|
OneSource Professional Training Solutions, Inc.
presents
Junos Security Skills Camp (JSEC, AJSEC) On-Site Training
Junos Security Skills Camp (JSEC, AJSEC)
Course Description/Agenda
We've combined two authorized Juniper courses, Junos Security (JSEC) and
Advanced Junos Security (AJSEC) to create an intensive, extended-hours Skills
Camp in which you will build your intermediate and advanced Juniper security
skills. You will gain hands-on experience implementing, configuring, and
monitoring the Junos OS for SRX Series devices, covering:
- Security zones
- Security policies
- Intrusion detection and prevention (IDP)
- Network Address Translation (NAT)
- IP Security (IPsec) deployments
- Virtualization
- Layer 2 security with SRX Series Services Gateways
What You'll Learn
- SRX Series devices and software architecture
-
Logical packet flow and session creation performed by SRX Series devices
-
Placement and traffic distribution of the various components of SRX
devices
-
Configure, utilize, and monitor the various interface types available to
the SRX Series product line
-
Configure and monitor zones, security policies, and firewall user
authentication
-
Configure and monitor SCREEN options to prevent network attacks
-
Implement and monitor NAT on Junos security platforms
-
Implement static, source, destination, and dual NAT in complex LAN
environments
-
Implement variations of cone or persistent NAT
-
Interaction between NAT and security policy
-
Purpose and mechanics of IPsec virtual private networks (VPNs)
-
Implement and monitor policy-based and route-based IPsec VPNs
-
Differentiate and configure standard point-to-point IPsec VPN tunnels,
hub-and-spoke VPNs, dynamic VPNs, and group VPNs
-
Implement OSPF over IPsec tunnels and utilize generic routing
encapsulation (GRE) to interconnect to legacy firewalls
-
Monitor the operations of the various IPsec VPN implementations
-
Use and update the IDP signature database
-
Configure and monitor IDP policy with policy templates
-
Configure and monitor high availability (HA) chassis clusters
-
Security supported by the Junos OS
-
Junos security handling at Layer 2 vs. Layer 3
-
Junos OS processing of Application Layer Gateways (ALGs)
-
Alter the Junos default behavior of ALG and application processing
-
Implement address books with dynamic addressing
-
Compose security policies utilizing ALGs, custom applications, and
dynamic addressing for various scenarios
-
Junos routing instance types used for virtualization
-
Implement virtual routing instances
-
Configure route sharing between routing instances using logical tunnel
interfaces
-
Implement packet-based and filter-based forwarding
-
Implement optimized chassis clustering
-
IPv6 support for chassis clusters
-
Public key cryptography for certificates
-
Junos debugging tools to analyze traffic flows and identify traffic
processing patterns and problems
-
Junos tools for troubleshooting Junos security implementations
Who Should Attend Network engineers, administrators, support personnel, and reseller support personnel using SRX Series devices Course Prerequisites
- Introduction to the Junos Operating System (IJOS)
- Junos Routing Essentials (JRE)
Or
Course Outline 1. Junos Security Platforms
-
Traditional Routing
-
Traditional Security
-
Breaking the Tradition
-
The Junos OS Architecture
2. Zones
-
The Definition of Zones
-
Zone Configuration
-
Monitoring Security Zones
3. Security Policies
-
Policy Components
-
Verifying Policy Operation
-
Policy Scheduling and Rematching
-
ALGs
-
Custom Application Definitions
-
Advanced Addressing
-
Policy Matching
4. Firewall User Authentication
-
Firewall User Authentication Overview
-
Pass-Through Authentication
-
Web Authentication
-
Client Groups
-
Using External Authentication Servers
-
Verifying Firewall User Authentication
5. SCREEN Options
-
Multilayer Network Protection
-
Stages and Types of Attacks
-
Using Junos SCREEN Options
-
Reconnaissance Attack Handling
-
Denial of Service Attack Handling
-
Suspicious Packets Attack Handling
-
Applying and Monitoring SCREEN Options
6. NAT
-
Source NAT Operation and Configuration
-
Destination NAT Operation and Configuration
-
Static NAT Operation and Configuration
-
Proxy ARP
-
Monitoring and Verifying NAT Operation
-
Beyond Layer 3 and Layer 4 Headers
-
Advanced NAT Scenarios
7. IPsec VPNs
-
VPN Types
-
Secure VPN Requirements
-
IPsec Details
-
Configuration of IPsec VPNs
-
IPsec VPN Monitoring
-
Routing over VPNs
-
IPsec with Overlapping Addresses
-
Dynamic Gateway IP Addresses
-
Enterprise VPN Deployment Tips and Tricks
8. IPsec Implementations
-
Standard VPN Implementations
-
Public Key Infrastructure
-
Hub-and-Spoke VPNs
9. Enterprise IPsec Technologies
-
Group VPN
-
GDOI Protocol
-
Group VPN Configuration and Monitoring
-
Dynamic VPN Implementation
10. IDP
-
Junos IDP
-
Policy Components
-
Configuration
-
Signature Database
-
Monitoring IDP Operation
11. HA Clustering
-
Chassis Cluster
-
Components
-
Operation
-
Configuration
-
Monitoring
-
Implementations
-
Advanced HA Topics
12. Virtualization
-
Routing Instances
-
Filter-Based Forwarding
13. Troubleshooting Junos Security
-
Troubleshooting Methodology
-
Troubleshooting Tools
-
Identifying IPsec Issues
14. SRX Series Hardware and Interfaces
-
Branch SRX Platform
-
High-End SRX Platform
-
SRX Traffic Flow and Distribution
-
SRX Interfaces
Labs
Lab 1: Configuring and Monitoring Zones
Lab 2: Security Policies
Case Study 1: Security Policy
Lab 3: Configuring Firewall Authentication
Lab 4: Implementing SCREEN Options
Lab 5: Network Address Translation
Lab 6: Implementing IPsec VPNs
Lab 7: Implementing IDP
Case Study 2: Applying the Recommended IDP Policy
Lab 8: Implementing Chassis Clusters
Lab 9: Selective Forwarding
Lab 10: Implementing Advanced Security Policy
Lab 11: Implementing Junos Virtual Routing
Lab 12: Advanced NAT Implementations
Lab 13: Implementing Advanced HA Techniques
Lab 14: Hub-and-Spoke IPsec VPNs
Lab 15: Configuring Group VPNs
Lab 16: OSPF over GRE over IPsec VPNs
Lab 17: Pe
|
Add to favorites
Email this page
|
On-Site Training
Seminar
