Network Security Page 1 of 9

ASIA PACIFIC UNIVERSITY OF TECHNOLOGY & INNOVATION

CT037-3-2-NWS
Network Security
Group Assignment

This assignment contributes 50% of the final marks

Intake : APU2F2008CS, APD2F2008CS, APU2F2008IT(ISS), UC2F2008IT(NC),

UC2F2008IT(ISS), UC2F2008CS, UC2F2008IT(IOT), APU2F2008IT(IOT),
APD2F2008IT(ISS)
Lecturer : Noris binti Ismail
Email : noris.ismail@staffemail.apu.edu.my

LEARNING OUTCOMES:

 CLO2: Propose a network that demonstrates a working IP configuration for an organisation. (A5,
PLO4)

 CLO3: Build a secure network by integrating layer 2 security, layer 3 security, Virtual Private
Network or firewall technologies using appropriate simulation tool. (P3, PLO3)

In-course Assignment Information Assignment

This assignment consists of TWO (2) sections: Section A and Section B. Section A is group that
contributes 20% of total 50% while Section B is the remaining 30%.

Instructions:

This group assignment carries 50% of your total module assessment marks [Group Assignment], with
60% of the total contributed by an individual component and 40% by group components. A group consist
of maximum 4 students. (Minimum 2 students). The total word count of the report should not exceed
5000 words. No marks will be awarded for the entire assignment if any part of it is found to be copied
directly from printed materials or from another group. All submissions should be made on or before the
due date. Any late submissions after the deadline will not be entertained. Zero (0) mark will be awarded
for late submission, unless extenuating circumstances are upheld.

Section A: GROUP COMPONENT (40%)

Scenario:

ALU Sdn. Bhd. is processor manufacturing company based in Penang. Its headquarter office in Penang
consists of 3 departments: Sales, Engineering and Finance. It has a branch company in Bangkok, Thailand
located 250km away from Penang and hosts 150 employees. Only R&D and Delivery departments are
located there. The following topology illustrates the network architecture and topology of the Penang HQ
and its branch in Bangkok for ALU Sdn. Bhd.

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 2 of 9

The Penang HQ has simple network architecture. Clients workstations are connected to an access switch,
distributed switch and the router’s internal interface as shown in figure 1. The firewall’s external interface
connects directly to the internet service provider (ISP) router. The ISP completely manages this router
and the ALU Sdn. Bhd. has no control over it. A third interface on the firewall hosts a demilitarised zone
(DMZ) hosting several servers. These servers include web, email and FTP applications.

a) In a group, design and configure basic network requirements based on network diagram given using
packet tracer. Phase 1 – Presentation – Group Assessment – Week 8 [12 th April 2021 – 16th April
2021]

Figure 1: ALU Sdn. Bhd Network Layout

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 3 of 9

Section B: INDIVIDUAL COMPONENT (60%)

a) The goal is to protect the internal and DMZ hosts from external threats. As a network security
specialist, each of you are required to provide a security solution for Penang HQ and Bangkok Branch
office.

There are some requirements in the above scenario that must be considered in this security design.

1. Client workstations (sales, engineering, finance, R&D and delivery) must be able to access the
web server at the DMZ over HTTP and HTTPS. The web server should be reachable from the
external clients over HTTP and HTTPS only. (Solution and configuration)

2. Clients should also be able to put and get files via FTP to the same server. The company requires
implementing FTP with user and password is essential for each transaction. (Solution and
configuration.)

3. Engineering, finance and sales workstations must be able to access the Internet (to reach the
branch company) over ICMP, HTTP and HTTPS with DNS. No other protocol access is allowed
to the Internet. (Solution and configuration.)

4. Client workstations must be able to check their e-mail on the e-mail server at the DMZ. (Solution
and configuration.)

5. The e-mail server should be able to receive e-mail from external hosts over the simple mail
transfer protocol (SMTP). (Solution.).

6. VLAN technology is mandatory to be implemented in all sub networks. Management and Native
VLAN are required for deployment. Implement secured VLAN is mandatory. (Solution and
configuration.)

7. No client from sales, engineering and finance department can access clients in the other
departments. (Solution and configuration.)

8. Explain any THREE types of layer two attacks. Implement layer two securities as a requirement
in the company LAN. (Solution and configuration.)

9. Bastion host works as an application proxy. You are required to explain the solution in detail.
(Configuration is not required.).

10. Connectivity between HQ in Penang and branch office in Bangkok is a requirement. What is the
best solution? Elaborate on the solution. (Configuration is not required).

11. Data transmitted over the network must be kept disguised and only intended recipient can read it.
Hackers are unable to understand the content even they can wiretap the communication. (Solution
on the techniques, no configuration is required)

12. The company requires implementing intrusion detection systems (IDS). (No Configuration is
required.)

13. Implement VPN between Penang and Bangkok network. (Configuration is required.)

14. Implement SSL encryption between Penang and Bangkok. (Solution).

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 4 of 9

b) Presentation on the proposed solution. Students must demonstrate their project using packet tracer to
show all the requirements are fulfilled. Phase 2 – Presentation – Individual Assessment – Week 13
[17th May 2021 – 21st May 2021]

Note: The “solution” in the parenthesis means that, you have to recommend, what should be done in order
to fulfil the company’s requirement. In this case, you do not have to configure any of the device(s) in the
topology. The “configuration” in the parenthesis means that, in addition to the solution that you provide,
you have to implement it by configuring the appropriate device with commands and setups.

Guidelines for the Report:

Document the results of your work in a professional and systematic manner, in the form of a
computerized report. One (1) softcopy of your documentation is to be submitted.

Your completed documentation should meet the following requirements:

1. Table of contents for every detailed chapter/section.

2. Detailed Work Breakdown Structure. Contribution of each member.
3. Introduction
4. Topology of the network diagram – screen shots and explanations
5. Chapters / sections with screen shots for evidence
6. Recommendations – Minimum of 3 recommendations
7. Documentation of the configured device(s) – Passwords and etc.
8. Conclusion
9. Appendices
10. Bibliography or References

In your document the report is to be written in a professional manner, paying due regard to the following
aspects:
 The report is to be written in the 3rd person.
 The report should have a consistent layout and be divided into enumerated sections, sub-sections,
sub-sub sections etc.
 The report should be fully referenced using the University standard.
 Your report must be typed using Microsoft Word with Times New Roman font and size 12. Expected
length is 5,000 words (excluding diagrams, appendixes, and references). You need use to include a
word count at the end of the report and it should be in 1.5 spaces.
 Submission of reports that are unprofessional in its outlook (dirty, disorganised, inconsistent look,
varying coloured paper and size) will not fare well when marks are allocated.
 Ensure that the report is printed on standard A4 (210 X 297 mm) sized paper.
 The report should have a one (1”) margin all around the page as illustrated below:

1 inch 1 inch
1 inch

1 inch

The Typed Text

1 inch

1 inch

1 inch 1 inch

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 5 of 9

 Every report must have a front cover. A transparent plastic sheet can be placed in front of the report
to protect the front cover. The front cover should have the following details:

o Name
o Intake code.
o Subject.
o Project Title.
o Date Assigned (the date the report was handed out).
o Date Completed (the date the report is due to be handed in).

Submission requirements

An online submission through Moodle is required for this module for both individual and group sections.
The total word count of the main body of the document (excluding title & contents pages) is to be in the
region of 5000 words. Submission of report Week 12 [15th May 2021]

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 6 of 9

Assessment Criteria:

Individual:

PLO3 Practical skills

Marking Criteria Marks Student 1 Student 2 Student 3

Switch configuration 10

Router 10
Configuration

VPN configuration 15

ACL 15

Presentation 10

Total Marks 60

Group:

PLO4 Interpersonal skills

Marking Criteria Marks Marks Awarded

Leadership and 5
Teamwork

Workload Distribution 5

Network Design 15

IP Configuration 15

Total Marks 40

Level 2 Asia Pacific University of Technology and Innovation

 Network Security Page 7 of 9

Marking Scheme Rubrics: Individual Part – 60%

Marking 1 2 3 4 5
Criteria (Fail) (Marginal Fail) (Pass) (Credit) (Distinction) Weightage

Switch Switch Switch Switch Outstanding Outstanding

configuration. configuration configuration configuration switch switch
(10%) done but not that fulfills that fulfills the configuration configuration
fulfill the basic basic that fulfills with extra 2
requirements requirements requirements. the security
and with but with requirements. configuration
major issues. minor issue. done.
Router Router Router Router Outstanding Outstanding
Configuration. configuration configuration configuration router router
Weightage. that partially that fulfills that fulfills the configuration configuration
(10%) fulfill the the basic basic that fulfills with extra
2
basic requirements requirements. the security
requirements but with requirements. configuration
but with minor issue. done.
major issues.
VPN No VPN VPN Outstanding Outstanding
configuration. configuration configured configuration VPN VPN
(15%) done for but not that fulfills the configuration configuration
VPN but has working basic that fulfills with extra 3
provided perfectly. requirements. the security
write up on requirements. configuration
VPN. done.
ACL. No ACL ACL Outstanding Outstanding
(15%) configuration configured configuration ACL ACL
done for but not that fulfills the configuration configuration
ACL but has working basic that fulfills with extra
provided perfectly. requirements. the security 3
writeup on requirements. configuration
the ACL. done and
detailed
explanation.

Level 2 Asia Pacific University of Technology and Innovation

 Network Security Page 8 of 9

Presentati Does not show Demonstrate Demonstrate Always Outstanding

on: Q & A understanding dependency tendency to demonstrate a presentation
(10%) on what being on others dependent on self-reliant with good
doing. Unable guidance others attitude in all understanding
to answer any during guidance situation during in all areas
question presentation. during presentation. and able to
independently. Unable to presentation. Voice is clear answer all the
answer any Able to and loud. Able questions 2
question answer to answer all perfectly.
independently. question but the questions
failed to without
produce referring to
confirmed notes.
answers.

Total Marks (Criteria 1): /60

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 9 of 9

Marking Scheme Rubrics: Group Part – 40%

Marking 1 2 3 4 5
Criteria (Fail) (Marginal Fail) (Pass) (Credit) (Distinction) Weightage

Leadership Poor Acceptable Moderate Good leadership Outstanding

(5%) leadership and leadership leadership and and teamwork leadership and
1
teamwork and teamwork teamwork
teamwork
Task Imbalance Imbalance Fair distribution Fair distribution Balance
distributed distribution of distribution of tasks among of tasks among distribution of
equally and tasks among of tasks the team the team tasks among the
appropriate the team among the members. members. team members.
security members. No team Acceptable Acceptable Accurate
technologie discussion on members. technologies technologies technologies
1
s chosen technologies Inaccurate chosen with chosen and chosen.
(5%) chosen technologies brief detail Detail
chosen with explanation explanation explanation
very brief provided provided. provided
explanation
provided
Design All Network Network design Network design Outstanding
follows the submission design and and configuration.
requiremen requirements follows the configurations configurations All requirements
ts and good were not requirements follow the follow exactly fulfil with extra
integration adhered or but with requirements but the configuration
(15%) poor writing some missing with some requirements. implemented.
or poor quality parts. missing parts. No missing part. Fully integrated
of contents. Partially Fully integrated Fully integrated and 3
No integration integrated but and configuration is
of the tasks and not all not all the configuration is working well.
given. the configurations working well.
configuration are working
s are working after integration.
after
integration.
IP Poor Acceptable Moderate Good addressing Outstanding
configurati addressing addressing addressing table table provided addressing table
ons. table provided table provided with with good provided with
(15%) but provided good configuration outstanding 3
configuration with basic configuration done. configuration
done with configuration done, done.
major issue. .

Total Marks (Criteria 2): /40

Level 2 Asia Pacific University of Technology and Innovation