Network Security Page 1 of 9

ASIA PACIFIC UNIVERSITY OF TECHNOLOGY & INNOVATION

CT037-3-2-NWS
Network Security
Group Assignment

This assignment contributes 60% of the final marks

Intake : APU2F2311CS, APD2F2311CS, APU2F2311TE, APD2F2311TE,

APU2F2311IT(ISS), APD2F2311IT(ISS), APD2F2311IT(IOT),
APU2F2311IT(IOT), APD2F2311IT(CE), APU2F2311IT(CE)

Lecturer : Noris binti Ismail

Email : noris.ismail@apu.edu.my

LEARNING OUTCOMES:

 CLO2: Justify IP addressing plan and routing strategies implemented in an enterprise network (A3,
PLO4)

 CLO3: Demonstrate configuration of secure network by integrating layer 2 security, layer 3 security
and Virtual Private Network using appropriate simulation tool. (P3, PLO3)

In-course Assignment Information Assignment

This assignment consists of TWO (2) sections: Section A and Section B. Section A is the report submission
that contributes 20% of total 60% while Section B is the practical demo on the configuration that contribute
to the 40%.

Instructions:

This group assignment carries 60% of your total module assessment marks [Group Assignment], with 40%
of the total contributed by an individual component [practical demo] and 20% by group components. A
group consist of maximum 5 students. (Minimum 2 students). The total word count for both reports should
not exceed 5000 words. No marks will be awarded for the entire assignment if any part of it is found to be
copied directly from printed materials or from another group. All submissions should be made on or before
the due date. Any late submissions after the deadline will not be entertained. Zero (0) mark will be awarded
for late submission unless extenuating circumstances are upheld.

Level 2 Asia Pacific University of Technology and Innovation

 Network Security Page 2 of 9

Section A: GROUP COMPONENTS (40%)

Scenario:

Broadcom is the manufacturer of Network Interface Card (NIC) based in KL. The headquarter office in KL
consists of 5 departments: Admin, Sales, Engineering, Management and Finance. It has a branch company
in Sungai Liang Industrial Park (SPARK), Brunei located 3,002 km away from KL and hosts 180
employees in each department. Only R&D, Management and Delivery departments are located there. Figure
1 illustrates the network architecture and topology of the KL HQ and its branch in Brunei for Broadcom.

The KL HQ has simple network architecture. Clients’ workstations are connected to an access switch,
distributed switch and the router’s internal interface as shown in figure 1. The firewall’s ex.ternal interface
connects directly to the internet service provider (ISP) router. The ISP completely manages this router, and
the Broadcom has no control over it. A third interface on the firewall hosts a demilitarised zone (DMZ)
hosting several servers. These servers include web, email, and FTP applications.

a) In a group, design and configure basic network requirements based on network diagram given using
packet tracer. The design must follow the basic requirements as below:
 Use any private IP address range for the LAN in KL and Brunei network.
 Use any public IP address range for the DMZ area and WAN connections including the router
in the ISP cluster.

Document the results of your work in a professional and systematic manner, in the form of a
computerized report. One (1) softcopy of your documentation is to be submitted.
1. Table of contents for every detailed chapter/section.
2. Detailed Work Breakdown Structure. Contribution of each member.
3. Introduction
4. Topology of the network diagram – screen shots and explanations
5. Chapters / sections with screen shots for evidence – Refer to Detailed breakdown of the report
section – Section B.
6. Documentation of the configured device(s). Basic configurations – Passwords etc.
7. Conclusion
8. Appendices [Optional]
9. Bibliography or References

Optional requirements:
1. To configure DHCP in both networks.
2. To deploy WLAN in both networks.
3. To include redundancy at L2 where applicable [EtherChannel]
4. To configure IPv6 address in the topology.

Submission of the group report will be on Week 12 [20th July 2024]

- For Group Report submission [Only the group leader ONLY!] – 20% and

Submission of the group report will be on Week 13 [27th July 2024]

- Individual Presentation video demo submission and packet tracer file by each student in Moodle using
Moodle separate links – 40% c

Level 2 Asia Pacific University of Technology and Innovation

 Network Security Page 3 of 9

Figure 1: Broadcom Network Layout

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 4 of 9

Page 4 of 9

Section B: Breakdown of the Report Content

a) The goal is to protect the internal and DMZ hosts from external threats. As a network security
specialist, each of you are required to provide a security solution for KL HQ and Brunei Branch
office.

There are some requirements in the above scenario that must be considered in this security design.

1. Client workstations (admin, management, sales, engineering, finance, R&D and delivery) must be
able to access the web server at the DMZ over HTTP and HTTPS. (Solution and configuration)

2. Clients should also be able to put and get files via FTP to the same server. The company requires
implementing FTP with user and password is essential for each transaction. (Solution and
configuration.)

3. All departments in either Penang or Krung Thep networks must be able to access the Internet (to
reach both companies location) over ICMP, HTTP and HTTPS with DNS. (Solution and
configuration.)

4. Client workstations must be able to check their e-mail on the e-mail server at the DMZ. The e-
mail server should be able to receive e-mail from external hosts over the simple mail transfer
protocol (SMTP). The email transaction also needs to be secured. (Solution and configuration.)

5. VLAN technology is mandatory to be implemented in all sub networks. Management and Native
VLAN are required for deployment. Implement secured VLAN is mandatory (static trunk, native
vlan, vlan allowed on trunk, blackhole and etc) (Solution and configuration.)

6. Proposed several policies for both networks (KL and Brunei) to reduce the internal/external
access to its resources. Examples: No client from admin, sales, engineering, and finance
department can access clients in the other departments and any. (Solution and configuration.)

7. Explain any THREE types of layer two attacks. Implement layer two securities as a requirement
in the company LAN. (Solution and configuration.)

8. Bastion host works as an application proxy. You are required to explain the solution in detail.
(Configuration is not required.).

9. Connectivity between HQ in KL and branch office in Brunei is a requirement. Other than OSPF,
discuss any other routing protocol that can be used for WAN connectivity. What is the best
solution? Elaborate on the solution. (Configuration is not required).

10. Data transmitted over the network must be kept disguised and only intended recipient can read it.
Hackers are unable to understand the content even they can wiretap the communication. (Solution
on the techniques, no configuration is required)

11. The company requires implementing intrusion detection systems (IDS). (No Configuration is
required.)

12. Implement VPN between KL and Brunei network. (Solution and configuration.)

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 5 of 9

Page 5 of 9

13. Implement SSL encryption between KL and Brunei. (Solution).

14. Proposed THREE (3) other solutions to increase the security in both networks. (Solution)

Note: The “solution” in the parenthesis means that, you must recommend, what should be done in order
to fulfil the company’s requirement. In this case, you do not have to configure any of the device(s) in the
topology. The “configuration” in the parenthesis means that, in addition to the solution that you provide,
you must implement it by configuring the appropriate device with commands and setups.

Guidelines for the report and video submission:

In your document the report is to be written in a professional manner, paying due regard to the following
aspects:
 The report is to be written in the 3rd person.
 The report should have a consistent layout and be divided into enumerated sections, sub-sections,
sub-sub sections etc.
 The report should be fully referenced using the University standard.
 Your report must be typed using Microsoft Word with Times New Roman font and size 12. Expected
length is 5,000 words (excluding diagrams, appendixes, and references). You need use to include a
word count at the end of the report and it should be in 1.5 spaces.
 Submission of reports that are unprofessional in its outlook (dirty, disorganised, inconsistent look,
varying coloured paper and size) will not fare well when marks are allocated.
 Ensure that the report is printed on standard A4 (210 X 297 mm) sized paper.
 The report should have a one (1”) margin all around the page as illustrated below:

1 inch 1 inch
1 inch

1 inch

The Typed Text

1 inch

1 inch

1 inch 1 inch

 Every report must have a front cover. A transparent plastic sheet can be placed in front of the report
to protect the front cover. The front cover should have the following details:

o Name
o Intake code.
o Subject.
o Project Title.
o Date Assigned (the date the report was handed out).
o Date Completed (the date the report is due to be handed in).

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 6 of 9

Page 6 of 9

Demonstration on the results of your work in a professional and systematic manner, in the form of a
video recording. One (1) softcopy of your video file is to be submitted individually in another Moodle
link that will be provided – Week 13.
 The recording should include 1 minute of introducing the name and programme followed by 10 -15
minutes of showing the configuration and skills that has been gathered or used in the configuration.
 Students need to demo their configuration skills in packet tracer only. DO NOT need to include the
report.
 Please dress formally for the presentation and do turn on the webcam throughout the demo and make
yourself available during the demo.
 Make sure the audio also being recorded during the demo.

Submission requirements

An online submission through Moodle is required for this module for both individual and group sections.
The total word count of the main body of the document (excluding title & contents pages) is to be in the
region of 5000 words.

Submission of the group report will be on Week 12 [20th July 2024].

Submission of the packet tracer and video on walkthrough of the system will be on Week 13 [27 th
July 2024].

For Group Report submission [Only the group leader ONLY!] and video demo submission by each
student in Moodle using Moodle separate links.

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 7 of 9

Page 7 of 9

Assessment Criteria:

 CLO2: Justify IP addressing plan and routing strategies implemented in an enterprise network (A3,
PLO4) – Group Report – 20%

Marking 1 2 3 4 5
Criteria (Fail) (Marginal Fail) (Pass) (Credit) (Distinction) Weightage

Leadership Poor leadership Acceptable Moderate leadership Good leadership and Outstanding
(10%) and teamwork leadership and and teamwork teamwork leadership and
teamwork teamwork
2

Task Imbalance Imbalance Fair distribution of Fair distribution of Balance distribution

distributed distribution of distribution of tasks among the tasks among the of tasks among the
equally and tasks among the tasks among the team members. team members. team members.
appropriate team members. team members. Acceptable Acceptable Accurate
content No discussion on Inaccurate technologies chosen technologies chosen technologies
(15%) technologies technologies with and chosen. 3
chosen chosen with brief explanation detail explanation Detail explanation
very brief provided. provided. provided.
explanation
provided.

Design and All submission Network design, Network design and Network design, Outstanding design,
content requirements configurations configurations configurations and configuration, and
follow the were not adhered and contents follow the contents follow contents. All
requirements or poor writing or follows the requirements but exactly the requirements fulfil
and good poor quality of requirements but with some missing requirements. No with extra
integration contents. with some parts. Fully missing part. Fully configuration
(35%) No integration of missing parts. integrated but integrated and implemented. Fully
the tasks given. Partially not all the configuration is integrated and 7
integrated configurations are working well. configuration is
and not all the working after working well.
configurations integration.
are working
after integration.

IP Poor addressing Acceptable Moderate Good addressing Outstanding

configuration table provided but addressing table addressing table table provided with addressing table
s. configuration provided with provided with good good configuration provided with
(20%) done with major basic configuration done. done. outstanding 4
issue. configuration. configuration done.

Referencing No in-text Minimal in-text Enough references Recent source of Very good quality
citation and very citation and and citation in the references used, of references used,
(10%) minimal references used. report. No issue in with proper with proper citation
references. Major Minor issues in the referencing reference list. and reference list for
issues in the the referencing format Limited in-text all facts and
referencing format. Able to fully utilize citation in the report diagrams used
format. Not able to fully the referencing Good utilization of Proficient in using 2
Referencing was utilize the features in the referencing the referencing
done manually, referencing Microsoft Word features in features in
without using features in Microsoft Word Microsoft Word,
Microsoft Word Microsoft Word without error
features.

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 8 of 9

Page 8 of 9

Documentati No table of Table of content Table of content Good structure and Very good structure
on content and page exist but without included with flow of and flow of
numbering, font page numbers, proper page documentation with documentation, with
(10%) size and type are report structure numbering, appropriate header very good
not standardized. not standardized standardized report & footer. appearance.
(including structure &
Not able to show alignment and headings. Good personal skills Very good and
personal skills in spacing). in utilizing features proficient personal
utilizing features Able to show in Microsoft Word skills in utilizing
in Microsoft Able to show sufficient personal to produce good features in 2
Word to produce some personal skills in utilizing formatting standard Microsoft Word to
good formatting skills in utilizing features in without any issue. produce outstanding
standard. features in Microsoft Word to formatting standard.
Microsoft Word produce good
but has major formatting standard,
issues in with minor issues.
formatting
standard.

Total Marks (Criteria 1): /100

CLO3: Demonstrate configuration of secure network by integrating layer 2 security, layer 3 security and
Virtual Private Network using appropriate simulation tool. (P3, PLO3) – Individual demo – 40%

Marking 1 2 3 4 5 Weightag
Criteria (Fail) (Marginal Fail) (Pass) (Credit) (Distinction) e

Limited ability Basic ability to Acceptable Good ability to Excellent ability

Protocol to implement implement and ability to implement and to implement and
Implementatio and configure configure implement and configure configure network
n network network configure network protocols for
protocols. protocols for network protocols protocols for complex 5
(25%) simple for most most scenarios. scenarios.
scenarios. scenarios.

Security Limited Basic Acceptable Good Excellent

Measures understanding of understanding of understanding of understanding understanding of
security security security measures of security security measures
(25%) measures and measures and and can measures and and can
unable to can implement implement them can implement implement them 5
implement them them effectively effectively for them effectively effectively for
effectively. for simple most scenarios. for most complex
scenarios. scenarios. scenarios.

Hardly able to Basic ability to Satisfactory use Good use of Excellent use of
Utilization of
use packet use packet tracer of packet tracer packet tracer packet tracer
tools for
tracer simulation tool simulation tool simulation tool simulation tool
network
simulation tool providing simple providing providing good providing
design 5
in providing network design moderate network network design complex network
network design. and design and and design and
(25%)
configuration. configuration. configuration. configuration.

Level 2 Asia Pacific University of Technology and Innovation

Network Security Page 9 of 9

Page 9 of 9

Presentation Poor Able to show Show good Very good Outstanding

skills understanding minimal understanding in understanding configuration
on the understanding configuration but in configuration skills
configuration. on the can be improved and IP demonstrated,
(25%) configuration in technical and addressing exceeding the
done. IP addressing scheme expectation.
scheme deployed.
knowledge. Able to explain
Able to explain technical 5
Not very good in technical configuration and
explaining configuration excellent
technical and good verification
configuration and verification commands.
average commands.
verification
commands.

Total Marks (Criteria 2): /100

Level 2 Asia Pacific University of Technology and Innovation