JNCIP-SEC Bundle – AJSEC & JIPS Certification Course

Duration:   5 Days
Price:   $4450.00
Test Level:    2
Certifications:   JNCIP-SEC
Exams:   JNO-632

 
Course Overview
The JNCIP-SEC Certification Bundle is a 5-day event that covers technology aspects that meet the JUNOS Professional Certification tier for the Junos Security Engineer.

Students will learn Junos Intrusion Prevention System Functionality including an introduction to the IPS feature set, with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security This course benefits individuals responsible for configuring and monitoring devices running JUNOS Software in a security application.

Students attending this course will take part in 2 courses as part of the certification, covering Junos Security topics.

This course prepares students for the new JNCIS-SEC Certification exam, whose topics are based on the content of these courses. Students that attend this class will be given a free test voucher to take the JNCIP-SEC certification exam.

Course Objective

  • Understand Junos security handling at Layer 2 versus Layer 3
  • Understand Junos OS processing of Application Layer Gateways (ALG)
  • Alter the Junos default behavior of ALG and application processing
  • Implement address books with dynamic addressing
  • Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios
  • Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems
  • Implement virtual routing-instances
  • Implement policy-based routing
  • Describe and implement static, source, destination, and dual Network Address Translation (NAT)
  • Implement NAT traversal
  • Implement and monitor optimized chassis clustering
  • Differentiate and configure standard point-to-point virtual private network (VPN) tunnels, hub-and-spoke VPNs, and group VPNs
  • Monitor the operations of the various IP Security (IPsec) VPN implementations
  • Describe, implement, and monitor Group VPNs in an enterprise environment
  • Describe, implement, and monitor Dynamic VPNs in an enterprise environment
  • Utilize IPsec VPN tunnels with OSPF
  • Implement dynamic VPNs
  • Describe some IPsec VPN best practices for the Enterprise
  • Understand and utilize Junos tools for troubleshooting Junos security implementations
  • Utilize a sound methodology for troubleshooting Junos security issues
  • Become familiar with the successful troubleshooting of common Junos Security issues
  • Define types of intrusions and network penetration attacks
  • Describe the steps that the IPS engine uses when inspecting packets
  • Describe the components of IPS rules and rulebases
  • Define the types of signature-based attacks
  • Describe the use of custom signatures and how to configure them
  • Use scanning to gather information about target networks
  • Configure screens to block various scan types
  • Configure denial of service (DoS) and distributed denial of service (DDoS) attacks
  • Configure screens to block DoS and DDoS attacks
  • Describe and manage the reporting capabilities available for IPS functionality

Target Audience
Network engineers, technical support personnel, reseller support engineers, and others responsible for implementing and/or maintaining the Juniper Networks products covered in this course.

Course Outline
Day 1 AJSEC

Chapter 1: Course Introduction

Chapter 2: Junos Security Review

  • Junos OS Security Components
  • Layer 2 Versus Layer 3 Packet Handling
  • Data Center and Branch Deployments

Chapter 3: SRX Series Hardware and Interfaces

  • Branch Platform Overview
  • Data Center Platform Overview
  • Traffic Flow and Distribution
  • SRX Series Interfaces

Chapter 4: Advanced Security Policy

  • Junos OS ALGs
  • Custom Application Definitions
  • Advanced Policy Design
  • Dynamic Addressing
  • Policy Logging
  • DNS Doctoring

Day 2 AJSEC

Chapter 5: Virtualization

  • Junos Routing Instances
  • Forwarding Between Instances
  • Filter-based Forwarding and Policy-based Routing

Chapter 6: Advanced NAT Concepts

  • NAT Interaction with Policy and ALGs
  • Junos NAT Implementation Review
  • Cone NAT
  • Multitenant NAT
  • IPv4-to-IPv6 NAT

Chapter 7: High Availability

  • Chassis Clustering Implementations
  • Monitoring Chassis Clusters
  • Advanced HA Topics

Day 3 AJSEC

Chapter 8: IPsec Implementations

  • Standard VPN Implementations Review
  • Public Key Infrastructure
  • Hub-and-Spoke VPNs
  • Group VPNs

Chapter 9: Enterprise IPsec Technologies: Group and Dynamic VPNs

  • Group VPN Overview
  • GDOI Protocol
  • Group VPN Configuration and Monitoring
  • Dynamic VPN Overview
  • Dynamic VPN Implementation

Chapter 10: IPsec VPN Case Studies and Solutions

  • Routing over VPNs
  • NAT with IPsec
  • Enterprise VPN Deployment Best Practices

Chapter 11: Troubleshooting Junos Security

  • Troubleshooting Tools
  • Troubleshooting Methodology
  • Case Study A
  • Case Study B

Day 4 JIPS

Chapter 1

Chapter 2 Overview of IPS Functionality

  • Reasons for Network Attacks
  • Categories of Attacks
  • Anatomy of an Attack
  • IPS Mechanisms on SRX Series Devices

Chapter 3 Initial Device Configuration

  • Deployment Options for IPS Functionality
  • Management Options
  • Network Settings
  • Preparing the SRX Series Device for IPS Features

Chapter 4 IPS Terminology and Concepts

  • Terminology Overview
  • Attack Objects
  • IPS Rulebase Details
  • Rule Match Conditions
  • Rule Actions
  • Terminal Rules
  • IP Actions
  • Notification
  • Terminology Review
  • IPS Traffic Flow

Day 5 JIPS

Chapter 5 IPS Attack Objects

  • IPS Rules and Rulebases
  • Attack Objects
  • Custom Signatures

Chapter 6 Scanning and Reconnaissance

  • Overview of Scanning
  • Types of Scans
  • Fingerprinting
  • IPS Scan Prevention

Chapter 7 Blocking Evasion Techniques and Denial of Service

  • FIN Scans
  • IP Spoofing
  • IP Source Routing Options
  • DoS and DDoS Attacks
  • Mechanisms for Blocking DoS and DDoS

Chapter 8 Reporting

  • NSM Reports
  • Syslog Structure
  • The Junos OS Commands

Prerequisites
Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the “Introduction to the Junos Operating System (IJOS)], [[http://www.dwwtc.com/outline/juniper/jre | Junos Routing Essentials (JRE), and Junos Security (JSEC)courses prior to attending this class.

This course is available as open-enrollment Classroom event, instructor-led Live Virtual Class, REAL-ILT™ or as part of a custom Onsite Training for up to 16 students.