NWS Assignment

NWS Assignment

Choose appropriate security technologies to overcome the threats and

CLO2 risks presented to a computing system in a given realistic scenario.
(A3, PLO6)
Participate in developing secure network diagram by integrating layer
CLO3 2 security, layer 3 security and firewall technologies using appropriate
simulation tool. (A2,PLO5)
Present the proposed security solution effectively to solve
CLO4
organization problems (A2, PL04)

PLO3 - Problem Solving and Scientific Skills

PLO6 – Values, Attitudes and Professionalism
PLO5 - Social Skills, Team Skills and Responsibilities
PLO4 – Communication Skills

This assignment consists of TWO (2) sections: Section A and Section B. Section A is online practical test that
contributes 30% of total 100% while Section B is the remaining 70%, consisting of 60% individual and 40%
group marks.

Section A

1. Learning Outcomes

This assignment carries 30% of your total module assessment marks. At the end of this assignment, student
would be able to apply security concepts with regards to Network Security

2. Assignment Questions (10%)

You are required to take online theory test.

3. Lab exercise and lab test (20%)

Each students need to complete all the exercises given and the overall marks will contribute 30% for total
coursework marks.
NWS Assignment
Student
Name:
Assessment Criteria
TP. No:
Marks
PLO3: Problem Solving
Weight
(Application) (30%)
Online theory test
10
Practical Skills 1 (Lab exercise)
10
Netacad
Practical Skills 2 (Lab Test) (Netacad)
10

Subtotal Marks (PLO3) 30

Grand Total (PLO3) 30
NWS Assignment
Section B

Instructions:

This group assignment carries 70% of your total module assessment marks, with 60% of the total contributed
by an individual component. A group consist of maximum 4 students. (Minimum 2 students). The total word
count of the report should not exceed 5000 words. No marks will be awarded for the entire assignment if any
part of it is found to be copied directly from printed materials or from another group. All submissions should
be made on or before the due date. Any late submissions after the deadline will not be entertained. Zero (0)
mark will be awarded for late submission, unless extenuating circumstances are upheld.

Scenario:

Company A is food manufacturer based in Kuala Lumpur. Its office consists of 3 departments: Sales,
Engineering and Finance. It has a Sales office in Singapore located 350km away from Kuala Lumpur and hosts
50 employees. The following topology illustrates the network architecture and topology of the Kuala Lumpur
office of Company-A and Singapore Company-B.

The Kuala Lumpur office has simple network architecture. Clients workstations are connected to an access
switch, then connected to a distributed switch and then to the router’s inside interface. The firewall’s outside
interface connects directly to the internet service provider (ISP) router. The ISP completely manages this router
and the company-A has no control over it. A third interface on the firewall hosts a demilitarised zone (DMZ)
hosting several servers. These servers include web, email and FTP applications.

The goal is to protect the internal and DMZ hosts from external threats. As a network security specialist, you
are required to provide a security solution for company-A and company-B. All your configuration using ipv6
and ipv4.

There are some requirements in the above scenario that must be considered in this security design.

1. Client workstations (sales, engineering and finance) must be able to access the web server at the DMZ
over HTTP and HTTPS. The web server should be reachable from the external clients over HTTP and
HTTPS only. (Solution and configuration)

2. Clients should also be able to put and get files via FTP to the same server. The company requires
implementing FTP with user and password is essential for each transaction. (Solution and
configuration.)

3. Engineering and sales workstations must be able to access the Internet (to reach company B) over
HTTP and HTTPS with DNS. No other protocol access is allowed to the Internet. (Solution and
configuration.)

4. Client workstations must be able to check their e-mail on the e-mail server at the DMZ. (Solution and
configuration.)

5. The e-mail server should be able to receive e-mail from external hosts over the simple mail transfer
protocol (SMTP). (Solution.)

6. No client from sales, engineering and finance department is able to access clients in the other
departments. (Solution and configuration.)

7. Layer two securities is a requirement in the company-A LAN. (Solution and configuration.)
NWS Assignment
8. Bastion host works as an application proxy. You are required to explain the solution in detail.
(Configuration is not required.)

9. Connectivity between company-A in Kuala Lumpur and company-B in Singapore is a requirement.

What is the best solution? Elaborate on the solution. (Configuration is not required).

10. Data transmitted over the network must be kept disguised and only intended recipient can read it.
Hackers are unable to understand the content even they are able to wiretap the communication.
(Solution on the techniques, no configuration is required)

11. The company requires implementing intrusion detection systems (IPS). (No Configuration is required.)

12. Implement VPN (Tunneling) between Singapore and Kuala Lumpur. (Configuration is required.)

13. Implement IpSec encryption between Singapore and Kuala Lumpur. (Solution)

14. Implement AAA (Authentication, Authorization and Accounting) for K.L network (Configuration)

Note: The “solution” in the parenthesis means that, you have to recommend, what should be done in
order to fulfil the company’s requirement. In this case, you do not have to configure any of the
device(s) in the topology. The “configuration” in the parenthesis means that, in addition to the solution
that you provide, you have to implement it by configuring the appropriate device with commands and
setups.

Guidelines for the Report:

Document the results of your work in a professional and systematic manner, in the form of a computerized
report. One (1) softcopy and hardcopy of your documentation is to be submitted.
Your completed documentation should meet the following requirements:
1. Table of contents for every detailed chapter/section.
2. Marking Table
3. Gantt Chart
4. Detailed Work Breakdown Structure
5. Introduction
6. Chapters / sections
7. Recommendations
8. Network configurations
9. Documentation of the configured device(s) (Screen shot of device configured e.g. router or firewall)
10. Conclusion
11. Contribution of each member
NWS Assignment
12. Appendices
13. Bibliography or References

In your document the report is to be written in a professional manner, paying due regard to the following
aspects:

 The report is to be written in the 3rd person.

 The report should have a consistent layout and be divided into enumerated sections, sub-sections, sub-sub
sections etc.
 The report should be fully referenced using the University standard.
 Your report must be typed using Microsoft Word with Times New Roman font and size 12. Expected
length is 5,000 words (excluding diagrams, appendixes and references). You need use to include a word
count at the end of the report and it should be in 1.5 spaces.
 Submission of reports that are unprofessional in its outlook (dirty, disorganised, inconsistent look, varying
coloured paper and size) will not fare well when marks are allocated.
 Ensure that the report is printed on standard A4 (210 X 297 mm) sized paper.
 The report should have a one (1”) margin all around the page as illustrated below:

1 inch 1 inch
1 inch

1 inch

The Typed Text

1 inch

1 inch

1 inch 1 inch

 Every report must have a front cover. A transparent plastic sheet can be placed in front of the report to
protect the front cover. The front cover should have the following details:

o Name
o Intake code.
o Subject.
o Project Title.
o Date Assigned (the date the report was handed out).
o Date Completed (the date the report is due to be handed in).

Submission requirements

A softcopy containing an electronic version of the document and video presentation via terms (15 minutes) of
group member. The total word count of the main body of the document (excluding title & contents pages) is to
be in the region of 5000 words.

Marking Table

Please note that during the preparation of your assignment, you must include the following marking table.
Ensure you fill in the details of your team members’ full names and their respective student IDs.

The marking table must be placed on a single page, located as either the second or third page of your final
assignment documentation. Each team member’s name must only appear once. The schedule for the
presentation will be announced in due time.
NWS Assignment
Assessment Criteria:
 NWS Assignment

Marking Scheme (based on SLT):

Group Components (40%)

CLO1: Design secure network based on scenario given

CL02: Choose appropriate security technologies to overcome the threats and risks presented to a computing
system in a given realistic scenario. (A3, PLO6)
(Problem Solving and Scientific Skills = 40 marks)

Marking 0-4 5-8 9-12 13-16 17-20 Marks

Criteria (Distinction) Awarded
(Fail) (Marginal (Pass) (Credit)
Fail)

Poor research Very brief Research and Well research Very well
and research and investigation and analysis and
investigation of investigation of are done but investigation is investigation of
the problem. the problem. not in depth. done. Good the problem.
Poor Poor evaluation Appropriate evaluation of Outstanding
evaluation of of the evaluation of the evaluation of
the requirement. the requirements the
requirement. requirements with proper requirements
Network with proper reasoning with with proper
Design reasoning with proper project reasoning.
proper project planning and Outstanding
planning and management. project planning
management. and
management
with the
screenshots of
used tools.
CLO3: Participate in developing secure network diagram by integrating layer 2 security, layer 3 security and
firewall technologies using appropriate simulation tool
(Social Skills, Team Skills and Responsibilities = 20 marks)

Marking 0-4 5-8 9-12 14-16 17-20 Marks

Criteria (Distinction) Awarded
(Fail) (Marginal (Pass) (Credit)
Fail)

Ip address No task Poor task Imbalance task Balance Balance

task distribution distribution distribution distribution of distribution of
distribution among the team among the tasks among tasks among the
members. team the team team members.
Irrelevant members. members. Accurate
technologies Acceptable Accurate technologies
 NWS Assignment
chosen technologies technologies chosen and
chosen but chosen but detail
explanation explanation explanation
not in depth provided not in provided
depth

Individual Components (60%)

CLO3: Cooperate as a team to respond to an incident
CL04: Present the proposed security solution effectively to solve organization problems (A2, PL04)
(Social Skills, Team Skills and Responsibilities = 30 marks each)

Marking 0-6 7-14 15-20 21-25 26-30 Marks

Criteria (Distinction) Awarded
(Fail) (Marginal (Pass) (Credit)
Fail)

Practical Poor in basic Not able to Able to apply Able to apply Able to apply
Demonstrati knowledge apply new idea new idea on new idea or new idea or
on (30 or knowledge to knowledge to a knowledge to a knowledge to a
marks) a given problem given problem given problem given problem
with assistance and but unable and able to
from lecturer to propose propose
or student
alternative alternative
applications applications

Technical Poor in basic Not able to Able to apply Able to apply Able to apply
Configuratio knowledge apply new idea new idea on new idea or new idea or
n (30 marks) or knowledge to knowledge to a knowledge to a knowledge to a
a given problem given problem given problem given problem
with assistance and but unable and able to
from lecturer to propose propose
or student
alternative alternative
applications applications

Total Marks