Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 Assessment cover sheet Security fundamentals – Lab 2 Student’s name Student’s ID Qualification ICA50405 – Diploma of Information Technology (Networking) Assessment Security fundamentals Unit of competency National ID Title ICAS5118C Manage system security Assessment description This assessment covers the performance criteria for managing system security. Due date Date submitted Student’s declaration Yes No I/We have read and understood the details of the assessment. I/We have been informed of the conditions of the assessment and the appeals process. I/We agree to participate in this assessment. I/We certify that the attached is my/our own work. Student’s signature Date Assessment results Not yet competent Competent Comments/Feedback from assessor to student Comments/Feedback from student to assessor Assessor’s name Date Assessor’s signature Student’s name Date Student’s signature Page 1 of 9 © Department of Training and Workforce Development 2010 Version 1, June 2010 Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 Instructions for students 1. In order to meet the criteria, you will need to complete all parts of this assessment. 2. This assessment can be done during class time or outside of class time. 3. Discussion with other team members is encouraged however all work submitted must be substantially your own. 4. You may be required to explain or demonstrate your understanding of any component of this assessment. 5. If you are quoting work that is not your own it must be appropriately referenced. 6. Submitted work must meet presentation standards appropriate to the workplace or your registered training organisation, eg header/footer, consistent formatting, spelling, grammar. 7. All work must be submitted by the due date. 8. If you have any questions please see your trainer. Performance measurement 1. You will need to complete all components without errors. 2. All files are to be correctly saved with appropriate names or as instructed. 3. Failure to do either of these tasks will result in a non-submission of assessment. Date <RTO to enter date> Assessment Security fundamentals – Lab 2 Assessment tasks Multiple tasks. These exercises and labs can be found in: Chapter 2 – ‘Creating Security Baselines’ of the Textbook Chapter 2 – ‘Establishing and Maintaining Baseline Security’ of the Lab Manual. Submission checklist Please make sure that you have the following documents ready for submission. 9 Review answers 2 Case scenarios 4 Lab exercises Lab challenge 6 Lab review answers © Department of Training and Workforce Development 2010 Version 1, June 2010 Page 2 of 9 Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 Security fundamentals – Lab 2 Recommended texts Wettern, J 2005, Security + Certification Textbook, Microsoft Press, Redmond, WA Grasdal, M 2005, Security + Certification Lab Manual, Microsoft Press, Redmond, WA Questions The questions and case scenarios for this lab can be found in Chapter 2 of the textbook. Review answers 1. 2. 3. 4. 5. 6. 7. 8. 9. ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ Case scenarios 2.1 Trusted computing base 2.2 Security baseline Page 3 of 9 © Department of Training and Workforce Development 2010 Version 1, June 2010 Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 Lab work Set up Ask your trainer for the lab set-up guide. Set up two images using VMware® or Microsoft ® Virtual PC. The first image is to be the instructor machine. Instructor computer set up 1. Install Microsoft® Windows Server® 2003 and name the computer ‘Instructor01’. 2. Configure the image using the settings shown below. Computer name Instructor01 ip address 10.1.1.200 Subnet Mask 255.255.0.0 Gateway Blank DNS server 10.1.1.200 Workgroup 3. Install Active Directory by running the dcpromo command. Configure Active Directory using the settings shown below. Domain controller for new domain Create new forest Domain name contoso.com NetBios name contoso DNS server self: 10.1.1.200 4. Add the application server role (IIS and asp.net) by running the ‘Configure your server’ wizard. 5. Copy set-up files as per instructions in the set-up guide. 6. Raise the domain functional level to Windows Server 2003 using the Active Directory domains and trusts tools. 7. Raise the forest functional level to Windows Server 2003 using the Active Directory domains and trusts tools. 8. Using Active Directory Users and Computers create the following OU and user account structure. OU User account Student Admin1 Admin 2 Users Student1 Student2 ALS User1 User2 Employees © Department of Training and Workforce Development 2010 Version 1, June 2010 Page 4 of 9 Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 9. Create the following groups. Group Members Member of ClassAdmins Admin1 Admin 2 Account operators 10. In Active Directory Users and Computers, click users and select RAS and IAS servers property page. In the members tab, add domain computers. 11. Delegate control of the EmployeesOU to admin and student accounts. Use the Active Directory Users and Computers tools and the Delegation of Control wizard. 12. Install Windows Software Update Services. 13. Install Windows Certificate Services using Add/remove Windows Components. Configure Certificate Template Permissions using Active Directory Sites and Services. Under the Show Services Node, expand Services, expand Public Key Services, and click Certificate Templates. Under EFSRecovery Properties, add the ClassAdmins group and give them read and enrol allow permissions. Under the Webserver properties, add the AuthenticatedUsers group and give them enrol allow permissions. 14. Configure DNS by adding a reverse lookup zone for 10.x.x.x and allow both secure and insecure dynamic updates. 15. Configure IIS with a digital signature by installing a server certificate which is under directory security in the properties page of the default web server. 16. Enable the IIS session state in IIS by selecting enable session state in Application configuration in the Home Directory tab of the default web site property page. Select all for inheritance overrides. 17. Verify that .p7b exists in the application extensions for the CertSrv virtual directory. See the detailed instructions to add the extension if it doesn’t exist. Student computer set up 1. Install Windows Server 2003 and name the computer ‘Computer01’. 2. Configure the image using the settings shown below. Computer name Instructor01 ip address 10.1.1.200 Subnet Mask 255.255.0.0 Gateway Blank DNS server 10.1.1.200 Workgroup 3. Create the following user accounts in Local users and Groups. Username: Sally Username: Bob Set the administrator password (if not done so already). 4. Join the contoso.com domain. Page 5 of 9 © Department of Training and Workforce Development 2010 Version 1, June 2010 Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 5. Use the ‘Configure your server’ wizard to install Application Server Role and install FTP, SMTP and POP3 services. 6. Add Sally, Bob and Contoso\Admin01 to the local Administrator Group. 7. Copy the Lab Manual Folder from the Student CD to C:\Lab Manual. 8. Download a recent version of SuperScan™ and install it. 9. On the instructor computer create an OU called ClassroomServers and move the Computer01 account into the OU. 10. In the property sheet of the Classromm ServersOU tick the setting ‘Trust This Computer For Delegation To Any Service (Kerberos Only)’ option. Lab exercises Complete the following exercises from the Lab Manual. An answer sheet is provided at the end of this document. Exercise 2.1 Creating and applying security templates Exercise 2.2 Monitoring baseline security by using security configuration analysis Exercise 2.3 Assessing baseline security by using Microsoft baseline security analyser (MBSA) Exercise 2.4 Maintaining baseline security by using Microsoft software update services (SUS) Lab challenge 2.1 Automating MBSA scans Lab exercises for Windows Server 2008 Navigate to the Microsoft technical website at http://technet.microsoft.com/en-au/default.aspx. Use the search function to locate the ‘Microsoft Baseline Security Analyzer 2.1’. Download and install this tool and use it to generate a security baseline. © Department of Training and Workforce Development 2010 Version 1, June 2010 Page 6 of 9 Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 Trainer sign off The following exercises will need to be sighted for evidence. Exercise 2.1 Exercise 2.2 Exercise 2.3 Exercise 2.4 Lab challenge 2.1 Trainer’s name Date Investigation Navigate to the Microsoft technical website at http://technet.microsoft.com/en-au/default.aspx. Use the search function to locate the ‘Windows Server 2003 Administrator's Guide’. Download the guide. Describe the information contained in the guide: What is the significance of the title ‘Evaluated Configuration’? When would it be appropriate to use this guide? Page 7 of 9 © Department of Training and Workforce Development 2010 Version 1, June 2010 Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 Lab review answers Question 1 Question 2 Question 3 Question 4 Question 5 © Department of Training and Workforce Development 2010 Version 1, June 2010 Page 8 of 9 Workplace delivery of ICA50405 – Diploma of Information Technology (Networking) Security fundamentals – Lab 2 Question 6 [End of document] Page 9 of 9 © Department of Training and Workforce Development 2010 Version 1, June 2010