PORTFOLIO

Student Version

ICTCYS612
Design and implement virtualised cyber
security infrastructure for organisations
CONTENTS
Section 1: Virtualised cyber security infrastructure 5
Section 2: Implementation and testing 11

ICTCYS612 Design and implement virtualised cyber security infrastructure | 2

Student name: Chalana Jayawickrama GT07062

Assessor: Harika

Date: 24/05/2023

Organisations this RGIT & Jonathan’s Graphic Design

assessment is based on:

ICTCYS612 Design and implement virtualised cyber security infrastructure | 3

Section 1: Virtualised cyber security infrastructure
Complete this section for each organisation.
Organisation 1

Organisation operations Based on the information provided, Jonathan's Graphic Design

is a graphic design company that requires a virtual machine to
Provide an analysis of your chosen
run both Windows and Mac OS X. The company wants to make
organisation’s operations.
sure that the virtual machine is safe because it is worried about
Describe the cyber security needs cyber security. On its system, the company keeps a customer
the organisation has based on their database but does not keep bank information. Xero is the
operations. accounting software used, and OneDrive is where files related
to graphic design are kept. As the sole proprietor of the
business, only one user can set the security levels. Through
service providers like Xero and OneDrive, the company uses
network servers that are essential to the mission. The safe limit
prerequisites are that the organization should control the
information and result of the advanced domain.
First and foremost, since the business maintains a customer
database on its system, it is essential to safeguard this
information against unauthorized access, theft, or breach. To
detect and thwart any attempts to compromise the data, robust
access controls, encryption, and user activity monitoring must
be implemented.

Second, the company runs two operating systems on a virtual

machine, which can make it more vulnerable to cyberattacks if it
is not properly protected. To reduce the likelihood of malware or
other cyber threats infecting the system, the virtual machine
needs to be set up with appropriate security settings, such as
firewalls, antivirus software, and intrusion detection and
prevention systems.

Thirdly, as the business uses Xero for accounting and OneDrive

for storing graphic design files, it is critical to ensure that these
third-party service providers have robust security measures in
place to safeguard the company's data. This incorporates
elements, for example, encryption, access controls, and
reinforcement and recuperation choices.

Last but not least, given that the sole user in the company is the
owner of the business, it is essential to ensure that the account
of this user is secured using strong passwords and two-factor
authentication to prevent unauthorized access to the system.
Also, ordinary security preparing and mindfulness ought to be
given to the client to guarantee they know about normal digital

ICTCYS612 Design and implement virtualised cyber security infrastructure | 4

 dangers and how to forestall them.

Network security options and Virtual private network (VPN): A VPN can be used to connect
technologies the company's virtual machines to the internet in a safe and
encrypted way. This makes it safe for remote access and keeps
Based on the organisation’s cyber
people from getting into the network without permission.
security needs, identify and
describe network security options,
as well as suitable security
Firewall - A firewall can be carried out to screen and control
technologies. Remember that these
network traffic to and from the virtual machines. This can assist
must relate to virtualised cyber
in preventing unauthorized access, malicious traffic, and
security infrastructures.
cyberattacks.
Include at least two options for
Antivirus programming - Antivirus programming can be utilized
network security and two security
to identify and eliminate malware from the virtual machines.
technologies.
This may entail identifying and removing infected files, blocking
harmful websites, and scanning files for viruses.
Two-factor authentication: Two-factor authentication requires
users to provide a second form of identification, such as a code
or fingerprint, in addition to their password in order to add an
additional layer of security to user accounts. This can assist
with forestalling unapproved admittance to the virtual machines.

Requirements The customer database on the system, accounting data in Xero,

and graphic design files on OneDrive are all data types that
Describe the data types to be
Jonathan's Graphic Design must safeguard. Even though the
protected, security levels required
bank information is not included in the customer database, it still
and secure boundary requirements.
contains personal and sensitive information that must be
Further, describe the mission- protected.
critical network servers that are
part of the infrastructure.
Needed levels of security:
As Jonathan's Visual Computerization is a solitary proprietor
business, the security levels required will be set to an alone
client. However, to prevent unauthorized access, this user must
use strong passwords and two-factor authentication. In addition,
access controls must be implemented to guarantee that the
system and data are accessible only to authorized personnel.
Encryption should be utilized to safeguard delicate information
on the way and very still, and regular checking and evaluating
of the framework should be finished to distinguish any security
breaks.

Make sure there are boundaries:

In order to control the digital estate's input and output,
Jonathan's Graphic Design must ensure that it has a secure
boundary. This incorporates carrying out firewalls, access

ICTCYS612 Design and implement virtualised cyber security infrastructure | 5

 controls, and interruption location and anticipation frameworks
to forestall unapproved admittance to the organization.
Moreover, customary security updates and fixes should be
applied to keep the framework secure and state-of-the-art.

Servers in the network that are absolutely necessary:

Jonathan's Graphic Design uses third-party service providers
like Xero and OneDrive for its mission-critical network servers.
To keep the company's data and systems safe and accessible,
these servers need to be highly available and secure. In order
to prevent data loss and ensure business continuity, the servers
need to have robust access controls, encryption, and backup
and recovery options. Customary checking and evaluating of
the servers should be finished to recognize any security breaks,
and fitting measures should be taken to moderate any dangers.

Infrastructure design Here is a design proposal for a virtualized cybersecurity

infrastructure based on Jonathan's needs and
Provide your design for the
requirements:
virtualised cyber security
infrastructure. You can include this
as a screenshot and attach it to
1. Hardware:
your Portfolio.
- Elite execution PC with adequate computer
processor, Slam, and capacity to help virtualization.
- Additional backup storage for routine backups of
important data and virtual machines.

2. Hypervisor:
- On the host machine, install a hypervisor software
that is dependable and secure, such as Microsoft
Hyper-V or VMware ESXi.
- Set the hypervisor up so that the virtual machines
can effectively divide up the resources.

3. Hardware replicas:
- Make two virtual machines, one running Macintosh
operating system and the other running Windows
operating system, to meet the prerequisite of running
both working frameworks all the while.
- Designate suitable assets to each virtual machine in
view of their framework prerequisites.

4. Networking:

ICTCYS612 Design and implement virtualised cyber security infrastructure | 6

 - Establish a secure connection between the host
machine and the virtual machines by implementing a
virtual network infrastructure.
- Set up network segmentation to prevent
unauthorized access between the virtual machines and
isolate them.
- Use VLANs (Virtual Neighbourhood) to isolate
various kinds of traffic, like administration, client
information, and reinforcements.

5. Security measures include:

- Execute a vigorous firewall arrangement as a virtual
machine to control inbound and outbound traffic
between the virtual machines and the outer
organization.
- To keep an eye on and prevent potential security
risks, install intrusion detection and prevention systems
(IDPS) on the virtual network.
- Enable the capabilities of logging and monitoring to
track the activities of the network and discover any
anomalies or security incidents.
- For safe remote access to the virtual machines, set
up a virtual private network (VPN).
- To guarantee the safety of each virtual machine,
install antivirus and antimalware software as part of
endpoint protection.
- Install the most recent security patches and updates
on the virtualization software, hypervisor, and virtual
machines on a regular basis.

Implementation plan
Provide your implementation plan 1. Define the phases of implementation:
for your design. Make sure you
- Phase 1: Foundation Arrangement and Setup
plan includes:
- Stage 2:
Actions for implementation
including network boundaries and Phase 3 of the configuration of the network and security:
technologies that will be used. Phase 4: Configuration and creation of virtual machines
responsibilities and timelines. Phase 5: Data Protection and Backup Setup: Configuration of
User Access and Authentication –
Phase 6: 2. Continuous Maintenance and Control

ICTCYS612 Design and implement virtualised cyber security infrastructure | 7

Phase 1: Configuration and setup of the infrastructure
(Timeline: 2 days)
- Obtain or design an elite exhibition PC with reasonable
equipment details.
- On the host machine, install and set up the chosen
hypervisor software, such as Microsoft Hyper-V or VMware
ESXi.
- Set up extra reinforcement stockpiling for customary
reinforcements.

3. Phase 2: Organization and Security Setup (Course of events:

3 days) - Set up the infrastructure of the virtual network,
including VLANs and network segmentation.
- Set up a virtual firewall machine to control inbound and
outbound traffic.
- Convey interruption location and avoidance frameworks
(IDPS) to screen and forestall security dangers.
- Configure capabilities for logging and monitoring to monitor
network activities.
- Set up a secure method for remote access, like a virtual
private network (VPN).

4. Phase 3: Virtual Machine Creation and Design (Timetable: 2)

Establish two virtual machines, one running Windows and the
other the Mac OS.
- Give each virtual machine the appropriate resources (CPU,
RAM, and storage).
- Configure the system's settings and install the necessary
operating systems.
- On each virtual machine, set up and install endpoint security
software (antivirus, antimalware).

5. Phase 4: Setup for Data Backup and Protection (Timeline: 2

days)
- Execute encryption for delicate information, both very still
and during transmission.
- Make regular backups of important data and virtual
machines.
- For safe storage, configure off-site or backup storage.
- Establish backup schedules and policies for data retention.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 8

 6. Phase 5: Configuration of User Access and Authentication
(Timeline: 1 day): Create individual user accounts for each
employee with the necessary access rights.
- Use robust authentication techniques like two-factor
authentication.
- Authorize solid secret word arrangements and ordinary
secret phrase refreshes.
- Characterize client access privileges in light of occupation
jobs and obligations.

7. Phase 6: Progressing Checking and Upkeep (Continuous)

- Routinely update virtualization programming, hypervisor, and
virtual machines with the most recent security fixes and
updates.
- Conduct security audits on a regular basis to find security
holes and ensure compliance.
- Screen network exercises and survey logs for potential
security episodes.
- Apply necessary updates and patches while remaining
informed about cybersecurity trends and best practices.

Responsibilities:
- IT Staff: The virtualized infrastructure's configuration and
overall implementation
- Network Chairman: VPN setup, VLAN configuration, firewall
configuration, and network configuration.
- Framework Manager: Installation of the hypervisor, creation
of virtual machines, and configuration of endpoint security
- Analyst in Security: Configuration for IDPS deployment,
logging, and monitoring.
- Administrator of Backup: Reinforcement arrangement,
encryption, and information maintenance strategy execution.
- Security Manager/IT Manager: Security audits,
authentication configuration, and user access management

Network security monitoring

strategy
1. Systems for Intrusion Detection and Prevention (IDPS):
Describe the strategy that will be
- Use IDPS solutions to look for possible intrusions and
used for monitoring the network
suspicious activity in the network traffic.
security.
- Discover well-established attack patterns by utilizing

ICTCYS612 Design and implement virtualised cyber security infrastructure | 9

signature-based detection.
- Carry out conduct-based discovery to recognize irregularities
in network conduct.
- Set up constant alarms and notices for guaranteed reaction
to potential security episodes.

2. Log Observing and Investigation:

- On servers, virtual machines, and network devices, enable
logging capabilities.
- Utilize a security information and event management (SIEM)
system to collect and centralize logs.
- Routinely survey and investigate logs for strange or dubious
exercises.
- Look for potential security incidents by using log correlation
and analysis methods.

3. Monitoring of network activity:

Utilize network monitoring tools to keep an eye on both
inbound and outbound network traffic.
- Look at the patterns of traffic on the network to find oddities
or indications of bad behaviour.
- Use interruption discovery frameworks (IDS) or interruption
avoidance frameworks (IPS) to recognize and impede dubious
organization traffic.
- Keep an eye on services and ports on the network to make
sure they are safe and can't be used.

4. Scan for Vulnerabilities:

- Direct normal weakness filters utilizing respectable
weakness checking instruments.
- Identify potential flaws in virtual machines, servers, and
network devices.
- Prioritize the vulnerabilities that have been found and fix
them to prevent exploitation.

5. Monitoring and Protection of Endpoints:

- Convey endpoint insurance arrangements (antivirus,
antimalware) on all gadgets inside the organization.
- Look for signs of compromise or malicious activity by

ICTCYS612 Design and implement virtualised cyber security infrastructure | 10

 monitoring the activities and behaviours of endpoints.
- In order to identify and respond to threats at the endpoint
level, implement host-based intrusion detection systems
(HIDS).

Tools
Outline the tools that you will use to 1. Virtualization Stage:
implement the infrastructure.
- Hyper-V from Microsoft or VMware ESXi: Virtual machines
Explain how you will obtain access
that run both Windows and Mac OS X simultaneously can be
to the network and data you need.
created and managed using these hypervisor platforms.

2. Security of the Network and Firewall:

- Appliances for the Next-Generation Firewall (NGFW):
Firewalls from Palo Alto Networks, Cisco ASA, or Fortinet
FortiGate can be used to manage both inbound and outbound
traffic, implement network segmentation, and offer intrusion
prevention capabilities.
- Interruption Discovery and Counteraction Frameworks
(IDPS): Network traffic can be monitored, suspicious activities
can be detected, and potential intrusions can be prevented
using tools like Suricata or Snort.
Tools for Monitoring the Network: Arrangements like PRTG,
SolarWinds Organization Execution Screen, or Nagios can be
utilized to screen network traffic, recognize irregularities, and
produce alarms for network occasions.

3. Log The board and SIEM:

- The Solution for SIEM (Security Information and Event
Management): Real-time event correlation and monitoring
capabilities are provided by Splunk, IBM QRadar, and
LogRhythm, among others, which can be used to collect, store,
and analyze logs from a variety of sources.

4. Weakness Examining:
- OpenVAS, Nessus, or Qualys: These apparatuses are
ordinarily utilized for weakness checking and distinguishing
potential security shortcomings in network gadgets, servers,
and virtual machines.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 11

 5. Security for Endpoints:
- Software to combat malware and viruses: Arrangements like
Symantec Endpoint Assurance, McAfee Endpoint Security, or
Microsoft Safeguard can be conveyed to shield endpoints from
malware and other security dangers.

Presentation Attached.
Include the title of your
presentation here and attach it to
your Portfolio.

Feedback
Document the feedback you
received from the presentation
regarding your design.

Describe your response to this

feedback and adjustments you will
make.

Attach: Screenshots ☐

Presentation ☐

ICTCYS612 Design and implement virtualised cyber security infrastructure | 12

Organisation 2

Organisation operations
Provide an analysis of your chosen 1. System for Student Management (RTO Manager):
organisation’s operations.
The college's student management system is managed by an
Describe the cyber security needs RTO (Registered Training Organization) Manager. This
the organisation has based on their framework contains individual data, scholarly records, and
operations. enlistment documentation of understudies. This system requires
the following for cyber security:

- Access Control: Executing a staggered security mode to

guarantee that everybody has consent to get to the situation
however unambiguous access freedoms for explicit information
are required. This guarantees that main approved staff can see
and adjust delicate understudy information.

- Encryption of Data: Encrypting student data to keep it

confidential even if it is intercepted and prevent unauthorized
access.

- Normal Reinforcements: putting in place a robust backup

system to guarantee the integrity and availability of student data
in the event of system failure or data loss.

2. Bookkeeping Framework (Xero):

RGIT College's accounting system, Xero, handles financial
transactions, budgeting, and payroll, among other things. This
system requires the following for cyber security:

- Trustworthy Authentication: putting strong authentication

mechanisms in place, like multi-factor authentication, to stop
people from getting to financial data without permission.

- Audit Records: Keeping an eye on and recording all activities

that occur within the accounting system in order to identify any
actions that are either unauthorized or suspicious.

- Data Security: utilizing access controls and data encryption to

safeguard financial data from unauthorized disclosure or
modification.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 13

3. Documentation for the Operations and Staff:
Staff files at the college contain sensitive information about its
employees as well as operational records regarding various
aspects of its operations. These files require the following for
cyber security:

- Access Controls: putting in place access controls to ensure

that only authorized individuals have access to and can modify
operational documentation and staff files.

- Secure Capacity: storing operational documentation and staff

files in encrypted, secure repositories to prevent data breaches
and unauthorized access.

- Information Arrangement: Applying information grouping to

distinguish and safeguard delicate data suitably, guaranteeing
that entrance privileges are conceded in view of the
responsiveness level of the information.

4. Servers for mission-critical networks:

RGIT College's day-to-day operations are supported by
mission-critical network servers. Applications, databases, and
other services essential to the college's operation may be
housed on these servers. These servers require the following
for cyber security:

- Normal Updates and Fixing: Guaranteeing that the servers are

instantly refreshed with the most recent security patches to
address weaknesses and safeguard against known takes
advantage of.

- Prevention and detection of intrusions: putting in place robust

intrusion detection and prevention systems to watch the traffic
on the network and look for any malicious activities or attempts
to hack servers.

- Planning for Disaster Recovery: Laying out far reaching

debacle recuperation intends to guarantee the accessibility and
progression of strategic administrations in the event of
framework disappointments, cataclysmic events, or digital
assaults.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 14

 5. Requirements for a Secure Boundary:
Controlling the digital estate's inputs and outputs, RGIT College
must communicate with external service providers like RTO
Manager, Xero, and OneDrive. In order to maintain a secure
boundary, cyber security requirements include:

- Secure Organization Design: Controlling inbound and

outbound network traffic and preventing unauthorized access by
putting in place firewalls, network segmentation, and other
network security measures

- Confidential Communication: Using scrambled

correspondence conventions (e.g., HTTPS, VPN) for sending
information between the school's frameworks and outer
specialist organizations to safeguard against capture attempt
and unapproved access.

- Regular Audits and Monitoring: Keeping an eye on the activity

on the network and carrying out routine security audits to spot
and address any potential security flaws

Network security options and Two network security options and two security technologies that
technologies are appropriate for virtualized cyber security infrastructures are
as follows:
Based on the organisation’s cyber
security needs, identify and
describe network security options,
Options for Network Security:
as well as suitable security
technologies. Remember that these
must relate to virtualised cyber 1. Private Virtual Network (VPN):
security infrastructures.
A VPN makes a protected and encoded association between
Include at least two options for the association's organization and distant clients or outer
network security and two security specialist co-ops. By establishing a secure tunnel, it ensures the
technologies. confidentiality and integrity of data transmitted over the network.
By utilizing a VPN, RGIT School can protect its correspondence
with outer specialist co-ops like RTO Supervisor, Xero, and
OneDrive. This helps shield sensitive data from unauthorized
access and interceptions.

2. Interruption Discovery Framework/Interruption Counteraction

Framework (IDS/IPS):
An IDS/IPS is a network security solution that looks for
suspicious or malicious activity in network traffic. In real time, it

ICTCYS612 Design and implement virtualised cyber security infrastructure | 15

detects and alerts on potential threats or attacks. An IDS
latently screens the organization, while an IPS effectively
obstructs or mitigates recognized dangers. The security and
integrity of RGIT College's network infrastructure can be
ensured by implementing an IDS/IPS, which can detect and
prevent malware infections, unauthorized access attempts, and
other network-based attacks.

Security Innovations:

1. Firewall:
The incoming and outgoing network traffic is controlled by a
firewall, which acts as a barrier between the internal network
and external networks based on security rules. Based on
parameters like the source IP, destination IP, ports, and
protocols, it filters traffic. By sending a firewall, RGIT School
can uphold network security strategies, confine unapproved
admittance to its organization, and keep pernicious traffic from
arriving at its inside frameworks.

2. Endpoint Security with Virtualization in Mind:

Endpoint security solutions that are aware of virtualization are
made specifically for virtualized environments. They offer
security features that are tailored to the particular features and
difficulties of virtualized infrastructure. Agentless or lightweight
agent-based security mechanisms are provided by these
solutions, which can be incorporated into the virtualization
platform. Endpoint security that is aware of virtualization keeps
malware out of virtual machines (VMs), monitors VM behaviour,
and enforces security policies in the virtualized environment. In
the virtualized infrastructure of RGIT College, it ensures the
safety and integrity of software testing virtual machines.

RGIT College has the ability to enhance the security of its

virtualized cyber infrastructure by implementing a combination
of these network security options and technologies. The VPN
guarantees secure correspondence with outside specialist
organizations, the IDS/IPS recognizes and forestall network-
based dangers, firewalls control network traffic, and
virtualization-mindful endpoint security safeguards the virtual
machines utilized for testing programming.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 16

Requirements
Describe the data types to be 1. System for Student Management (RTO Manager):
protected, security levels required
This information type incorporates understudy individual data,
and secure boundary requirements.
scholarly records, enlistment documentation, and other delicate
Further, describe the mission- information connected with understudy the executives.
critical network servers that are
part of the infrastructure.
2. Bookkeeping Framework (Xero):
This information type incorporates monetary data, for example,
planning, finance, monetary exchanges, and other classified
monetary information.

3. Staff Documents:
This information type incorporates touchy worker data, including
individual subtleties, business contracts, execution records, and
other staff related information.

4. Documentation for Operations:

Academic, enrolment, and administrative policies and
procedures are among the types of documentation included in
this data type that pertain to the college's operations.

Required levels of security:

To ensure that everyone has access to the systems, a

multilevel security mode is required, as well as data-specific
access rights. This indicates that, although all authorized users
will have general access to the systems, access to specific data
within those systems will be restricted according to user roles
and responsibilities. The following levels of security are
required:

1. Framework level Security: This entails protecting the entire

infrastructure, which includes the servers, network devices,
virtual machines, and data centers where the systems are
hosted.

2. Control of Access: restricting data access based on user

roles and permissions by implementing access controls.
Various degrees of access will be expected for understudy
information, monetary information, staff records, and functional
documentation.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 17

3. Encryption of Data: Scrambling delicate information to
safeguard it from unapproved access and guarantee its
classification, both very still and on the way.

4. Classification of Data: putting data into groups according to

how sensitive they are and taking the necessary security
precautions. This guarantees that controls and access rights
are appropriate for the sensitive nature of the data.

Requirements for a Secure Boundary:

To keep a safe limit, the association needs to control the

information sources and results of its computerized home. This
entails:

1. Network Security: Controlling inbound and outbound network

traffic, preventing unauthorized access, and preventing
malicious activities by putting in place firewalls, intrusion
detection and prevention systems, and other network security
measures.

2. Secure Interaction: transferring data between the college's

systems and external service providers by employing secure
communication protocols like VPNs and encryption. This
prevents unauthorized interceptions and ensures that data is
protected throughout transmission.

3. Management of Vendors: collaborating with external service

providers to establish secure boundary requirements, such as
RTO Manager, Xero, and OneDrive. This incorporates
guaranteeing that these suppliers stick to vital security
principles and conventions to safeguard the information they
handle.

Crucial Organization Servers:

The mission-critical network servers support day-to-day

operations and are essential infrastructure components.
Although specific information about these servers is not
provided, common features include:

ICTCYS612 Design and implement virtualised cyber security infrastructure | 18

 1. Software Servers: The accounting system, student
management system, and other academic and administrative
software are all hosted on these servers, which are essential to
the college's operations.

2. Servers for databases: Data used by various systems, such

as financial, operational, and student data, are stored and
managed on these servers.

3. Servers of files: These servers store and oversee records

connected with various parts of the school's tasks, like
scholastic documentation, enlistment documentation, and staff
records.

4. The web servers: The college's website is hosted on these

servers, which also give students, faculty, and other outside
parties access to online services and resources.

As crucial parts, these servers require hearty safety efforts,

including ordinary updates and fixing, interruption discovery and
anticipation frameworks, access controls, and debacle
recuperation intending to guarantee their accessibility,
respectability, and security against digital dangers.

Infrastructure design 1. Network Foundation:

Provide your design for the - Virtual Confidential Organization (VPN): Use a virtual private
virtualised cyber security network (VPN) to create encrypted and safe communication
infrastructure. You can include this channels between the network at RGIT College and third-party
as a screenshot and attach it to service providers.
your Portfolio.
- Barrier: Firewalls can be installed at the perimeter of the
network to regulate both inbound and outbound traffic, enforce
security policies, and guard against unauthorized access.
- System for Detecting and Preventing Intrusions (IDS/IPS):
Install IDS/IPS systems to keep an eye on traffic on the network
and spot and stop network-based attacks and suspicious
behavior.

2. Platform for Virtualization:

- The Hypervisor Use a solid and secure hypervisor to oversee
and run virtual machines (VMs) inside the framework.
Endpoint security that is aware of virtualization: In order to
guard virtual machines (VMs) from malware, keep an eye on

ICTCYS612 Design and implement virtualised cyber security infrastructure | 19

their actions, and enforce security policies, you should
implement endpoint security solutions made for virtualized
environments.

3. Virtual Machine Security:

- Security Measures: Virtual machines should be subjected to
granular access controls to ensure that only authorized
personnel can access and modify them.
- Encryption of Data: Secure confidentiality of sensitive data
while it is in transit and at rest by encrypting it within virtual
machines.
- Fix The board: To address vulnerabilities and safeguard
against known exploits, regularly patch and update virtual
machines with the most recent security updates.
- Monitoring and Auditing: In order to identify and respond to
any security incidents or suspicious activities, implement
logging and monitoring systems within virtual machines.

4. Data security:
- Information Grouping: Characterize information in light of its
responsiveness level and execute suitable security controls and
access privileges.
- Reinforcement and Fiasco Recuperation: Lay out a hearty
reinforcement framework to consistently reinforcement basic
information and guarantee its accessibility if there should be an
occurrence of framework disappointments or information
misfortune episodes.
- Security: Secure sensitive data from unauthorized access by
encrypting it while in transit and at rest.

5. Secure Limit:
- Safe Means of Communication: When transmitting data
between RGIT College's systems and external service
providers, secure communication protocols like HTTPS, VPN,
or encrypted connections are used.
- Seller Security Evaluations: Routinely evaluate the safety
efforts and conventions of outside specialist co-ops,
guaranteeing that they stick to essential security principles and
safeguard the information they handle.

Please be aware that this is only a general overview; the actual

design may vary based on RGIT College's chosen technology

ICTCYS612 Design and implement virtualised cyber security infrastructure | 20

 stack, budget, and specific requirements. It's prescribed to talk
with online protection experts and IT specialists to fit the
foundation plan to the association's requirements.

Implementation plan Implementation Plan for Virtualized Cyber Security

Infrastructure:
Provide your implementation plan
for your design. Make sure you
plan includes:
1. Network Infrastructure Implementation:
Actions for implementation
- Action: Configure and deploy Virtual Private Network (VPN)
including network boundaries and
solution.
technologies that will be used.
- Responsibility: Network and Security Team.
responsibilities and timelines.
- Timeline: 1 week.

- Action: Deploy firewalls at the network perimeter and configure

security policies.
- Responsibility: Network and Security Team.
- Timeline: 2 weeks.

- Action: Install and configure Intrusion Detection and

Prevention System (IDS/IPS).
- Responsibility: Network and Security Team.
- Timeline: 1 week.

2. Virtualization Platform Implementation:

- Action: Install and configure a reliable and secure hypervisor.
- Responsibility: Infrastructure Team.
- Timeline: 1 week.

- Action: Integrate virtualization-aware endpoint security solution

into the hypervisor.
- Responsibility: Infrastructure and Security Teams.
- Timeline: 2 weeks.

3. Virtual Machine Security Implementation:

- Action: Define and enforce access controls for virtual
machines.
- Responsibility: Security Team.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 21

- Timeline: 2 weeks.

- Action: Implement data encryption mechanisms within virtual

machines.
- Responsibility: Security and Infrastructure Teams.
- Timeline: 2 weeks.

- Action: Establish patch management processes for virtual

machines.
- Responsibility: Infrastructure Team.
- Timeline: Ongoing - regular patching.

- Action: Set up auditing and monitoring systems within virtual

machines.
- Responsibility: Security Team.
- Timeline: Ongoing - continuous monitoring.

4. Data Protection Implementation:

- Action: Classify data based on sensitivity and implement
appropriate security controls.
- Responsibility: Security Team.
- Timeline: 2 weeks.

- Action: Implement a robust backup and disaster recovery

system.
- Responsibility: Infrastructure Team.
- Timeline: Ongoing - regular backups and testing.

- Action: Enable data encryption at rest and in transit.

- Responsibility: Security and Infrastructure Teams.
- Timeline: 1 week.

5. Secure Boundary Implementation:

- Action: Configure secure communication channels using
HTTPS, VPN, and encrypted connections.
- Responsibility: Network and Security Teams.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 22

 - Timeline: 1 week.

- Action: Conduct regular security assessments of external

service providers.
- Responsibility: Security Team.
- Timeline: Ongoing - periodic assessments.

Network security monitoring 1. Network Foundation:

strategy
- Virtual Confidential Organization (VPN): Use a virtual private
Describe the strategy that will be network (VPN) to create encrypted and safe communication
used for monitoring the network channels between the network at RGIT College and third-party
security. service providers.
- Barrier: Firewalls can be installed at the perimeter of the
network to regulate both inbound and outbound traffic, enforce
security policies, and guard against unauthorized access.
- System for Detecting and Preventing Intrusions (IDS/IPS):
Install IDS/IPS systems to keep an eye on traffic on the network
and spot and stop network-based attacks and suspicious
behavior.

2. Platform for Virtualization:

- The Hypervisor Use a solid and secure hypervisor to oversee
and run virtual machines (VMs) inside the framework.
Endpoint security that is aware of virtualization: In order to
guard virtual machines (VMs) from malware, keep an eye on
their actions, and enforce security policies, you should
implement endpoint security solutions made for virtualized
environments.

3. Virtual Machine Security:

- Security Measures: Virtual machines should be subjected to
granular access controls to ensure that only authorized
personnel can access and modify them.
- Encryption of Data: Secure confidentiality of sensitive data
while it is in transit and at rest by encrypting it within virtual
machines.
- Fix The board: To address vulnerabilities and safeguard
against known exploits, regularly patch and update virtual
machines with the most recent security updates.
- Monitoring and Auditing: In order to identify and respond to

ICTCYS612 Design and implement virtualised cyber security infrastructure | 23

 any security incidents or suspicious activities, implement
logging and monitoring systems within virtual machines.

4. Data security:
- Information Grouping: Characterize information in light of its
responsiveness level and execute suitable security controls and
access privileges.
- Reinforcement and Fiasco Recuperation: Lay out a hearty
reinforcement framework to consistently reinforcement basic
information and guarantee its accessibility if there should be an
occurrence of framework disappointments or information
misfortune episodes.
- Security: Secure sensitive data from unauthorized access by
encrypting it while in transit and at rest.

5. Secure Limit:
- Safe Means of Communication: When transmitting data
between RGIT College's systems and external service
providers, secure communication protocols like HTTPS, VPN,
or encrypted connections are used.
- Seller Security Evaluations: Routinely evaluate the safety
efforts and conventions of outside specialist co-ops,
guaranteeing that they stick to essential security principles and
safeguard the information they handle.

Please be aware that this is only a general overview; the actual

design may vary based on RGIT College's chosen technology
stack, budget, and specific requirements. It's prescribed to talk
with online protection experts and IT specialists to fit the
foundation plan to the association's requirements.

Tools To implement the virtualized cyber security infrastructure for

RGIT College, the following tools can be used:
Outline the tools that you will use to
implement the infrastructure.
Explain how you will obtain access
1. Hypervisor: A reliable and secure hypervisor, such as
to the network and data you need.
VMware vSphere or Microsoft Hyper-V, will be utilized to
manage and run virtual machines within the infrastructure.

2. Virtual Private Network (VPN) Solution: A VPN solution, such

as Cisco AnyConnect or OpenVPN, will be deployed to
establish secure and encrypted communication channels
between RGIT College's network and external service
providers.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 24

3. Firewalls: Firewall appliances, such as Cisco ASA or Palo
Alto Networks, will be installed at the network perimeter to
control inbound and outbound traffic, enforcing security policies
and protecting against unauthorized access.

4. Intrusion Detection and Prevention System (IDS/IPS):

IDS/IPS systems like Snort or Suricata will be implemented to
monitor network traffic, detect and prevent network-based
attacks or suspicious activities.

5. Endpoint Security Solutions: Virtualization-aware endpoint

security solutions like VMware Carbon Black or Symantec
Endpoint Protection will be integrated into the hypervisor to
protect virtual machines from malware, monitor behavior, and
enforce security policies.

6. Log Management and SIEM: Log management and Security

Information and Event Management (SIEM) solutions like
Splunk, Elastic Stack (ELK), or IBM QRadar will be used for
collecting, analyzing, and correlating logs from various network
devices and security solutions.

7. Vulnerability Assessment and Scanning: Tools such as

Nessus, Qualys, or OpenVAS will be employed for conducting
regular vulnerability assessments and scans to identify
weaknesses in the network infrastructure.

8. Threat Intelligence Feeds: Subscription-based threat

intelligence feeds from trusted sources like Symantec Threat
Intelligence or Recorded Future will be used to stay updated on
the latest threats and vulnerabilities.

Access to the network and data needed for implementation will

be obtained through the following means:

1. Authorized Personnel: Access to the network infrastructure,

virtual machines, and data will be restricted to authorized
personnel with appropriate roles and permissions. User
accounts will be created, and access rights will be granted
based on the principle of least privilege.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 25

 2. Secure Remote Access: VPN technology will be used to
establish secure remote access to the network and data.
Authorized users will be provided with VPN client software and
secure credentials to connect to the network securely.

3. Role-Based Access Control: Access to specific network

resources, virtual machines, and data will be granted based on
defined roles and responsibilities. Role-based access control
mechanisms will be implemented to ensure appropriate access
rights.

4. Strong Authentication Mechanisms: Two-factor authentication

(2FA) or multi-factor authentication (MFA) will be implemented
to enhance the security of user authentication and prevent
unauthorized access.

5. Network Segmentation: Network segmentation will be

employed to segregate different parts of the network based on
security requirements. This will restrict access to sensitive data
and resources to authorized users only.

Presentation Attached.
Include the title of your
presentation here and attach it to
your Portfolio.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 26

Feedback
Document the feedback you
received from the presentation
regarding your design.
Describe your response to this
feedback and adjustments you will
make.

Attach: Screenshots ☐

Presentation ☐

ICTCYS612 Design and implement virtualised cyber security infrastructure | 27

Section 2: Implementation and testing
Complete this section for each organisation.
Organisation 1

Implementatio
n
You are to
provide
evidence of
the
implementatio
n of your
design. This
should include
screenshots
that show:

 Network
boundari
es
created

 Relevant
technolo
gies
impleme
nted

 Security
levels set

 User
access
set

ICTCYS612 Design and implement virtualised cyber security infrastructure | 28

Testing 1. Test of Ping: Utilize the ping order to test availability and measure reaction times between
gadgets on an organization. This helps find problems with packet loss and network latency.
Run tests on
your network
which will also
2. Traceroute: Traceroute assists in determining the network packets' route from a source to a
demonstrate
destination. It shows the hops and response times of the network, assisting in identifying
how you
potential bottlenecks or routing issues.
monitor the
network.
Describe the 3. Tests of Bandwidth: The available network bandwidth between two endpoints can be
tests you measured using tools like iPerf and Speedtest. This evaluates network execution and
undertook and recognizes any restrictions.
the results.
Provide
screenshots 4. Tools for Network Monitoring: To continuously monitor network devices, traffic, and
of the test performance metrics, use network monitoring tools like Nagios, Zabbix, or SolarWinds. These
results devices give constant alarms, execution reports, and verifiable information for the investigation.
including logs.

5. security tests: To find holes in your applications and network infrastructure, you should
conduct penetration tests and security assessments regularly. Nessus, Nmap, and Wireshark
are some of the tools that can help with these assessments.

6. Log Checking: Utilize a log monitoring system to examine application, server, and network
device logs. This aids in the investigation of security incidents, errors, and anomalies.

7. Analysing Network Traffic: To capture and analyze network packets, use tools like Wireshark
or PRTG for network traffic analysis. Analysis of traffic patterns, performance bottlenecks, and
other network issues can all benefit from this.

User feedback Hi Chalana, For the infrastructure task please create a diagram or pictorial
Document the representation of the infrastructure you propose.
user feedback
from your
assessor.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 29

Adjustments 1. Enhanced Performance: If observing demonstrates execution issues like high dormancy,
bundle misfortune, or transfer speed limitations, changes might incorporate advancing
Based on the
organization arrangements, overhauling equipment or framework, carrying out Nature of
tests you ran;
Administration (QoS) approaches, or burden adjusting procedures.
monitoring
and user
feedback
2. Improvements to security: Security measures like updating firewall rules, patching software
describe the
vulnerabilities, implementing intrusion detection systems (IDS), or enhancing access controls
adjustments
can be strengthened if monitoring or user feedback reveals security flaws or incidents.
you need to
make.
3. Planning for Capacity: Assuming checking distinguishes network blockage or limit limits,
changes might incorporate updating the network foundation, adding extra organization assets,
or reconfiguring network traffic, directing to advance limit and adaptability.

Screenshots ☐

Attach:

ICTCYS612 Design and implement virtualised cyber security infrastructure | 30

Organisation 2

Implementatio
n
You are to
provide
evidence of
the
implementatio
n of your
design. This
should include
screenshots
that show:

 Network
boundari
es
created

 Relevant
technolo
gies
impleme
nted

 Security
levels set

 User
access
set

Testing 1. Test of Ping: Utilize the ping order to test availability and measure reaction times between
gadgets on an organization. This helps find problems with packet loss and network latency.
Run tests on
your network
which will also
2. Traceroute: Traceroute assists in determining the network packets' route from a source to a
demonstrate
destination. It shows the hops and response times of the network, assisting in identifying
how you
potential bottlenecks or routing issues.
monitor the
network.
Describe the 3. Tests of Bandwidth: The available network bandwidth between two endpoints can be
tests you measured using tools like iPerf and Speedtest. This evaluates network execution and
undertook and recognizes any restrictions.
the results.
Provide
screenshots 4. Tools for Network Monitoring: To continuously monitor network devices, traffic, and
of the test performance metrics, use network monitoring tools like Nagios, Zabbix, or SolarWinds. These
results devices give constant alarms, execution reports, and verifiable information for the investigation.
including logs.

ICTCYS612 Design and implement virtualised cyber security infrastructure | 31

 5. security tests: To find holes in your applications and network infrastructure, you should
conduct penetration tests and security assessments regularly. Nessus, Nmap, and Wireshark
are some of the tools that can help with these assessments.

6. Log Checking: Utilize a log monitoring system to examine application, server, and network
device logs. This aids in the investigation of security incidents, errors, and anomalies.

7. Analyzing Network Traffic: To capture and analyze network packets, use tools like Wireshark
or PRTG for network traffic analysis. Analysis of traffic patterns, performance bottlenecks, and
other network issues can all benefit from this.

User feedback Hi Chalana, For the infrastructure task please create a diagram or pictorial
Document the representation of the infrastructure you propose.
user feedback
from your
assessor.

Adjustments 1. Enhanced Performance: If observing demonstrates execution issues like high dormancy,
bundle misfortune, or transfer speed limitations, changes might incorporate advancing
Based on the
organization arrangements, overhauling equipment or framework, carrying out Nature of
tests you ran,
Administration (QoS) approaches, or burden adjusting procedures.
monitoring
and user
feedback
2. Improvements to security: Security measures like updating firewall rules, patching software
describe the
vulnerabilities, implementing intrusion detection systems (IDS), or enhancing access controls
adjustments
can be strengthened if monitoring or user feedback reveals security flaws or incidents.
you need to
make.
3. Planning for Capacity: Assuming checking distinguishes network blockage or limit limits,
changes might incorporate updating the network foundation, adding extra organization assets,
or reconfiguring network traffic, directing to advance limit and adaptability.

Screenshots ☐

Attach:

Reference:

ICTCYS612 Design and implement virtualised cyber security infrastructure | 32

 Cassetto, O. (2023) Cybersecurity threats: Types and challenges, Exabeam. Available at:
https://www.exabeam.com/information-security/cyber-security-threat/ (Accessed: 23 May 2023).
 Cybersecurity standards and Frameworks (no date) IT Governance. Available at:
https://www.itgovernanceusa.com/cybersecurity-standards#:~:text=ISO%2FIEC%2027032,with
%20the%20use%20of%20technology. (Accessed: 23 May 2023).
 Cybersecurity: 5 common factors that put businesses at risk (2022) Amazing Support. Available at:
https://www.amazingsupport.co.uk/common-cybersecurity-risk-factors/ (Accessed: 23 May 2023).
 Editor, C.C. (no date) Operations security (OPSEC) - glossary: CSRC, CSRC Content Editor.
Available at: https://csrc.nist.gov/glossary/term/operations_security#:~:text=Definition(s)%3A,and
%20execution%20of%20sensitive%20activities. (Accessed: 23 May 2023).
 Kenton, W. (2023) What is a business continuity plan (BCP), and how does it work?, Investopedia.
Available at: https://www.investopedia.com/terms/b/business-continuity-planning.asp (Accessed:
23 May 2023).
 Methodologies (2023) Vumetric. Available at:
https://www.vumetric.com/company/methodologies/#:~:text=Based%20on%20internationally
%20recognized%20standards,execute%2C%20and%20document%20their%20findings.
(Accessed: 23 May 2023).
 What is a disaster recovery plan? (no date) Kyndryl. Available at:
https://www.kyndryl.com/au/en/learn/disaster-recovery-plan#:~:text=What%20is%20a%20disaster
%20recovery%20plan%20and%20how%20does%20it,and%20any%20other%20disruptive
%20events. (Accessed: 23 May 2023).
 What is application security?: Vmware glossary (2023) VMware. Available at:
https://www.vmware.com/topics/glossary/content/application-security.html#:~:text=Application
%20security%20is%20the%20process,as%20unauthorized%20access%20and%20modification. (Accessed:
23 May 2023).

ICTCYS612 Design and implement virtualised cyber security infrastructure | 33