Recent Question/Assignment

ICTNWK502 Implement secure encryption technologies
Assessment Task 02 – Project
Scenario: -
“Southern Star” company is providing public, private, hybrid and community cloud services to many companies across the world and offering following services:
• IaaS (Infrastructure-as-a-Service)
• PaaS (Platform-as-a-Service)
• SaaS (Software-as-a-Service)
• Storage, Database, Information, Process, Application, Integration, Security, Management, Testing-as-a-service
To provide above mentioned cloud services, “Southern Star” company has following infrastructure in their data centre.
• Eight Servers out of these Six are connected to network and Two are kept as backup
• Twelve Network switches with 24 port support (Nine Switches are connected to network are three are kept as back up)
• Six Routers (4 Routers are hosing NBN connection and two of them are kept as back up)
• Five wireless access point connected to network to provide Wi-Fi connectivity throughout data centre.
• Twenty SAN (Storage area network) storage area devices to store client’s data
• Fifty desktop computers
“Shan Publications” is a premium client of “Southern Star”. “Shan publication” use cloud services offered by “Southern Star” to store the drafts of unpublished poems, books and blueprints of printed books. One day as they were downloading the drafts of some books to publish, they found that some of their data is missing from the server and raised the complaint about missing data to “Southern Star”. As per the agreement “Southern Star” is liable for client data security and company do not want to lose their client base.
Southern Star is now investigating the problem, and one of the senior consultant (Lee) is allocated to this project. Lee is working in the company from last 10 years and has an extensive amount of experience in network, cloud and data security.
David is a general manager of the Southern star and looking after all the operation of the organisation.
Roles and responsibilities of Lee:
• Planning, implementing and upgrading security measures and controls
• Establishing plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction
• Maintaining data and monitor security access
• Performing vulnerability testing, risk analyses and security assessments
• Conducting internal and external security audits
• Anticipating security alerts, incidents and disasters and reduce their likelihood
• Managing network, intrusion detection and prevention systems
• Analysing security breaches to determine their root cause
• Recommending and install appropriate tools and countermeasures
• Defining, implementing and maintaining corporate security policies
• Training fellow employees in security awareness and procedures
• Coordinating security plans with outside vendors
After an initial investigation of the data loss problem, Lee has found below concerns in the southern star network infrastructure:
• No data encryption service
• Data security concerns
• Data permission not planned
• Additional hardware to manage the data
Activity 1: (Analysing and documenting data security requirement and improvement plan)
After reviewing the scenario, you need to analyse the data loss problem and need to prepare a security plan including
• Background of the security plan
• Issues identified in the network
• How to resolve each issue
• What hardware and software required
• How identified software and hardware aligned with the solutions
• How and when data backup will be prepared
• Transmission security
• Network data security
You may need to research related to security plan on the internet. You must complete below security plan as a part of the activity.
Security Plan Template
Background-
Issues identified in the network
How to resolve each issue (define the use of encryption technologies to serve different purpose)

What hardware and software required to apply encryption technology?
How identified software and hardware align with the expected solutions?
Performance criteria checklist for activity 1:
Trainer/ Assessor to complete
Does the candidate meet the following criteria Yes No Trainer/Assessor Comments
Understood company’s requirements of data security
Analysed existing security plan
Prepared a data security plan to address existing security issues
Assessor’s Name:
Signature: Date:
Activity 2: (Review encryption technologies and costs)
Note: This activity is in continuation of activity 1.
After completing the security plan, you are required to review a range of encryption software on the internet and complete below Technology cost template.
After completing the template, you are required to send email to David(Trainer/assessor) including technology cost document for approval. Email must include:
• Subject
• Body
• Explain that which option is the best and why we should use it.
Technology Cost Template
S. No Encryption
Software
Vendor Encryption
Applicability
(Network/
Data)
Price Rank (from 1
-5)
Remarks
1.
2.
3.
4.
5.
Performance criteria checklist for activity 2:
Trainer/ Assessor to complete
Does the candidate meet the following criteria Yes No Trainer/Assessor Comments
Conducted research on internet for encryption software
Completed attached
Technology Cost Template
Sent an email to David
(Trainer/assessor) for approval including:
• Subject
• Body
• Explain that which option is the best and why we should use it.
Assessor’s Name:
Signature: Date:
Activity 3 (Installing encryption software)
This activity is continuation of previous activity.
You have received a final approval from David to start the encryption project, so you must perform the installation of encryption software and tools on the network of Southern Star.
Assume yourself as “Lee” and install and configure data encryption software and tools by adhering below mention conditions. Following vendor instruction to install the software.
a. Use secure protocol for data transfer
b. Create a digital key certificate for client and server communication
c. Use secure network protocols
d. Set a complex admin password
e. Prepare the report in provided template with the possible effect of encryption technologies on user roles and responsibilities
Template for the effect of encryption technologies on users and responsibilities:
Role Effect on responsibilities
Administrator
Authenticator (system)
User
Performance criteria checklist for activity 3:
Trainer/ Assessor to complete
Does the candidate meet the following criteria Yes No Trainer/Assessor Comments
Installed encryption software and tools
Set admin credentials
Use secure Network protocol
Analysed and documented the effect of encryption technologies on users and responsibilities in a given template
Followed vendor instructions for installation
Assessor’s Name:
Signature: Date:
Activity 4: (Role Play - Informing users about their roles)
Note: This activity is in continuation of previous activities
The purpose of the role play is to inform users about new encryption technology and how it works. Explain the effects of new encryption technology on user responsibilities. You need to use the template that you have developed in the previous activity to explain the effects of new encryption technology on different types of users.
Following the role play, complete minutes of meeting template with details of what was discussed.
Minutes of Meeting
Meeting Objective:
Attendees:
Venue:
Date:
No. Points Discussed Actions Suggested Target Date
Signature of attendee 1: Signature of attendee 2:
Signature of attendee 3: Signature of attendee 4:
Performance criteria checklist for activity 3:
Trainer/ Assessor to complete
Does the candidate meet the following criteria Yes No Trainer/Assessor Comments
Explain the encryption technologies recently applied to the network
Explain the effects of the recent implementation to different types of User
Use simple language to explain technical terminology
Explain the roles to individuals
Body Language during Presentation including:
• Eye contact
• Tone
• Gesture
Assessor’s Name:
Signature: Date:
Activity 5: (Analysing functioning of “Encryption software”)
Assuming that you have implemented the encryption technology and tools in a live server in the previous assessment activities, you are required to monitor the encryption in this activity.
In this activity you need to monitor the functioning of “Encryption Technologies” by performing following tasks in a live server.
1. Analyse the implementation of encryption technology to confirm its functioning by:
o Monitoring use of digital signature
o Monitoring network performance and find the compromise of performance caused by the encryption technologies
2. Analyse helpdesk records for errors occurred and security compromises in encryption and print these records as a part of this activity.
3. Check local computer security logs for encryption issues and print it as a part of this activity.
4. You need write a note on encryption issue and security compromises included error logs and network performance issues identified in the task and submit to your trainer/assessor.
Your trainer will observe you during the activity and complete the performance checklist.
Page
Performance criteria checklist for activity 5:
Trainer/ Assessor to complete
Does the candidate meet the following criteria Yes No Trainer/Assessor Comments
Analyse the implementation of encryption technology to confirm its functioning by including:
o Check digital signature o Check network performance and the compromise of performance caused by
the encryption technologies
Analyse helpdesk record for errors occurred and security compromises and submitted to the trainer/assessor
Check local computer security logs for encryption issues and submitted to the trainer/assessor
Prepared a note on encryption issue and compromises included error logs and network performance issues identified in the task and submit to your trainer/assessor
Assessor’s Name:
Signature: Date:
Page