Juniper Networks Certified Professional Security Bundle, AJSEC and JIPS (JNCIP-SEC)

Course Overview

This Bundle Combines AJSEC & JIPS  
 

ADVANCED JUNOS SECURITY (AJSEC) COURSE OVERVIEW
This course which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security.

Through demonstrations and hands-on labs, students gain experience in configuring and monitoring the advanced Junos operating system security features with advanced coverage of IPsec deployments, virtualization, AppSecure, advanced Network Address Translation (NAT) deployments, and Layer 2 security. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component, but the lab environment does not preclude the course from being applicable to other Juniper hardware platforms running the Junos OS.


JUNOS INTRUSION PREVENTION SYSTEMS (JIPS) COURSE OVERVIEW
This course is designed to provide an introduction to the Intrusion Prevention System (IPS) feature set (provided by Junos IPS Secure) available on the Juniper Networks SRX Series Services Gateway. The course covers concepts, ideas, and terminology relating to providing intrusion prevention using the SRX Series platform. Hands-on labs offer students the opportunity to configure various IPS features and to test and analyze those functions.
 

Target Audience

ADVANCED JUNOS SECURITY (AJSEC) TARGET AUDIENCE:
This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.
Course Level: AJSEC is an advanced-level course.


JUNOS INTRUSION PREVENTION SYSTEMS (JIPS) TARGET AUDIENCE:
This course benefits individuals responsible for configuring and monitoring the IPS aspects of SRX Series devices.
Course Level: JIPS is an intermediate-level course.

Prerequisites

ADVANCED JUNOS SECURITY (AJSEC) PREREQUISITES: 
Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos Security (JSEC) courses prior to attending this class.


JUNOS INTRUSION PREVENTION SYSTEMS (JIPS) PREREQUISITES: 
Students should have basic networking knowledge, an understanding of the Open Systems Interconnection (OSI) reference model for layered communications and computer network protocol design, and an understanding of the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, the Junos Routing Essentials (JRE) course, and the Junos Security (JSEC) course, or they should have equivalent experience prior to attending this class.
 

Course Objectives

ADVANCED JUNOS SECURITY (AJSEC) OBJECTIVES
After successfully completing this course, you should be able to:

  • Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
  • Describe the various forms of security supported by the Junos OS.
  • Implement features of the AppSecure suite, including AppID, AppFW, and AppTrack.
  • Configure custom application signatures.
  • Describe Junos security handling at Layer 2 versus Layer 3.
  • Implement Layer 2 transparent mode security features.
  • Demonstrate understanding of Logical Systems (LSYS).
  • Implement address books with dynamic addressing.  
  • Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
  • Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
  • Describe Junos routing instance types used for virtualization.
  • Implement virtual routing instances.  
  • Describe and configure route sharing between routing instances using logical tunnel interfaces.
  • Describe and implement static, source, destination, and dual NAT in complex LAN environments.
  • Describe and implement variations of persistent NAT.
  • Describe and implement Carrier Grade NAT (CGN) solutions for IPv6 NAT, such as NAT64, NAT46, and DS-Lite.
  • Describe the interaction between NAT and security policy.
  • Demonstrate understanding of DNS doctoring.
  • Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs.
  • Implement IPsec tunnels using virtual routers.
  • Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
  • Monitor the operations of the various IPsec VPN implementations.
  • Describe public key cryptography for certificates.  
  • Utilize Junos tools for troubleshooting Junos security implementations.
  • Perform successful troubleshooting of some common Junos security issues.


JUNOS INTRUSION PREVENTION SYSTEMS (JIPS) OBJECTIVES:
After successfully completing this course, you should be able to:
  • Explain the terms and concepts related to intrusion prevention.
  • Describe general types of intrusions and network penetration steps.
  • Explain how scanning can be used to gather information about target networks.
  • Define and describe the terminology that comprises Juniper Networks IPS functionality.
  • Describe the basic functions and features available on the SRX Series platform that provide IPS functionality.
  • Describe how to access the SRX Series Services Gateways with IPS functionality for configuration and management.
  • Describe the steps that the IPS engine takes when inspecting packets.
  • Configure the SRX Series Services Gateways for IPS functionality.
  • Describe the components of IPS rules and rulebases.
  • Configure an IPS exempt rule.
  • Explain the types of signature-based attacks.
  • Configure a custom signature attack object.
  • Describe the uses of custom signatures and how to configure them.
  • Describe commonly used evasion techniques and how to block them.
  • Explain the mechanisms available on the SRX Series Services Gateway to detect and block DoS and DDoS attacks.
  • Configure screens to block IP spoofing and SYN flooding.
  • Describe additional security flow protection mechanisms.
  • Demonstrate how the SRX Series device performs TCP SYN checking.
  • Explain the STRM capabilities for capturing, logging, and reporting network traffic.
  • Describe the logging and reporting capabilities available for SRX IP functionality within STRM.

Course Outline

ADVANCED JUNOS SECURITY (AJSEC) COURSE OUTLINE

  • Module 1: Course Introduction
  • Module 2: AppSecure
  • Module 3: Junos Layer 2 Packet Handling and Security Features
  • Module 4: Virtualization
  • Module 5: Advanced NAT Concepts
  • Module 6: IPsec Implementations
  • Module 7: Enterprise IPsec Technologies: Group and Dynamic VPNs
  • Module 8: IPsec VPN Case Studies and Solutions
  • Module 9: Troubleshooting Junos Security
  • Appendix A: SRX Series Hardware and Interfaces


JUNOS INTRUSION PREVENTION SYSTEMS (JIPS) COURSE OUTLINE: 
  • Module 1: Course Introduction
  • Module 2: Introduction to Intrusion Prevention Systems
  • Module 3: IPS Policy and Initial Configuration
  • Module 4: IPS Rulebase Operations
  • Module 5: Custom Attack Objects
  • Module 6: Additional Attack Protection Mechanisms
  • Module 7: IPS Logging and Reporting

SLI Main Menu