NCSSEC 802 Assessment 1 INFT 1373 - Design, implement and secure access solutions Due Date: Session 8 (12-Sept-2023) Submission Method: online via eLearn Demonstrations: in the Class Please read all instructions and questions carefully prior to writing. Ask your teacher to clarify any issues prior to commencing the exam. Note: This assessment is an extract of the solutions, you will be deploying in Assessment 2 – Project available on eLearn Instructions: Your assignment will not be accepted unless it meets the following conditions: 1. As a part of the assessment 1, all students must also submit a draft proposal (executive summary) for the assessment 2 2. All students must complete and submit their individual assessment 1 tasks 3. You must present the practical solutions/ results with visible images captured and pasted into your document. 4. Make sure to use the cover page (available on eLearn) and include your name and student ID. 5. Your submitted assignment file should be a SINGLE PDF. See eLearn for due date and further assignment notes. 6. All answers should be in your own words and use appropriate referencing where required. 7. Assignments must be presented with a consistent font. All pages of your assignment must include your name and student ID in the footer area Assessment Tasks Task1: Plan and Implement Role-Based Access Control Configure role-based access control using AAA authentication on R2 and Access Control server, meeting all the following requirements (topology diagram is given on next page): 1. Enable AAA authentication on R2 using TACACS+ protocol using the shared secret key "cisco123." 2. Add R2 IP address 192.168.100.2 as the AAA client on Access control server. 3. Configure RBAC views using the information in following table Active Directory Users Monkey/ITAdmins RBAC on R2 Users should be able to configure any AAA related configuration Users should be able to configure any TACACS+ and RADIUSrelated parameters. Users should be able to apply any interface-specific commands. Users should be able to execute any show commands. Users should not be able to configure any other commands. Monkey/Research Users should be able to configure any dynamic routing protocols and static routes. Users should be able to configure interfaces. Users should not be able to shut or no shut all interfaces. Users should be able to view interface configurations Users should not be able to execute any other show commands. Task 2: Plan and Implement certificate-based 802.1x authentication for Wired 802.1x. All NonDomain PCs must be denied the authentication Requirements: PC1 • PC1 must be joined to the domain • Enrol a computer certificate for Authentication • Configure “Wired AutoConfig “service to start via domain Group Policy • Demonstrate successful 802.1X authentication © Canberra Institute of Technology NCSSEC802 – Assessment 1 Page 2 of 4 PC2 • PC2 is a standalone PC • Configure “Wired AutoConfig “service. • Demonstrate failed 802.1X authentication Demo User: • Active Directory User named Bruno Okada must enrol a user certificate AD Environment: • Configure Automatic enrolment for computer and user certificates Access Control Server AAA Configuration: • Configure Protocol Definition for certificate-based authentication (ie EAP-TLS) • Certificate Authentication Profile • Configure Authentication Policy • Configure Authorization Policy Note: Refer to weeks 4, 5 and 6 for certificate-based Authentication TOPOLOGY Note: PC1 and PC2 are physical machines running Windows 8.1. Make sure to connect them to appropriate ports for the tasks © Canberra Institute of Technology NCSSEC802 – Assessment 1 Page 3 of 4 END Ensure you have written your name & CIT number on the coversheet. Are you sure you have answered every question? © Canberra Institute of Technology NCSSEC802 – Assessment 1 Page 4 of 4