In this hands-on course, you will prepare for your JNCIP-SEC certification by experiencing both the JIPS and AJSEC courses. You will learn the concepts, ideas, and terminology relating to providing intrusion prevention using the SRX Series platform. Hands-on labs provide you with the opportunity to configure various IPS features and to test and analyze those functions. And through the AJSEC portion you will go deeper into Junos security with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security with Juniper Networks SRX Series Services Gateways. Through demonstrations and hands-on labs, you will gain experience configuring and monitoring advanced security features of the Junos operating system. The hands-on labs will also provide you with an introduction to the Intrusion Prevention System (JIPS) feature set available on the Juniper Networks SRX Series Services Gateway.

Introduction to the Junos Operating System (IJOS)

Junos Routing Essentials (JRE)

Network technicians and engineers responsible for configuring and monitoring the IPS aspects of SRX Series devices, and implementing, monitoring, and troubleshooting Junos security components

WHAT YOU'LL LEARN

Types of intrusions and network penetration steps

How to access the SRX Series Services Gateways with IPS functionality for configuration and management

How to configure the SRX Series Services Gateways for IPS functionality

Steps that the IPS engine takes when inspecting packets

Components of IPS rules and rulebases

Types of signature-based attacks

Uses of custom signatures and how to configure them

How scanning can be used to gather information about target networks

Configure screens to block various scan types

Commonly used evasion techniques and how to block them

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

Mechanisms available on the SRX Series device to detect and block DoS and DDoS attacks

Configure screens to block DoS and DDoS attacks

Reporting capabilities available for IPS functionality

Terms and concepts related to intrusion prevention

Functions and features available on the SRX Series platform that provide IPS functionality

Configure fundamental IPS features and functions on an SRX240 device

Security supported by the Junos OS

Junos security handling at Layer 2 vs. Layer 3

Placement and traffic distribution of the various components of SRX devices

Configure, utilize, and monitor the various interface types available to the SRXSeries product line

Junos OS processing of Application Layer Gateways (ALGs)

Alter the Junos default behavior of ALG and application processing

Implement address books with dynamic addressing

Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios

Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems

Junos routing instance types used for virtualization

Implement virtual routing instances

Configure route sharing between routing instances using logical tunnel interfaces

Implement selective packet-based forwarding

Implement filter-based forwarding

Implement static, source, destination, and dual NAT in complex LAN environments

Implement variations of cone or persistent NAT

Interaction between NAT and security policy

Implement optimized chassis clustering IP version 6 (IPv6) support for chassis clusters

Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs

Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls

Monitor the operations of the various IPsec VPN implementations

Public key cryptography for certificates

Junos tools for troubleshooting Junos security implementations

Perform successful troubleshooting of some common Junos security issues