Course Overview
This five-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeperinto Junos security. Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the advanced Junos OS security features with advanced coverage of virtualization, AppSecure, advanced Network Address Translation (NAT) deployments, Layer 2 security, and Sky ATP. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component.
Target Audience
This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.
Course Objectives
After completing this course, students will be able to:
- Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
- Describe the various forms of security supported by the Junos OS.
- Implement features of the AppSecure suite, including AppID, AppFW, AppTrack, AppQoS, and SSL Proxy.
- Configure custom application signatures.
- Describe Junos security handling at Layer 2 versus Layer 3.
- Implement next generation Layer 2 security features.
- Demonstrate understanding of Logical Systems (LSYS).
- Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
- Describe Junos routing instance types used for virtualization.
- Implement virtual routing instances in a security setting.
- Describe and configure route sharing between routing instances using logical tunnel interfaces.
- Utilize Junos tools for troubleshooting Junos security implementations.
- Perform successful troubleshooting of some common Junos security issues.
- Describe and discuss Sky ATP and its function in the network.
- Describe and configure UTM functions.
- Discuss IPS and its function in the network.
- Implement IPS policy.
- Describe and implement SDSN in a network.
- Describe and implement user role firewall in a network.
- Demonstrate the understanding of integrated user firewall.
Course Outline
Day 1
Chapter 1: Course Introduction
Chapter 2: Junos Layer 2 Packet Handling and Security Features
- Transparent Mode Security Operations
- Secure Wire
- Layer 2 Next Generation Ethernet Switching
- MACsec
- Lab 1: Implementing Layer 2 Security
Chapter 3: Virtualization
- Virtualization Overview
- Routing Instances
- Logical Systems
- Filter-based Forwarding
- Think About it
- Lab 2: Implementing Junos Virtual Routing
Chapter 4: AppSecure Theory
- AppSecure Overview
- AppID Overview
- AppID Techniques
- Next-Generation Application Identification
- Installing the Application Signature Database
- Custom Application Signatures
- Application System Cache
Day 2
Chapter 5: AppSecure Implementation
- AppSecure Modules Review
- AppTrack
- AppFW
- AppFW and Security Director
- AppQoS
- APBR
- Lab 3: Implementing AppSecure
Chapter 6: SkyATP Concepts and Setup
- SkyATP Overview
- SkyATP Features
- SkyATP Setup
- SkyATP Enrollment Troubleshooting
Day 3
Chapter 7: SkyATP Implementation
- Configuring the SkyATP using the Web UI
- Configuring SkyATP with Security Director
- Monitoring Infected Hosts
- Infected Host Case Study
- //Lab 4: Implementing SkyATP with Security Director
Chapter 8: SDSN with Policy Enforcer
- Policy Enforcer Overview
- Configuring Policy Enforcer and SDSN
- Configuring Threat Prevention Policies
- Infected Host Case Study
- Lab 5: Implementing SDSN with Policy Enforcer
Chapter 9: Implementing UTM
- UTM Overview
- Anti-Spam
- Anti-Virus
- Content Filtering
- Web Filtering
- Lab 6: Implementing UTM
Day 4
Chapter 10: Introduction to Intrusion Detection and Prevention
- Introduction to Junos IPS
- IPS Policy Components and Configuration
- Signature Database
- Case Study: Applying the Recommended IPS Policy
- Monitoring IPS Operation
Chapter 11: IPS Policy and Configuration
- Rulebase Operations
- IPS Rules
- Terminal Rules
- IP Actions--Security Director
- Lab 7: Configuring IPS Rulebases
Day 5
Chapter 12: SSL Proxy
- SSL Proxy Overview
- Client-Protection SSL Proxy
- Server-Protection SSL Proxy
- SSL Proxy Case Study
Chapter 13: User Authentication
- Firewall User Authentication Review
- User Firewall Review
- Configuring Integrated User Firewall
- Monitoring Integrated Firewall
- Integrated User Firewall Case Study
- Lab 8: Implementing Integrated User Firewall
Chapter 14: Monitoring and Reporting
- Log Director Overview, Installation, and Administration
- Log Events
- Case Study: Using Event Logs
- Alerts and Reports
- Lab 9: Implementing Log Director
Appendix A: SRX Series Hardware and Interfaces
- Branch SRX Platform Overview
- Mid-Range SRX Platform Overview
- High End SRX Platform Overview
- SRX Traffic Flow and Distribution
- SRX Interfaces
- Appendix B: Virtual SRX
- Virtualization Overview
- Network Virtualization and SDN
- Software-Defined Networking (SDN) Overview
- Overview of the Virtual SRX
- Virtual SRX Chassis Clustering
- Deployment Scenarios
- Enterprise Private Cloud Use Case
- Integration with Amazon Web Services (AWS)
Pre-requisites: Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS) and Junos Security (JSEC) courses prior to attending this class.
Is a certificate of completion available to students after completing their class?
Yes.
This course is available for "remote" learning and will be available to anyone with access to an internet device with a microphone (this includes most models of computers, tablets). Classes will take place with a "Live" instructor at the date/times listed below.
Upon registration, the instructor will send along additional information about how to log-on and participate in the class.