NCSSEC 802
Assessment 1
INFT 1373 - Design, implement and secure access solutions
Due Date: Session 8 (12-Sept-2023)
Submission Method: online via eLearn
Demonstrations: in the Class
Please read all instructions and questions carefully prior to writing. Ask your teacher to
clarify any issues prior to commencing the exam.
Note: This assessment is an extract of the solutions, you will be deploying in
Assessment 2 – Project available on eLearn
Instructions:
Your assignment will not be accepted unless it meets the following conditions:
1. As a part of the assessment 1, all students must also submit a draft proposal
(executive summary) for the assessment 2
2. All students must complete and submit their individual assessment 1 tasks
3. You must present the practical solutions/ results with visible images captured and pasted into
your document.
4. Make sure to use the cover page (available on eLearn) and include your name and student ID.
5. Your submitted assignment file should be a SINGLE PDF. See eLearn for due date and further
assignment notes.
6. All answers should be in your own words and use appropriate referencing where required.
7. Assignments must be presented with a consistent font. All pages of your assignment must
include your name and student ID in the footer area
Assessment Tasks
Task1: Plan and Implement Role-Based Access Control
Configure role-based access control using AAA authentication on R2 and Access Control server,
meeting all the following requirements (topology diagram is given on next page):
1. Enable AAA authentication on R2 using TACACS+ protocol using the shared secret key
"cisco123."
2. Add R2 IP address 192.168.100.2 as the AAA client on Access control server.
3. Configure RBAC views using the information in following table
Active Directory Users
Monkey/ITAdmins
RBAC on R2
Users should be able to configure any AAA related configuration
Users should be able to configure any TACACS+ and RADIUSrelated parameters.
Users should be able to apply any interface-specific commands.
Users should be able to execute any show commands.
Users should not be able to configure any other commands.
Monkey/Research
Users should be able to configure any dynamic routing protocols and
static routes.
Users should be able to configure interfaces.
Users should not be able to shut or no shut all interfaces.
Users should be able to view interface configurations
Users should not be able to execute any other show commands.
Task 2: Plan and Implement certificate-based 802.1x authentication for Wired 802.1x. All NonDomain PCs must be denied the authentication
Requirements:
PC1
•
PC1 must be joined to the domain
•
Enrol a computer certificate for Authentication
•
Configure “Wired AutoConfig “service to start via domain Group Policy
•
Demonstrate successful 802.1X authentication
© Canberra Institute of Technology
NCSSEC802 – Assessment 1
Page 2 of 4
PC2
•
PC2 is a standalone PC
•
Configure “Wired AutoConfig “service.
•
Demonstrate failed 802.1X authentication
Demo User:
•
Active Directory User named Bruno Okada must enrol a user certificate
AD Environment:
•
Configure Automatic enrolment for computer and user certificates
Access Control Server AAA Configuration:
•
Configure Protocol Definition for certificate-based authentication (ie EAP-TLS)
•
Certificate Authentication Profile
•
Configure Authentication Policy
•
Configure Authorization Policy
Note: Refer to weeks 4, 5 and 6 for certificate-based Authentication
TOPOLOGY
Note: PC1 and PC2 are physical machines running Windows 8.1. Make sure to connect them to appropriate ports for
the tasks
© Canberra Institute of Technology
NCSSEC802 – Assessment 1
Page 3 of 4
END
Ensure you have written your name & CIT number on the coversheet.
Are you sure you have answered every question?
© Canberra Institute of Technology
NCSSEC802 – Assessment 1
Page 4 of 4