Cambridge

TECHNICALS

OCR LEVEL 3
CAMBRIDGE TECHNICAL
CERTIFICATE/DIPLOMA IN

IT

NETWORKED SYSTEMS SECURITY

J/601/7332

LEVEL 3 UNIT 28

GUIDED LEARNING HOURS: 60

UNIT CREDIT VALUE: 10

NETWORKED SYSTEMS SECURITY
J/601/7332
LEVEL 3

AIM AND PURPOSE OF THE UNIT

On completion of this unit learners will know the range of
network attacks, where they originate and why. Learners will
be able to use this information to develop an understanding
of the ways in which networks can be protected and how
organisations can avoid or reduce their risk of attack and plan
security procedures to protect the network. Learners will also
have the necessary practical skills to configure hardware and
software to improve security against attack and carry out tests
on systems to confirm that the network system is secure from
potential attacks and threats.

www.ocr.org.uk 2

ASSESSMENT AND GRADING CRITERIA
Learning Outcome (LO) Pass
The assessment criteria are
the pass requirements for
this unit.
The learner will: The learner can:
1 Know the types and P1 describe how networks
sources of network can be attacked
attacks
2 Know about security P2 describe how
related hardware and networked systems can
software be protected
3 Understand P3 explain what an
organisational aspects organisation can do
of network security to minimise security
breaches in networked
systems
4 Be able to apply system P4 plan procedures to
security secure a network
P5 configure a networked
device or specialist
software to improve the
security of a network
3
Networked systems security Level 3 Unit 28
Merit Distinction
To achieve a merit the To achieve a distinction the
evidence must show that, in evidence must show that,
addition to the pass criteria, in addition to the pass and
the learner is able to: merit criteria, the learner is
able to:
M1 explain reasons why
networks can be
attacked
M2 explain types of
security hardware
and software which
are used to protect
networks
D1 compare the
effectiveness of security
measures used by
organisations
M3 develop user D2 develop a test plan to
documentation to test the security of the
enable users to secure a network system
network
TEACHING CONTENT
The unit content describes what has to be taught to ensure that learners are able to access the highest grade.
Anything which follows an i.e. details what must be taught as part of that area of content.
Anything which follows an e.g. is illustrative, it should be noted that where e.g. is used, learners must know and be able to apply
relevant examples to their work though these do not need to be the same ones specified in the unit content.

LO1 - Know the types and sources of network attacks • firewalls

• types of threats -- hardware
-- external hacking -- anti-virus software.
-- internal hacking • intrusion detection.
-- malware; worms, viruses, spyware, Trojans, time bombs
LO3 - Understand organisational aspects of network
and Denial of Service attacks
security
-- theft of resources and equipment.
• risk assessment to establish minimum levels of access for
• reasons for carrying out attacks or hacking into systems
users
-- cyber terrorism
-- hacktivism • clarity and simplicity of security procedures
-- espionage, (industrial or international) -- effect of procedures on staff, (i.e. training requirements)
-- personal gain -- implementation/maintenance costs against lost time/
-- disgruntled employees trying to retaliate against the data recovery costs.
employer.
• different types of networks
LO2 - Know about security related hardware and -- wired
software -- Wi-Fi
Hardware -- LAN (Local Area Network)
-- WAN (Wide Area Network)
• security systems
-- MAN (Metropolitan Area Network)
-- physical, (e.g. key pad, card entry, surveillance cameras,
-- CAN (Campus Area Network)
fingerprint readers, locking equipment cabinets,
-- serve based networks
parallel systems, access control, circuit breakers, fuses)
-- peer to peer networks.
-- routers
-- switches • effectiveness of security measures
-- wireless access point. -- size of organisation
Software -- type of industry, (e.g. retail, finance, e-commerce etc)
-- external and internal security functions
• operating system security -- deterrent measures
-- confidentiality levels -- preventative measures.
-- integrity of software and data.
• policies
• software security -- guide decision making
-- passwords -- allow managerial discretion
-- user permissions -- integral part of organisational strategies
-- updates and patches. -- formulated by top management.
• LANS • procedures
-- authentication, (e.g. Wire Equivalence Privacy, WI-FI -- drive actions
Protected Access) -- detailed and rigid
-- access control, (e.g. Medium Access Control). -- tactical tools.
• encryption • examples of policies and procedures include:
-- symmetric, public key -- backup
-- encryption protocols, (e.g. Secure Socket Layer).

www.ocr.org.uk 4
 Networked systems security Level 3 Unit 28

-- recovery • configuration change control and monitoring

-- data classification (e.g. public, confidential,
commercially sensitive)
-- authentication passwords, usernames
-- biometrics
-- physical security
-- identify passes
-- key cards
-- locked door or locked computer requirements
-- inappropriate website access policies e.g.
• pornographic and other inappropriate websites
• mobile technology security
• copying and downloading of software
• anti malware measures (e.g. up to date anti-malware
software)
• back up and back up locations
• data destruction
• the security software and hardware which can be
implemented.
LO 4 - Be able to apply system security
• network security plan document to include:
-- sections:
• title page with organisation name, system
identification, (e.g. name, identification code, name
of system security plan owner document version
table)
• system characteristics should include the following:
• system type
• system status
• purpose of system
• system interconnection and information sharing
• programs and applications on system.
• applicable laws or regulations
• security level
• protection requirements
• management controls including certification,
accreditation, tasks and milestones, continuous
monitoring
• security planning policy and procedures
• rules of behaviour
• software usage restrictions
• user installed software.
-- operation controls to include:
• security awareness and training and associated
policy and procedures
• awareness courses
• security training for users and technical staff
• security training records
• access restrictions.
-- contingency planning
• contingency policy and procedures
• contingency plan
• contingency training
• contingency plan testing and exercises to be carried
out
• a range of contingency activities, (e.g. alternative
storage sites, information system backup,
telecommunication services, information system
recovery and rebuild)
• control policies, (e.g. incident response,
maintenance, physical access, media protection,
personnel security, information input, error
handling, spam protection)
• technical controls, (e.g. access management and
enforcement, information flow, separation of duties.
Number of attempts at log in , period of time for
which failed attempts at log-in will count towards
the total permitted number, remote access, wireless
access restrictions, control of mobile devices
including laptops).
-- test plan
• create a test plan containing the following
headings:
• test number
• date of test
• description of test
• anticipated test result
• actual test result
• issues
• actions to be taken.
• the test plan should monitor system security
elements including:
• level of staff training in correct security
procedures
• level of staff awareness of the need for security
as stated in the network security plan
• the level of contingency training
• what contingency plan testing has take place
• what contingency exercises have taking place
• what security issues have been identified and
addressed
• the success or failure of the elements of the
security plan
• the success or failure of the elements of the
contingency plan.

5
• securing networks - hardware
-- use of shielding, (transmission control)
-- intrusion detection, (e.g. alarms)
-- router
-- switch
-- wireless access points.

• securing networks - software

-- personal access control
-- setting protocols and access levels
-- encryption of files
-- configuring firewalls and anti-virus software.

www.ocr.org.uk 6
 Networked systems security Level 3 Unit 28

DELIVERY GUIDANCE
Know the types and sources of network attacks Tutors can use examples, such as when organisational systems
have been unavailable or slow because of the testing or
Learners must be taught about the different types of threats
checking. Examples such as these will enable learners to
to network security. This could be delivered through a
understand why interference with normal processing and
presentation of the different types of threats and how they
usage is one way in which users can become disaffected
affect networks i.e. what do they do. Learners could then
with security. It is important for learners to understand that
research “real life” examples of the different types of threats.
security systems which use too much user time or require
A group discussion could then follow on how these attacks are
irrelevant activities to be carried out can cause security plans
implemented and why the attacks are instigated e.g. external
to:
hacking to extract sensitive information, cyber terrorism
– attacking particular governments to try and destroy or • not be implemented properly
discredit them.
• not be implemented at all
Encouraging learners to research articles or recorded
• circumvented by the user.
discussions of real-life examples where threats have turned
into reality is a way to engage them. They in turn can conduct Understand organisational aspects of network security
further research, possibly working in teams, and present other
The tutor could begin by asking learners to review:
examples, which can be fed back to the whole group through
discussion or presentations. The tutor can use this activity • the knowledge that they have already gathered
to correct any misconceptions and fill in any gaps in the
• the restrictions and behaviours that they have to deal
knowledge demonstrated.
with when using the institutional, training or work based
Know about security related hardware and software information systems
Learners must have a good understanding of the constraints • creating lists of policies and procedures which these
and principles for designing network security measures, for represent.
example no user should have higher access levels than they
need to carry out their legitimate activities. Information It is important that tutors ensure that learners can
relating to the different hardware and software security differentiate between policies and procedures before
measures could be presented to the learners through a embarking on this activity.
presentation. An overview of the different security measures The learner must be introduced to the range of policies and
could be given, with the learners then having to consider procedures which can be used to minimise security breaches,
different “real life” examples of when the different measures these should include the policies and procedures identified in
are used, e.g. - use of card entry systems to access buildings the teaching content.
and rooms, for example the server room for a network is
normally protected by a lock or keypad. Learners should be Through a group discussion, learners could discuss the
taught about the different hardware and software available security measures implemented by different organisations
to support the securing of a network as per the teaching and compare their effectiveness as per the teaching content.
content. The learners must have an understanding of how
hardware and software can be configured and used to secure
different types of networks.

7
Be able to apply system security
It is important that learners understand the need to test
security measures and how the tests can be carried out.
Learners should be asked to consider the different security
threats and attacks that they have previously been taught and
their associated security measures. They should then think
about how these security measures could be tested. The
learners should be given guidance on what constitutes a good
test plan i.e. number of test, date of test, description of test,
anticipated result of test, actual test result, issues that have
occurred and the number of the re-test.

Through a group discussion between the tutor and the class, a

plan should be devised to secure a given network. This could
be based on a type of organisation e.g. insurance company
who will store information relating to their customers i.e.
names, addresses, dates of birth, bank details etc. They could
be given a template of a network security planning document
to complete for the network.

The learners will need to consider what documentation

should be put into place to support the users who need to
apply the procedures. This can include the network managers
who have to put the security measures in place, to the staff
who have to use login procedures etc. This again could be
delivered by having an initial group discussion between the
tutor and the learners about who may need documentation
and why. The class could then work together in smaller
groups to develop user documentation for the different
personnel involved.

Learners should be given a network system where they have

to a) plan the security measures to be implemented using the
appropriate documentation, b) devise user documentation
so that the users can implement the security measures, c)
develop a test plan to test the security of the network system
after the security measures have been implemented.

www.ocr.org.uk 8

SUGGESTED ASSESSMENT SCENARIOS AND TASK PLUS GUIDANCE ON
ASSESSING THE SUGGESTED TASKS
It should be noted that the evidence for a number of
assessment criteria could be provided in a single report but
this is at the discretion of the tutor.
Assessment Criteria P1 and M1
For P1, learners are required to describe how networks can be
attacked. They must be able to provide at least one example
of each of the types of threats from the teaching content, but
can present more examples. Learners could produce a report
or a presentation with detailed speaker notes. Alternatively
learners could produce a table with appropriate headings.
For merit criterion M1 learners must explain the reasons why
networks can be attacked and present their findings. This could
be an extension of their evidence for P1, explaining the type of
threats and why these attacks are carried out. This could be an
extension to the report produced for P1 or an extension to the
presentation. If the learner used the table format for P1, they
could produce a separate report or presentation.
Assessment Criteria P2, M2
The learner could evidence P2 by creating a report,
presentation with detailed speaker notes or a leaflet
describing how networked systems can be protected.
Learners may find it easier, if they give examples of different
threats, as produced as evidence for P1, and then provide a
description of how a network can be secured to prevent the
attacks taking place.
For merit criterion M2 learners must explain the types of security
hardware and software which are used to protect networks.
They could provide the information in a report, presentation with
detailed speaker notes or in a table. The evidence should include
at least three different types of security hardware and three
different types of security software.
Assessment Criteria P3, D1
P3 could be achieved through learners producing a report
or presentation with detailed speaker notes explaining what
an organisation can do to minimise security breaches in
networked systems. Learners could be given a scenario for a
particular type of organisation.
For distinction criterion D1 learners must provide a comparison
of the effectiveness of security measures used by organisations.
They should compare organisations of different sizes and
types in order to provide a comparison of the external and
internal security functions, deterrent measures and preventative
9
Networked systems security Level 3 Unit 28
measures. They could provide this in a table format, a report or as
a presentation with detailed speaker notes.
Assessment Criteria P4, M3 and D2
P4 may be achieved by the learner producing a plan of
the necessary security procedures required to protect the
network of a given system. The evidence will be the plan.
For merit criterion M3 learners must produce documentation that
will enable the staff involved in the security of the IT system to
implement the planned security measures. The documentation
can be in either paper format, electronic, interactive presentation
etc. Learners should ensure that the documentation is clear and
easy to follow.
For distinction criterion D2 learners must produce a test plan
which can be used to test the security of the network. The test
plan must be detailed and include the headings identified in the
teaching content.
Assessment Criterion P5
For P5, learners will need to configure a networked device
or specialist software to improve the security of a network.
Evidence could be presented in the form of annotated photos
or screenshots supported by detailed assessor observation.
SUGGESTED SCENARIOS
Learners could be given a scenario for a particular type of
organisation e.g. small travel agents who have 6 computers
on a wired network linked to a server. The information stored
on the server includes: names, addresses and telephone
numbers of customers wishing to purchase a property as
well as the vendors (people selling properties). All of the
accounts information including the payroll is stored on the
server. The computers are used by the accounts manager, the
office manager, two admin assistants and two qualified estate
agents who conduct valuations on properties.
RESOURCES
This unit requires that learners have access rights to the
hardware and software of a network and also to any
security components. They must be able to change and
monitor security settings. The access to hardware and the
opportunities to add or change components also requires that
learners have the necessary training in the Health and Safety
aspects of working with live electronic equipment. Tutors will
need to be experienced in all of these areas in order to train
and support learners throughout the unit.

Access to network systems is also important for learners to

carry out security hardware and software configurations,
and carry out the necessary learning activities for learning
outcome 4.

Learners may require internet access to conduct research on

“real life” security breaches.

www.ocr.org.uk 10
 Networked systems security Level 3 Unit 28

MAPPING WITHIN THE

QUALIFICATION TO THE OTHER
UNITS
Unit 1 - Communication and employability skills for IT

Unit 4 - Managing networks

Unit 5 - Organisational systems security

Unit 7 - Computer networks

LINKS TO NOS
6.2 IT Security Management

6.3 IT Disaster Recovery

11
CONTACT US
Staff at the OCR Customer Contact Centre are available to take your call
between 8am and 5.30pm, Monday to Friday.
We’re always delighted to answer questions and give advice.

Telephone 02476 851509

Email cambridgetechnicals@ocr.org.uk
www.ocr.org.uk

www.ocr.org.uk 12