifically, identify the port forwarding references and create a table with the alternative naming, description and grouping for each of the router and firewall products and devices listed.
http://www.haxial.com/faq/routerconfig (Haxial Software)
10. Research some of the Linux gateway solutions shown in the Reading notes. Click on each of the links and investigate the features and licensing for the various products offered. Produce a table with a basic summary of your findings.
• http://www.simonzone.com (SimonZone Guarddog)
• http://www.coyotelinux.com (Vortech Consulting Coyote Linux)
• http://www.clarkconnect.com (Point Clark Networks’ ClarkConnect)
• http://www.coyotelinux.com (Vortech Consulting Wolverine Linux)
11. Research some of the enterprise appliances available from the following manufacturers. Find information on the firewall and VPN throughput and the maximum number of connections.
• Cisco Systems: http://www.cisco.com – search for “Adaptive Security Appliances Models Comparison” and follow the resulting links to locate detailed specifications on an ASA product. Hint: Put in the double quotes inside the search field (“…”).
• Symantec Systems: http://www.symantec.com – search for -Symantec Security Appliances Comparison Chart- and follow the resulting links to locate detailed specifications on an appliance product and get the actual comparison chart from the resources list at the bottom of the page. Hint: Put in the double quotation marks inside the search field (“…”).
12. If you haven’t already done so, follow the instructions given in the Reading notes on downloading and installing the floppy disk version of the Coyote Linux Internet gateway.
The floppy disk version can run on an existing system without affecting the main hard drive of the system, so you can check that it at least boots. If you have a second computer, or an old computer with at least a floppy drive and one network card, then you can create an Internet gateway and use the web administration interface.
If you have a dial-up Internet connection, then you could try to configure the Internet gateway with a dial-up connection during the initial disk creation. Then you only need the one network card and you have a dial-up Internet gateway.
13. Construct a suitable Error Reporting Form for use with an Internet gateway. The form should help you get the most from a user’s error situation without making it too technically daunting. Simple instructions should be embedded in the form to aid in the completion of the document.
You should consider
• what information is required
• in what order it should be requested
• how to avoid duplication
• the use of a mixture of closed and open-ended questioning.
14. In order to determine how the IP configuration is obtained on a Microsoft Windows XP system we first have to log in as an unrestricted or administrative level user.
Once you have logged in
• go to Start -Control Panel
• from the control panel list, open the Network Connections option. This will open a window with a Dial-up section and/or a LAN or High-Speed Internet section.
Note: If control panel displays in Category View, you will have an additional step of opening the Internet and Network Connections option before opening the Network Connections option.
Part 1 – Dynamic IP settings
Most dial-up connections are configured as dynamically-allocated IP addresses, so if you have a Dial- up section with a connection present
• right-click on a connection and select Properties from the pop-up menu
• select the Networking tab from the dialog then open the Internet Protocol (TCP/IP) by selecting it from the list and clicking on the Properties button.
In most cases this Properties dialog will show that the options Obtain an IP address automatically
and Obtain DNS server address automatically are selected.
Important: Leave these settings as they are by clicking the Cancel buttons until the Network Connections list is displayed again!
Part 2 – Static IP settings
The IP address configuration can be statically (or manually) allocated.
• If you have a connection in the LAN or High-Speed Internet section, then right-click on a connection and select Properties from the pop-up menu.
• Select the Networking tab from the dialog then open the Internet Protocol (TCP/IP) by selecting it from the list and clicking on the Properties button.
In many cases, this Properties dialog will show that the options Obtain an IP address automatically
and Obtain DNS server address automatically are selected. Change the selected options to the following:
• Use the following IP address and use the following DNS server addresses. Notice that the IP address fields become available to take the static IP address information including the IP address, Sub-network mask, default gateway address and the Preferred DNS server address.
Important: Leave these settings as they are by clicking the Cancel buttons until the Network Connections list is displayed again!

Part 3 - Current values
In order to determine the current values being used by the system, a command line tool is available. Open a command prompt window by doing the following:
• Start, Run, type cmd in the Open field and click on the OK button. This brings up a black command prompt window.
• at the flashing prompt, type ipconfig /all and the current values will all be displayed.
15. Internet Explorer is integrated into the Windows operating system to the degree that you do not need to open Internet Explorer to set parameters. To set the proxy server settings for Internet Explorer on a Microsoft Windows XP system you should
• log in as an Unrestricted or Administrative level user
• go to Start then Control Panel
• from the Control Panel list, open Internet Options and select the Connections tab.
Note: If Control Panel displays in Category View, you will have an additional step of opening the Internet and Network Connections option before opening Internet Options.
This will open a dialog with a Dial-up and Virtual Private Network settings section and a Local Area Network (LAN) settings section. For this activity you can choose an available Dial-up setting and click on the Settings button or click on the LAN Settings button. The difference between the two dialogs is in the Dial-up including fields for the User name and Password for the connection.
To activate the use of a proxy server
• click on the check box under Proxy server beside the instruction Use a proxy server for this connection
• this activates the fields that allow you to enter the IP Address and the Port number for the HTTP proxy server
• you can also activate to bypass the proxy server for local addresses by clicking on the Advanced button. You can configure different server addresses and ports for the different protocols displayed.
Important: Leave these settings as they are by clicking the Cancel buttons until the Control Panel is displayed again.

16. What is the preferred way to test that a node is functioning within parameters?
17. What devices tend to be configured to use a DHCP server?
18. What two distinct methods are there for assigning a node an IP address?
19. What are two types of device used to provide Internet gateways for home and small offices and larger enterprises?
20. Which of the following statements is false with reference to Internet connection sharing?
(a) ICS allows multiple computers to access the Internet through a single ISP account
(b) the ICS host system will be automatically allocated the 192.168.0.1 IP address
(c) ICS requires only the workstation wanting access to be powered on
(d) all computers in the LAN will use the same DNS address settings
21. Along with testing that an Internet gateway is providing the services as required, what else needs to be tested?