咨询热线:    40000-53353(全国)    0571-28976118(浙江)    
 

瞻博网络认证的互联网高级专员(JNCIP-SEC) 预约试听

 

课程长度:5天/30小时
课程描述:

瞻博网络认证的互联网高级专员(JNCIP-SEC)认证面向有经验的网络专业人士,他们具有瞻博网络SRX系列设备Junos软件的高级知识,该书面考试主要考查考生对高级安全技术的了解情况,以及是否具备相关的平台配置和故障排查技能。JNCIP-SEC认证的有效期为两年。只要通过当前版本的JNCIP-SEC考试或通过JNCIE-SEC考试就能获得重新认证。


Advanced Junos Security (AJSEC)

高级Junos安全性

课程长度:3天/18小时

课程描述:

This three-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security. Through demonstrations and hands-on labs, students gain experience in configuring and monitoring the advanced Junos operating system security features with advanced coverage of IPsec deployments, virtualization, AppSecure, advanced Network Address Translation (NAT) deployments, and Layer 2 security. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component, but the lab environment does not preclude the course from being applicable to other Juniper hardware platforms running the Junos OS. This course is based on Junos OS Release 12.1R1.9.


课程目标:

After successfully completing this course, you should be able to:
Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
Describe the various forms of security supported by the Junos OS.
Implement features of the AppSecure suite, including AppID, AppFW, and AppTrack.
Configure custom application signatures.
Describe Junos security handling at Layer 2 versus Layer 3.
Implement Layer 2 transparent mode security features.
Demonstrate understanding of Logical Systems (LSYS).
Implement address books with dynamic addressing.  
Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.
Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
Describe Junos routing instance types used for virtualization.
Implement virtual routing instances.  
Describe and configure route sharing between routing instances using logical tunnel interfaces.
Describe and implement static, source, destination, and dual NAT in complex LAN environments.
Describe and implement variations of persistent NAT.
Describe and implement Carrier Grade NAT (CGN) solutions for IPv6 NAT, such as NAT64, NAT46, and DS-Lite.
Describe the interaction between NAT and security policy.
Demonstrate understanding of DNS doctoring.
Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs.
Implement IPsec tunnels using virtual routers.
Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.
Monitor the operations of the various IPsec VPN implementations.
Describe public key cryptography for certificates.  
Utilize Junos tools for troubleshooting Junos security implementations.
Perform successful troubleshooting of some common Junos security issues


培训对象:

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.


学员基础:

Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos Security (JSEC) courses prior to attending this class.


培训内容:
Day 1
Chapter 1: Course Introduction
Chapter 2: AppSecure
AppSecure Overview
AppID
AppTrack
AppFW
AppDoS
AppQoS
Lab 1: Implementing AppSecure
Chapter 3: Junos Layer 2 Packet Handling and Security Features
Transparent Mode Security
Layer 2 Ethernet Switching
Lab 2: Implementing Layer 2 Security
Chapter 4: Virtualization
Virtualization Overview
Routing Instances
Logical Systems
Lab 3: Implementing Junos Virtual Routing


Day 2
Chapter 5: Advanced NAT Concepts
Operational Review
NAT: Beyond Layer 3 and Layer 4 Headers
DNS Doctoring
IPv6 NAT
Advanced NAT Scenarios
Lab 4: Advanced NAT Implementations
Chapter 6: IPsec Implementations
Standard VPN Implementations Review
Public Key Infrastructure
Hub-and-Spoke VPNs
Lab 5: Hub-and-Spoke IPsec VPNs


Day 3
Chapter 7: Enterprise IPsec Technologies: Group and Dynamic VPNs
Group VPN Overview
GDOI Protocol
Group VPN Configuration and Monitoring
Dynamic VPN Overview
Dynamic VPN Implementation
Lab 6: Configuring Group VPNs
Chapter 8: IPsec VPN Case Studies and Solutions
Routing over VPNs
IPsec with Overlapping Addresses
Dynamic Gateway IP Addresses
Enterprise VPN Deployment Tips and Tricks
Lab 7: Implementing Advanced IPsec VPN Solutions
Chapter 9: Troubleshooting Junos Security
Troubleshooting Methodology
Troubleshooting Tools
Identifying IPsec Issues
Lab 8: Performing Security Troubleshooting Techniques
Appendix A: SRX Series Hardware and Interfaces
Branch SRX Platform Overview
High End SRX Platform Overview
SRX Traffic Flow and Distribution
SRX Interfaces

Junos Intrusion Prevention System Functionality (JIPS)

Junos入侵防御系统功能 (JIPS)

课程长度:2天/12小时

课程描述:

This two-day course is designed to provide an introduction to the Intrusion Prevention System (IPS) feature set available on the Juniper Networks SRX Series Services Gateway. The course covers concepts, ideas, and terminology relating to providing intrusion prevention using the SRX Series platform. Hands-on labs offer students the opportunity to configure various IPS features and to test and analyze those functions. This course is based on the Junos operating system Release 10.4R1.


培训目标:

After successfully completing this course, you should be able to:
Describe general types of intrusions and network penetration steps.
Describe how to access the SRX Series Services Gateways with IPS functionality for configuration and management.
Configure the SRX Series Services Gateways for IPS functionality.
Define and describe terminology which comprises Juniper Networks IPS functionality.
Describe the steps that the IPS engine takes when inspecting packets.
Describe the components of IPS rules and rulebases.
Explain the types of signature-based attacks.
Describe the uses of custom signatures and how to configure them.
Explain how scanning can be used to gather information about target networks.
Configure screens to block various scan types.
Describe commonly used evasion techniques and how to block them.
Describe denial of service (DoS) and distributed denial of service (DDoS) attacks.
Explain the mechanisms available on the SRX Series device to detect and block DoS and DDoS attacks.
Configure screens to block DoS and DDoS attacks.
Describe the reporting capabilities available for IPS functionality.
Explain the terms and concepts related to intrusion prevention.
Describe the basic functions and features available on the SRX Series platform that provide IPS functionality.
Configure fundamental IPS features and functions on an SRX240 device


培训对象:

This course benefits individuals responsible for configuring and monitoring the IPS aspects of SRX Series devices.

 

学员基础:

Students should have basic networking knowledge, an understanding of the Open Systems Interconnection (OSI) reference model for layered communications and computer network protocol design, and an understanding of the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, the Junos Routing Essentials (JRE) course, and the Junos Security (JSEC) course, or they should have equivalent experience prior to attending this class.


培训内容:
Day 1
Chapter 1: Course Introduction
Chapter 2: Overview of IPS Functionality
Reasons for Network Attacks
Categories of Attacks
Anatomy of an Attack
IPS Mechanisms on SRX Series Devices
Lab 1: Initial Configuration
Chapter 3: Initial Device Configuration
Deployment Options for IPS Functionality
Management Options
Network Settings
Preparing the SRX Series Device for IPS Features
Lab 2: Initial IDP Setup
Chapter 4: IPS Terminology and Concepts
Terminology Overview
Attack Objects
IPS Rulebase Details
Rule Match Conditions
Rule Actions
Terminal Rules
IP Actions
Notification
Terminology Review
IPS Traffic Flow
Lab 3: Examining and Modifying the Recommended Policy
Lab 4: Exempt Rulebase
Lab 5: Rule Actions


Day 2
Chapter 5: IPS Attack Objects
IPS Rules and Rulebases
Attack Objects
Custom Signatures
Lab 6: Custom Signatures
Chapter 6: Scanning and Reconnaissance
Overview of Scanning
Types of Scans
Fingerprinting
IPS Scan Prevention
Chapter 7: Blocking Evasion Techniques and Denial of Service
FIN Scans
IP Spoofing
IP Source Routing Options
DoS and DDoS Attacks
Mechanisms for Blocking DoS and DDoS
Lab 7: Detecting Evasion Attempts
Lab 8: Denial of Service
Chapter 8: Reporting
NSM Reports
Junos Syslog and Operational Commands