Application
This unit describes the skills and knowledge required to build security into a virtual private network (VPN).
It applies to individuals with competent information and communications technology (ICT) skills and who are working in the network area and are required to ensure that VPNs contain required security.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Configure router to provide for network security monitoring and management | 1.1 Create and apply audit rules consistent with policies, standards, protocols and management systems 1.2 Configure router to provide appropriate level of asset security and monitoring of security consistent with commercial and business requirements 1.3 Monitor and manage system to assess the level of security and attempts to breach security of framework components 1.4 Employ appropriate hardware and software to monitor and address security issues and provide VPN solutions |
2. Secure a site-to-site VPN | 2.1 Configure internet key exchange (IKE) and internet protocol security (IPSec) 2.2 Configure site-to-site IPSec VPN using pre-shared keys 2.3 Configure site-to-site IPSec VPN using digital certificates |
3. Secure a remote access VPN | 3.1 Configure a VPN server 3.2 Install and administer a router management console 3.3 Develop documentation on current system settings and framework components, and file securely for future reference |
Evidence of Performance
Evidence of the ability to:
configure a router to provide the required security
implement and maintain security functionality for a virtual private network (VPN), including:
site to site VPN
remote access VPN
produce security documentation.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
outline the characteristics of a VPN system, including:
site to site
remote access systems
network protocols and operating systems relevant to VPN, including its features, issues and functions
describe the security requirements for a VPN, including:
auditing and penetration testing techniques
configuration of routers and switches
security protocols, standards and data encryption
processes and techniques related to security perimeters and their functions
security threats, including eavesdropping, data interception, data corruption and data falsification
transmission control protocol or internet protocol (TCP/IP) protocols and applications audit and intrusion detection systems
authentication issues
recognise and describe the differences between common networks, including:
local area network (LAN)
wireless local area network (WLAN)
wide area networks (WAN)
identify and describe organisational issues surrounding:
security cryptography
screened subnets
virus detection software.
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
network technical requirements
network infrastructure, including servers and security hardware and software.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.1 | Gathers, interprets and analyses current industry rules from a range of sources and identifies relevant and key information |
Writing | 1.1, 3.3 | Prepares workplace documentation that incorporates an evaluation of information and specialised and cohesive language in a format and style appropriate to a specific audience |
Navigate the world of work | 1.1 | Recognises and follows explicit and implicit protocols, and meets expectations associated with own role |
Get the work done | 1.2-1.4, 2.1-2.3, 3.1-3.3 | Uses a combination of formal, logical planning processes and an increasingly intuitive understanding of context to identify relevant information and risks Understands the importance of secure information in relation to own work and takes personal responsibility for identifying and managing risk Understands the purposes, specific functions and key features of common digital systems and tools, and operates them effectively to complete routine tasks Initiates standard procedures when responding to familiar problems within the immediate context |
Sectors
Networking