WSC2019 TP54 ModuleA Actual
WSC2019 TP54 ModuleA Actual
WSC2019 TP54 ModuleA Actual
Marking Scheme
According to the WorldSkills Standards Specifications within current Technical Description all marks for this test
project module has a maximum mark of 25.
DC Active Directory Domain Services (nlsz.ru), DNS (nlsz.ru — internal zone), DHCP, Network
Policy Server
IDS SNORT
LOG Splunk
SELECTEL Apache2 web server (www.selectel.ru), DNS (selectel.ru, nlsz.ru — external zone), OpenSSL CA
a) Minimum password length must be no less than 10 DC, Ivan, Boris, Anton, IDS, LOG, Web-01,
characters Web-02, LED, IAR
b) Enforce the password policy to meet complexity requirement DC, Ivan, Boris, Anton, IDS, LOG, Web-01,
Note: If in case, any new user account been created, please Web-02, LED
list the username and password below:
Username Password
-------------- --------------
a) Before login (local or remote console) user must see banner "For DC, Ivan, Boris, Anton, IDS,
authorized users only" LOG, Web-01, Web-02, LED, IAR
b) In case of 3 failed login attempts, device login must be blocked for 1 DC, Ivan, Boris, Anton, IDS,
min LOG, Web-01, Web-02, LED, IAR
c) Create the following users (refer table below) and must be able to login LED, IAR
remotely. After login users should automatically land in privileged
mode (level 15). Local authentication must be used in case remote
autnetication server is not available.
User Password
User01 P@ssw0rd01
User02 P@ssw0rd02
d) Inactivity timeout must be no greater than 1 min DC, Ivan, Boris, Anton, IDS,
LOG, Web-01, Web-02, LED, IAR
a) All traffic between branches and from\to teleworker clients LED, IAR, Nikolai
must be enctypted using the most secure and efficient
ciphers available while traversing via public internet.
Events monitoring
1. Domain Controller’s Security logs must be sent to Splunk dataset for events aggregation through Splunk
Universal Forwarder.
2. Configure Splunk to receive Logs from Domain Controller on port number 8090.
Note: To access splunk console , go to http://172.16.10.2:8000. Username and password are Splunk/P@ssw0rd.
b) Computer Account Management Success and Failure DC, Ivan, Boris, Anton
c) Security Group Management Success and Failure DC, Ivan, Boris, Anton
g) Sensitive Privilege Use Success and Failure DC, Ivan, Boris, Anton
4. DC performance counters must be configured to measure average disk queue length, processor time and
available memory in MB. Samples must be taken every 30 minutes.
5. All traffic from DMZ network must be mirrored to IDS server. Security alert must be generated for traffic
originated from external networks for any FTP traffic, any ICMP traffic or any traffic, which contains text
"malware" in its payload.
Firewall policy
1. Firewalls on all servers, clients and network equipment must be turned on.
2. Firewall on Domain Controller to be configured to allow the communication to Splunk Server for pushing the
logs on port number 8090.
3. Firewall rules on all devices must be configured with a minimal permission applied only to required traffic
destined to the device
Best practices.
In case, after initial infrastructure audit, you find any security breaches, which are not covered with above security
measures, please add this information and specify details using the table provided below. You must implement your
additional measures to gain full marks for this section.
2)
3)
In case IPsec tunnel configuration is updated, please specify components used from the below options:
Internet Key Exchange protocol: □ IKE v1 □ IKE v2
Authentication: □ Pre-shared key □ RSA
Other \ Details (please specify):
In case remote access VPN configuration is updated, please specify technology used
□ Not implemented □ PPTP □ L2TP □ IPsec □ AnyConnect
□ Other (please specify):
2)
3)
2)
3)