Route Core Element 10 - Security
This resource list has been created to support the T Level Technical Qualification in Digital Support Services.
This section of the specification presents an opportunity to explore the world of cybersecurity. RCE10 covers the types of information you may encounter in the workplace, which in turn leads into the topic on the importance of maintaining and the consequences of not maintaining Confidentiality, Integrity and Availability (CIA) and what non-compliance may mean to an organisation.
Practical experience can be gained through assessing vulnerabilities and the measures that can be employed to maintain CIA. Practical skills gained in this element will prove beneficial when completing the employer set project and occupational specialism.
Textbook
This book can be used as a companion for the Cisco introduction to cybersecurity online course and will help in understanding and recognising the most common cybersecurity threats people face daily in their personal and work lives. Coverage includes scenarios based around the workplace and how to respond to cybersecurity incidents, this resource provides information related to R10.2, R10.3 and R10.4.
Cisco introduction to cybersecurity
The course covers an introduction to cybersecurity, what the threats are, how to identify them and how to protect against them. The course contains useful information relating to career opportunities in cybersecurity, this resource provides information related to R10.2, R10.3 and R10.4.
Guru99 ethical hacking tutorials
The course covers ethical hacking lessons with live hacking examples to make the subject matter clear. The tutorials cover the main concepts that an industry professional must be aware of to have a successful career protecting networks and maintaining CIA. It is recommended that the following tutorials are completed.
- Cryptography Tutorial: Cryptanalysis, RC4, CrypTool
- Worm, Virus & Trojan Horse: Ethical Hacking Tutorial
- Wireshark Tutorial: Network & Passwords Sniffer
- QL Injection Tutorial: Learn with Example
The previous 4 tutorials can be aligned to coverage of R10.7 and R10.8.
MAC (Media Access Control) flood attack
This video demonstrates a MAC flood attack using Cisco switches. The video also demonstrates how to prevent this happening. The content on this video is also achievable using a simulator like Cisco packet tracer.
Launching a Denial Of Service attack (DOS) with CDP (Cisco Discovery Protocol) on a cisco switch
This video demonstrates a MAC flood attack using Cisco switches. This is an important attack that can happen to any business and a T-Level student must be aware of the mechanics of these attacks.
Thwarting DDoS (Distributed Denial of Service) attacks
Video explaining Distributed Denial of Service attacks (DDOS) and how you can prevent it.
Lesson 5 - There’s no place like 127.0.0.1
The aim of this lesson is for students to develop their understanding of the risks that cyber threats pose to a network, followed by an exploration of some of the more common methods of defending a network against attacks, such as firewalls and anti-malware, this can be used for coverage of R10.6.
OWASP (Open Web Application Security Project®) top ten
An awareness of current threats is important for the security element of the T-Level, the OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
What are firewalls?
Video explaining how firewalls work in a real-world scenario. The visualisations provide a good accompaniment to the commentary. This is a useful resource for understanding the process and protocols of internet security assurance, this resource provides information related to R10.7.
IPSec (IP Security)
A useful resource for ensuring CIA. An understanding of VPN (Virtual Private Network) technology and its uses in a business network is a fundamental requirement for the T-Level digital infrastructure course and is related to R10.7.
Getting started with Virtual Box
This resource covers tutorials in Oracle Virtual Box. Sections 1.5, 1.6, 1.7 and 1.8 in the table of contents cover installing and starting virtual box, creating and running your first virtual machine, this provides a good starting point in learning how to use the software, it is then recommended to attempt the remaining step by step guides on this site.
Confidentiality in the workplace
Descriptions related to R10.1 and R10.5 regarding the nature of confidentiality, and how to ensure that you comply with legal or ethical guidelines.
Data Center Attack: The Game
Interactive educational game where the learners play the role of the security manager, excellent resource to demonstrate some of the decisions that could be required in the real world and how the decisions can affect the organisation, this resource provides information related to R10.4, R10.5 and R10.8.
Oracle VirtualBox
Virtual Box is an essential tool for lab work and simulations on the T-Level digital courses. The link takes you to the downloads page.
Kali Linux virtual machine
Kali Linux is an open-source distribution. Kali comes with many pre-installed tools and is an important free resource for undertaking information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. This distribution can be imported into Virtual Box and VMware.
Windows virtual machines
Free virtual machines from Microsoft for lab work relating to the security elements. The virtual machines are ideal for the learner to explore operating systems security setting including Windows defender firewall and local security policies. This distribution can be imported into Virtual Box and VMware.