Juniper Networks Certified Professional Security Bootcamp, AJSEC and JIPS (JNCIP-SEC BC) This course combines both Advanced Junos Security (AJSEC) and Junos Intrusion Prevention Systems (JIPS) into five consecutive days of training. Students can choose to attend the individual classes (AJSEC or JIPS) or attend the five-day course. ADVANCED JUNOS SECURITY (AJSEC) COURSE OVERVIEW This course which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security. Through demonstrations and hands-on labs, students gain experience in configuring and monitoring the advanced Junos operating system security features with advanced coverage of IPsec deployments, virtualization, AppSecure, advanced Network Address Translation (NAT) deployments, and Layer 2 security. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component, but the lab environment does not preclude the course from being applicable to other Juniper hardware platforms running the Junos OS. WHO WILL BENEFIT FROM THE AJSEC COURSE? This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components. Course Level: AJSEC is an advanced-level course. AJSEC PREREQUISITES: Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos Security (JSEC) courses prior to attending this class. COURSE OBJECTIVES: After successfully completing this course, you should be able to: Demonstrate understanding of concepts covered in the prerequisite Junos Security course. Describe the various forms of security supported by the Junos OS. Implement features of the AppSecure suite, including AppID, AppFW, and AppTrack. Configure custom application signatures. Describe Junos security handling at Layer 2 versus Layer 3. Implement Layer 2 transparent mode security features.
Demonstrate understanding of Logical Systems (LSYS). Implement address books with dynamic addressing. Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios. Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems. Describe Junos routing instance types used for virtualization. Implement virtual routing instances. Describe and configure route sharing between routing instances using logical tunnel interfaces. Describe and implement static, source, destination, and dual NAT in complex LAN environments. Describe and implement variations of persistent NAT. Describe and implement Carrier Grade NAT (CGN) solutions for IPv6 NAT, such as NAT64, NAT46, and DS- Lite. Describe the interaction between NAT and security policy. Demonstrate understanding of DNS doctoring. Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs. Implement IPsec tunnels using virtual routers. Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls. Monitor the operations of the various IPsec VPN implementations. Describe public key cryptography for certificates. Utilize Junos tools for troubleshooting Junos security implementations. Perform successful troubleshooting of some common Junos security issues. COURSE OUTLINE: Day 1 Module 1: Course Introduction Module 2: AppSecure AppSecure Overview AppID AppTrack AppFW AppDoS AppQoS Lab 1: Implementing AppSecure Module 3: Junos Layer 2 Packet Handling and Security Features Transparent Mode Security Layer 2 Ethernet Switching Lab 2: Implementing Layer 2 Security
Module 4: Virtualization Virtualization Overview Routing Instances Logical Systems Lab 3: Implementing Junos Virtual Routing Day 2 Module 5: Advanced NAT Concepts Operational Review NAT: Beyond Layer 3 and Layer 4 Headers DNS Doctoring IPv6 NAT Advanced NAT Scenarios Lab 4: Advanced NAT Implementations Module 6: IPsec Implementations Standard VPN Implementations Review Public Key Infrastructure Hub-and-Spoke VPNs Lab 5: Hub-and-Spoke IPsec VPNs Day 3 Module 7: Enterprise IPsec Technologies: Group and Dynamic VPNs Group VPN Overview GDOI Protocol Group VPN Configuration and Monitoring Dynamic VPN Overview Dynamic VPN Implementation Lab 6: Configuring Group VPNs Module 8: IPsec VPN Case Studies and Solutions Routing over VPNs IPsec with Overlapping Addresses Dynamic Gateway IP Addresses Enterprise VPN Deployment Tips and Tricks Lab 7: Implementing Advanced IPsec VPN Solutions Module 9: Troubleshooting Junos Security Troubleshooting Methodology Troubleshooting Tools Identifying IPsec Issues Lab 8: Performing Security Troubleshooting Techniques
Appendix A: SRX Series Hardware and Interfaces Branch SRX Platform Overview High End SRX Platform Overview SRX Traffic Flow and Distribution SRX Interfaces JUNOS INTRUSION PREVENTION SYSTEMS (JIPS) COURSE OVERVIEW This course is designed to provide an introduction to the Intrusion Prevention System (IPS) feature set (provided by Junos IPS Secure) available on the Juniper Networks SRX Series Services Gateway. The course covers concepts, ideas, and terminology relating to providing intrusion prevention using the SRX Series platform. Hands-on labs offer students the opportunity to configure various IPS features and to test and analyze those functions. WHO WILL BENEFIT FROM THE JIPS COURSE? This course benefits individuals responsible for configuring and monitoring the IPS aspects of SRX Series devices. Course Level: JIPS is an intermediate-level course. JIPS PREREQUISITES: Students should have basic networking knowledge, an understanding of the Open Systems Interconnection (OSI) reference model for layered communications and computer network protocol design, and an understanding of the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, the Junos Routing Essentials (JRE) course, and the Junos Security (JSEC) course, or they should have equivalent experience prior to attending this class. JIPS COURSE OBJECTIVES: After successfully completing this course, you should be able to: Explain the terms and concepts related to intrusion prevention. Describe general types of intrusions and network penetration steps. Explain how scanning can be used to gather information about target networks. Define and describe the terminology that comprises Juniper Networks IPS functionality. Describe the basic functions and features available on the SRX Series platform that provide IPS functionality. Describe how to access the SRX Series Services Gateways with IPS functionality for configuration and management. Describe the steps that the IPS engine takes when inspecting packets. Configure the SRX Series Services Gateways for IPS functionality. Describe the components of IPS rules and rulebases. Configure an IPS exempt rule. Explain the types of signature-based attacks. Configure a custom signature attack object.
Describe the uses of custom signatures and how to configure them. Describe commonly used evasion techniques and how to block them. Explain the mechanisms available on the SRX Series Services Gateway to detect and block DoS and DDoS attacks. Configure screens to block IP spoofing and SYN flooding. Describe additional security flow protection mechanisms. Demonstrate how the SRX Series device performs TCP SYN checking. Explain the STRM capabilities for capturing, logging, and reporting network traffic. Describe the logging and reporting capabilities available for SRX IP functionality within STRM. JIPS COURSE OUTLINE Day 1 Module 1: Course Introduction Module 2: Introduction to Intrusion Prevention Systems Network Asset Protection Intrusion Attack Methods Intrusion Prevention Systems IPS Traffic Inspection Walkthrough Module 3: IPS Policy and Initial Configuration SRX IPS Requirements IPS Operation Modes Basic IPS Policy Review Basic IPS Policy Lab Module 4: IPS Rulebase Operations Rulebase Operations IPS Rules Terminal Rules IP Actions Configuring IPS Rulebases Lab Day 2 Module 5: Custom Attack Objects Predefined Attack Objects Custom Attack Objects Fine-Tuning the IPS Policy Custom Signatures Lab
Module 6: Additional Attack Protection Mechanisms Scan Prevention Blocking Evasion and DoS Attacks Security Flow Protection Mechanisms Security Flow Protection Mechanisms Lab Module 7: IPS Logging and Reporting Junos Syslog and Operational Commands STRM IPS Logging IPS Logging Lab SUNSET LEARNING INSTITUTE (SLI) DIFFERENTIATORS: Sunset Learning Institute (SLI) has been an innovative leader in developing and delivering authorized technical training since 1996. Our goal is to help our customers optimize their cloud technology investments by providing convenient, high quality technical training that our customers can rely on. We empower students to master their desired technologies for their unique environments. What sets SLI apart is not only our immense selection of trainings options, but our convenient and consistent delivery system. No matter how complex your environment is or where you are located, SLI is sure to have a training solution that you can count on! Premiere World Class Instruction Team All SLI instructors have a four-year technical degree, instructor level certifications and field consulting work experience. Sunset Learning has won numerous Instructor Excellence and Instructor Quality Distinction awards since 2012 Enhanced Learning Experience The goal of our instructors during class is ensure students understand the material, guide them through our labs and encourage questions and interactive discussions. Convenient and Reliable Training Experience You have the option to attend classes at any of our established training facilities or from the convenience of your home or office with the use of our HD-ILT network (High Definition Instructor Led Training) All Sunset Learning Institute classes are guaranteed to run you can count on us to deliver the training you need when you need it! Outstanding Customer Service Dedicated account manager to suggest the optimal learning path for you and your team Enthusiastic Student Services team available to answer any questions and ensure a quality training experience