Answer Booklet & Marking Guide

ICTNWK502 Implement Secure Encryption

Technologies

Student Must Fill this Section

Student Name:

Student ID: Term: 1 Year:

2021

Privacy
“I give my permission for my assessment material to be used in the
Release
auditing, assessment validation & moderation Process”.
Clause:
“I declare that:
Authenticity  The material I have submitted is my own work;
Declaration:  I have given references for all sources of information that are
not my own, including the words, ideas and images of others”.

Information for Student:

 All work is to be entirely of the student.

General Information for this assessment:

 Read the instructions for each question very carefully.

 Be sure to PRINT your FIRST name & LAST name in every place that is provided.
 Short questions must be answered in the spaces provided.
 For those activities requesting extra evidence such as: research reports, essay reports, etc. The student
must attach its own work formatted in double space, Arial 12 pts.
 All activities must be addressed correctly in order to obtain a competence for the unit of competency.
 If the student doesn’t understand the assessment, they can request help from the assessor to interpret the
assessment.
 Re-submission of assessment after the term will incur additional fees.
Re-assessment of Result & Academic Appeal procedures:

If a student is not happy with his/ her results, that student may appeal against their grade via a written letter, clearly
stating the grounds of appeal to the Chief Executive Officer. This should be submitted after completion of the subject
and within fourteen days of commencement of the new term.

Re-assessment Process:
 An appeal in writing is made to the Director of Studies (DOS) providing reasons for re-assessment
/appeal.
 DOS will delegate another faculty member to review the assessment.
 The student will be advised of the review result done by another assessor.
 If the student is still not satisfied and further challenges the decision, then a review panel is formed
comprising the lecturer/trainer in charge and the DOS OR if need be an external assessor.
 The Institute will advise the student within 14 days from the submission date of the appeal. The decision of
the panel will be deemed to be final.
 If the student is still not satisfied with the result, the he / she has the right to seek independent advice or
follow external mediation option with nominated mediation agency.
 Any student who fails a compulsory subject or appeals unsuccessfully will be required to re-enrol in that
subject.

The cost of reassessment will be borne by the Institute. The external assessor will base his/her judgement based on
principles of assessment. These principles require assessment to be reliable, fair, practical and valid.

Academic Appeals:
 If you are dissatisfied with the outcome of the re-evaluation process, you have a right to appeal through
academic appeals handling protocol.
 To appeal a decision, the person is required to complete the WSC- Request for Appeal of a Decision form
with all other supporting documents, if any. This form is available via our website. The completed Request
for Appeal form is to be submitted to the Student Support Officer either in hard copy or electronically via the
following contact details:
Student Support Officer, Western Sydney College (WSC), 55 High St, Parramatta NSW 2150, Email:
[email protected]
 The notice of appeal should be in writing addressed to the Chief Executive Officer and submitted within
seven days of notification of the outcome of the re-evaluation process.
 If the appeal is not lodged in the specified time, the result will stand and you must re-enrol in the unit.
 In emergency circumstances, such as in cases of serious illness or injury, you must forward a medical
certificate in support of a deferred appeal. The notice of appeal must be made within three working days of
the concluding date shown on the medical certificate.
 The decision of Chief Executive Officer will be final.
 Student would then have the right to pursue the claim through an independent external body as detailed in
the students’ complaint / grievance policy.

Assessment Task 2 – Marking Guide

Assessor Name

Assessment Date/s

Outcomes
Satisfactory
Did the student submit the following? Yes No
Completed written questionnaire.

Performance indicators
Satisfactory
Did the student submit evidences for the following? Yes No
Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Comments/Feedback to Student

Outcome: Successful Unsuccessful

 Student Signature:

Assessor Name:

Assessor Signature:

Resubmission Comments/Feedback to Student

Outcome: Successful Unsuccessful

Student Signature:

Assessor Name:

Assessor Signature:

Scenario/ Case Study

Read the following scenario as background to the assessment tasks:

You are employed as a network administrator in the IT department of WSC educational

institution. WSC delivers a variety of qualifications. It is a new business and is rapidly
expanding. They currently have 30 staff, including management, academic staff, admin,
support, IT department and trainers. Staff use desktops, laptops and printers to accomplish
daily tasks.

WSC has asked you to implement secure encryption technologies. This will involve
completing the following tasks:

1. Determining encryption methods

2. Implementing encryption

3. Monitoring encryption

Review the WSC Information Technology Security Policy, Procedures and Plan, and the
WSC Authentication Policy in Appendix 1 for further relevant information.

You should also review the complete WSC IT policies and procedures document, the WSC
ICT Inventory and WSC strategic plan (available in the student shared folder on the H drive)
for further information and details about WSC and its network.

Based on the above and additional information that may be provided by your
assessor complete the following tasks:

Part A – Determine encryption methods

1. Review WSC Information Technology Security Policy, Procedures and Plan, and the
WSC Authentication Policy in Appendix 1 of this task to analyse enterprise data security
requirements. Write a notification to the IT manager, informing them of the security
requirements. Upload the notification with your assessment submission.
Subject: WSC Security requirements

Hello Sir (IT manager),

I working as a network administrator, I have reviewed Review WSC Information
Technology Security Policy, Procedures and Plan, and the WSC Authentication Policy in
Appendix 1. And now required a data security requirement. In the following I given some
data security requirement they are:

You will have to write an email to me (IT manager) discussing different data security
requirements. For example, you can have a list of different requirements and for each you
have to explain the requirement in detail:

1. Identity and Access Management (IDAM)

Having the proper IDAM controls in place will help limit access to personal data for
authorized employees. The two key principles in IDAM, separation of duties and least
privilege, help ensure that employees have access only to information or systems
applicable to their job function.

What does this mean in terms of GDPR? Only those who need access to personal
information to perform their job have access. In this situation, privacy training should be
available to those individuals to ensure that the intended purpose for the collection of
personal data is maintained.

2. Data Loss Prevention (DLP)

Relevant to GDPR, DLP helps prevent the loss of personal data.

Technical safeguards, such as a DLP tool, are critical in preventing a breach and
becoming the next headline. According to GDPR, organizations, whether they are the
controller or processor of personal information, are held liable for the loss of any
personal data they collect. Incorporating DLP controls adds a layer of protection by
restricting the transmission of personal data outside the network.

3. Encryption & Pseudonymization

Pseudonymization is a difficult word to spell and an even more difficult one to

pronounce, pseudonymization is “the processing of personal data in such a way that
the data can no longer be attributed to a specific data subject without the use of
additional information” (GDPREU.org). This fancy, hard-to-say word, may include field
level encryption in databases, encryption of entire data stores at rest, as well as
encryption for data in use and in transit.

Pseudonymization is something the GDPR “advises” but doesn’t require. However, if an

incident leading to a security breach occurs, investigators will consider if the
organization responsible for the breach has implemented these types of GDPR
technical controls and technologies.

4. Incident Response Plan (IRP):

A mature IRP should address phases such as preparation, identification, containment,

eradication, recovery and lessons learned. But, what if an incident occurs and it was
identified that personal data may have been breached?

There are GDPR technical requirements for your organization’s incident response.
Breach notification requirements are among the most notable in the legislation. Under
GDPR, “In the event of a potential data breach that involves personal information, an
organization must notify the Data Protection Authority without undue delay, within 72
hours if feasible, after becoming aware of the breach; and Communicate high-risk
breaches to affected data subjects without undue delay” (GDPREU.org).

5. Third-Party Risk Management

If an organization entrusts the processing of personal data to a processor or sub-

processor, and a breach occurs, who is liable?

Quick answer: Liability for all!

Processers are bound by their controller’s instructions. However, GDPR data

compliance also obligates processors to have an active role in the protection of
personal data. Regardless of instructions from the controller, the processor of personal
data must follow GDPR and can be liable for any incidents associated with loss or
unauthorized access to personal data. Sub-processors also will need to comply with the
GDPR based on each contractual relationship established between a processor and
sub-processor.

As you can see, GDPR cybersecurity compliance is just as important for third-party
relationships as it is internally for an organization as long as those third parties process,
store, or transmit personal data of EU data subjects.

6. Policy Management

While this is the last concept covered in this post, it’s my personal favorite.

Policy is the teeth, the hammer, and an “accountability partner” for the previously
discussed data security controls.

To be effective, policy must receive enterprise-wide buy-in in order to manage and

update data security controls in an always changing cybersecurity environment. For
best practices, organizational policy acknowledgment and training ensures policies are
properly communicated and understood.

Put it all together and, if managed and followed accordingly, policy management is a
foundation for compliance toward GDPR readiness.

It’s no secret that data protection and security has become a hot topic with the
impending General Data Protection Regulation (GDPR) effective on May 25 th.

Therefore, we need to organise a meeting to discuss these above data protection

technical controls.

Looking forward to hearing from you soon.

Thank you.

Regards,

2. Review WSC Information Technology Security Policy, Procedures and Plan to

determine appropriate encryption methods.
After Reviewed WSC Information Technology Security Policy, Procedures and Plan, I
have determined the following encryption methods.

PAP - Password Authentication Protocol Password Authentication Protocol is one of the

oldest authentication protocols. Authentication is initialized by the client sending a packet
with credentials (username and password) at the beginning of the connection, with the
client repeating the authentication request until acknowledgement is received.

CHAP - Challenge-handshake authentication protocol The authentication process in this

protocol is always initialized by the server/host and can be performed anytime during the
session, even repeatedly. Server sends a random string (usually 128B long). The client
uses password and the string received as parameters for MD5 hash function and then
sends the result together with username in plain text.

IPsec (Internet Protocol Security) IPsec, also known as the Internet Protocol Security
or IP Security protocol, defines the architecture for security services for IP network traffic.
IPsec describes the framework for providing security at the IP layer, as well as the suite of
protocols designed to provide that security, through authentication and encryption of IP
network packets.

Kerberos authentication is currently the default authorization technology used by

Microsoft Windows, and implementations of Kerberos exist in Apple OS, FreeBSD,
UNIX, and Linux. Kerberos is a vast improvement on previous authorization
technologies. The strong cryptography and third-party ticket authorization make it
much more difficult for cybercriminals to infiltrate your network. It is not totally
without flaws, and in order to defend against those flaws, you need to first
understand them. Kerberos has made the internet and its denizens more secure
and enables users to do more work on the Internet and in the office without
compromising safety.

The Kerberos protocol uses a unique ticketing system that provides faster authentication:
  Every authenticated domain entity can request tickets from its local Kerberos
KDC to access other domain resources.

 The tickets are considered as access permits by the resource servers.

 The ticket can be used more then once and can be cached on the client side.

 Kerberos supports mutual authentication. This means that the client

authenticates to the service that is responsible for the resource and that the
service also authenticates to the client.

 Authentication delegation can be looked at as the next step after

impersonation: Thanks to impersonation, a service can access local resources
on behalf of a user; thanks to delegation, a service can access remote
resources on behalf of a user.

3. Review a range of encryption technologies and rank the most appropriate options.

Data encryption involves the translation of data into a format such that only the intend
persons who have a decryption key, also referred to as a secret key will be able to read it.
Before encryption, the data is referred to as plaintext while after encryption the data is
termed as ciphertext.
Data encryption is purposely executed to secure confidential information during storage or
when being transferred from one computer system to another.
There are several data encryption algorithms available:

 TripleDES:

This form of data encryption algorithm applies block cipher algorithms thrice to all
the data blocks individually.
The magnitude of the key is enlarged to provide extra protection by increasing the
encryption ability.
Every individual block constitutes of 64-bit data. In this encryption algorithm, three
keys are used where each key constitutes of 56 bits.
A total of three key permutations are provided under this standard: 
o Option #1: the three keys are independent
o Option #2: keys 1 and 2 are independent 
o Option #3: the three keys are similar

Most importantly, we call #3 triple DES whose key length consists of (3*56 bits =
168 bits) whereas key security consists of (2*56 bits = 112 bits).
The substantially longer key length of this type of encryption algorithms
overpowers other encryption techniques.
Nevertheless, after the development of the advanced encryption standard (AES),
TripleDES has been rendered old-fashioned.

 Advanced Encryption Standard (AES):

AES is the most popular and broadly used symmetric encryption standard today.
Due to the DES’s small key size and low computing capability, a replacement was
required which led to the development of AES.
Compared with Triple DES, it has been proved to be more than six times
faster. Concerning cybersecurity, the AES acronym, in particular, keeps popping
up on all computer screens as it is the world’s most accepted encryption standard.
It is seen while using messaging applications such as Signal and Whatsapp,
computer platforms such as VeraCrypt and other technologies commonly used.
The AES standard constitutes 3 block ciphers where each block cipher uses
 cryptographic keys to perform data encryption and decryption in a 128-bit block.
A single key is used for encryption and decryption thus both the sender and
receiver have the same key.
The sizes of the keys are considered adequate to secure the classified data to a
satisfactory secret level.

 IDEA encryption algorithm

The international data encryption algorithm abbreviated as IDEA is a symmetric

block cipher data encryption protocol.
The key size of the block cipher is 128 bits and is regarded as a substantially
secure and one of the best public standards.
Of the numerous years, this protocol has been in the market, there is no single
attack that has been published in spite of the numerous trials to identify them.
The standard was patent in the US and Europe. It is used for non-commercial
purposes while commercial authentication can be accessed from Ascom-Tech.
Typically, the block cipher runs in round blocks. It applies fifty-two subkeys where
each has a 16-bit length.
Two subkeys are applied for a single round, four subkeys are applied prior to and
after every round.
Typically, both the plain text and the ciphertext have equal sizes of 16 bytes. 

 MD5 encryption algorithm:

This protocol was purposely developed to offer data security as it can take inputs
of arbitrary size to generate a 128-bit hash value output.

Under this protocol, the encryption technique follows 5 phases where every phase
features a predefined task.

The five steps include:

o append padding (adding additional bits to the input) bits

o append the length
o initializing MD buffer
o message processing
o output
 One notable advantage of MD5 is that the protocol allows the generation of a
message digest using the initial message.

Nevertheless, the protocol is relatively slow.

 RSA security:

This standard offers protection against cyber-attacks by detecting and responding

to threats, preventing online fraud, management identification, et al.
Its data encryption is founded on the application of both a public key as well as a
private key.
RSA algorithm generates the two keys simultaneously.
When the computer is running on a secure website, the protocol generates a
public key that is available publicly for data encryption.
On the other hand, the encrypted text is decrypted using the private key. Sender
identification is done with the aid of the public key.  
In conclusion, whether securing your communication information or CVs on your
PC, you should use some form of encryption as a protection tool. This way, your
data is protected, and you will have the convenience when you need to access it.
Acodez is a renowned website development and web design company in India. We
offer all kinds of web design and web development services to our clients using the
latest technologies.

To be conclude, AES, The Advanced Encryption Standard (AES) is the algorithm trusted

as the standard by the U.S. Government and numerous organizations. Although it is
extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy
duty encryption purposes. Compared with Triple DES, it has been proved to be more
than six times faster
4. Assess the costs associated with each encryption option.

File Key
Full Disk Enterpri Deploymen
Product Encrypti Feature Price
Encryption se t
on s

IBM Yes Yes Yes - SaaS/Web/Cl Contact

Guardiu Complianc oud for a
m Data e-ready custom
Encryptio capabilities quote
n -
Tokenizati
on and
data
masking
- Cloud
key
orchestrati
on

AxCrypt No Yes Yes - Secure Software - $9.92/

Premium sharing perpetual month
using license subscripti
public key on
cryptograp
hy
- Secure
file
deletion
- Secure
online
password
storage

VeraCryp No Yes Yes - Partition Open source Free/ope

t encryption freeware n source
- Supports utility
both UEFI download
and MBR
for
Windows

CertainS No Yes Yes - SaaS Contact

afe Authenticat for a
Digital es user to custom
Safety server and quote
Deposit vice versa
Box - Securely
retains
past file
versions

NordLock No Yes Yes - Simple SaaS Contact

 File Key
Full Disk Enterpri Deploymen
Product Encrypti Feature Price
Encryption se t
on s

er drag-and- for a
drop UI custom
- quote
Encrypted
files can
be viewed
through
app
without
encrypting

Kruptos 2 No Yes No - Seamless Software $39.95 /

cloud client one-time
encryption purchase
- Data
shredding
- Inbuilt
secure
note editor

Boxcrypt No Yes Yes - SSO Software - Contact

or (single perpetual for a
sign-on) license custom
- User quote
provisionin
g
- Account
capture

7-Zip No Yes No - Open source Free /

Encrypted freeware open
file utility source
compressi download
on
- Fast file
sharing
speeds

Quantum No Yes Yes - Quantum PCIe Price per

Numbers cryptograp distribution chip:
Corp hy chips
QNG2 - Quantum - $1,605 /
tunneling PCIe 40
- Quantum Mbps
random - $3,715 /
number PCIe 240
generation Mbps

KETS No Yes Yes - PCIe Contact

Quantum Specialize distribution for a
Key s in chips custom
Distributi securing quote
on data in
transit
 File Key
Full Disk Enterpri Deploymen
Product Encrypti Feature Price
Encryption se t
on s

- Quantum
secured
stored data

5. Document encryption options and costs (as determined from activities 2 – 4), and
forward to the IT manager (your assessor) for decision. Upload the documentation with
your assessment submissions.

Hello Sir (IT manager),

Subject: Document encryption options and cost list.

In the following I have given Document encryption options and cost list. Please lookout
these options and decide an option for our institute. Thank you.

File Key
Full Disk Enterpri Deploymen
Product Encrypti Feature Price
Encryption se t
on s

IBM Yes Yes Yes - SaaS/Web/Cl Contact

Guardiu Complianc oud for a
m Data e-ready custom
Encryptio capabilities quote
n -
Tokenizati
on and
data
masking
- Cloud
key
orchestrati
on

AxCrypt No Yes Yes - Secure Software - $9.92/

Premium sharing perpetual month
using license subscripti
public key on
cryptograp
hy
 File Key
Full Disk Enterpri Deploymen
Product Encrypti Feature Price
Encryption se t
on s

- Secure
file
deletion
- Secure
online
password
storage

VeraCryp No Yes Yes - Partition Open source Free/ope

t encryption freeware n source
- Supports utility
both UEFI download
and MBR
for
Windows

CertainS No Yes Yes - SaaS Contact

afe Authenticat for a
Digital es user to custom
Safety server and quote
Deposit vice versa
Box - Securely
retains
past file
versions

NordLock No Yes Yes - Simple SaaS Contact

er drag-and- for a
drop UI custom
- quote
Encrypted
files can
be viewed
through
app
without
encrypting

Kruptos 2 No Yes No - Seamless Software $39.95 /

cloud client one-time
encryption purchase
- Data
shredding
- Inbuilt
secure
note editor

Boxcrypt No Yes Yes - SSO Software - Contact

or (single perpetual for a
sign-on) license custom
- User quote
provisionin
g
- Account
 File Key
Full Disk Enterpri Deploymen
Product Encrypti Feature Price
Encryption se t
on s

capture

7-Zip No Yes No - Open source Free /

Encrypted freeware open
file utility source
compressi download
on
- Fast file
sharing
speeds

Quantum No Yes Yes - Quantum PCIe Price per

Numbers cryptograp distribution chip:
Corp hy chips
QNG2 - Quantum - $1,605 /
tunneling PCIe 40
- Quantum Mbps
random - $3,715 /
number PCIe 240
generation Mbps

KETS No Yes Yes - PCIe Contact

Quantum Specialize distribution for a
Key s in chips custom
Distributi securing quote
on data in
transit
- Quantum
secured
stored data