Duration:
5 days
Audience:
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Juniper Security (JSEC) course prior to attending this class.
Course Description:
This five-day course, which is designed to build off the current Juniper Security (JSEC) offering, delves deeper into Junos security and next-generation security features. Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the advanced Junos OS security features with advanced coverage of virtualization, AppSecure, advanced logging and reporting, next generation Layer 2 security, user firewall, next generation advanced anti-malware with Sky ATP, next generation security intelligence with software-defined secure networks. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component. This course is based on Junos OS Release 15.1X49-D90.7 and Junos Space Security Director 16.2.
Course Level Advanced Juniper Security (AJSEC) is an advanced-level course.
What You’ll Learn
After successfully completing this course, you should be able to:
- Demonstrate understanding of concepts covered in the prerequisite Juniper Security (JSEC) course.
- Describe the various forms of security supported by the Junos OS.
- Implement features of the AppSecure suite, including AppID, AppFW, AppTrack, AppQoS, and SSL Proxy.
- Configure custom application signatures.
- Describe Junos security handling at Layer 2 versus Layer 3.
- Implement next generation Layer 2 security features.
- Demonstrate understanding of Logical Systems (LSYS).
- Describe Junos routing instance types used for virtualization.
- Implement virtual routing instances in a security setting.
- Describe and configure route sharing between routing instances using logical tunnel interfaces.
- Describe and discuss Sky ATP and its function in the network.
- Describe and configure UTM functions.
- Discuss IPS and its function in the network.
- Implement IPS policies.
- Describe and implement SDSN and Policy Enforcer in a network.
- Describe the purpose of SSL proxy.
- Implement client-protection SSL proxy.
- Implement server-protection SSL proxy.
- Describe and implement user role firewall in a network.
- Demonstrate the understanding of user firewall.
Who Needs to Attend
- Network technicians responsible for configuring and monitoring devices running the Junos OS.
- Anyone seeking JNCIS-ENT certification
Course Outline
Day 1
Chapter 1: Course Introduction
Chapter 2: Junos Layer 2 Packet Handling and Security Features
- Transparent Mode Security
- Secure Wire
- Layer 2 Next Generation Ethernet Switching
- MACsec
- Lab 1: Implementing Layer 2 Security
Chapter 3: Virtualization
- Virtualization Overview
- Routing Instances
- Logical Systems
- Lab 2: Implementing Junos Virtual Routing
Chapter 4: AppSecure Theory
- AppSecure Overview
- AppID
- AppTrack
- AppFW
- AppQoS
Day 2
Chapter 5: AppSecure Implementation
- AppTrack
- AppFW
- AppQoS
- APBR
- SSL Proxy
- Lab 3: Implementing AppSecure
Chapter 6: Sky ATP Concepts and Setup
- Sky ATP Overview
- Sky ATP Features
- Sky ATP Setup
- Sky ATP Enrollment Troubleshooting
Chapter 7: Sky ATP Implementation
- Configuring Sky ATP using the Web UI
- Configuring Sky ATP with Security Director
- Monitoring Infected Hosts
- Infected Host Case Study
- Lab 4: Implementing Sky ATP Demo
Day 3
Chapter 8: SDSN with Policy Enforcer
- Policy Enforcer Overview
- Configuring Policy Enforcer and SDSN
- Infected Host Case Study
- Lab 5: Implementing SDSN with Policy Enforcer
Chapter 9: Implementing UTM
- UTM Overview
- AntiSpam
- AntiVirus
- Content and Web Filtering
- Lab 6: Implementing UTM
Day 4
Chapter 10: Introduction to IPS
- IPS Overview
- Network Asset Protection
- Intrusion Attack Methods
- Intrusion Prevention Systems
- IPS Inspection Walkthrough
Chapter 11: IPS Policy and Configuration
- SRX IPS Requirements
- IPS Operation Modes
- Basic IPS Policy Review
- IPS Rulebase Operations
- Lab 7: Implementing Basic IPS Policy
Chapter 12: SSL Proxy
- SSL Proxy Overview
- Client-Protection SSL Proxy
- Server-Protection SSL Proxy
- SSL Proxy Case Study
Day 5
Chapter 13: User Authentication
- User Role Firewall and Integrated User Firewall Overview
- User Role Firewall Implementation
- Monitoring User Role Firewall
- Integrated User Firewall Implementation
- Monitoring Integrated User Firewall
- Lab 8: Configure User Role Firewall and Integrated User Firewall
Chapter 14: Monitoring and Reporting
- Log Director Overview
- Log Director Installation
- Working with Log Events
- Alerts and Reports
- Lab 9: Deploying Log Director
Appendix A: SRX Series Hardware and Interfaces
- Branch SRX Platform Overview
- High End SRX Platform Overview
- SRX Traffic Flow and Distribution
- SRX Interfaces
Appendix B: Virtual SRX
- Virtualization Overview
- Network Virtualization and Software-Defined Networking
- Overview of the vSRX Platform
- Deployment Scenarios for the vSRX
- Integrating vSRX with AWS