Advanced Junos Security (AJSEC)

Overview:
This five-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security. Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the advanced Junos OS security features with advanced coverage of virtualization, AppSecure, advanced Network Address Translation (NAT) deployments, Layer 2 security, and Sky ATP. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component.
 
Target audience:
This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.
 
Prerequisites:
AJSEC is an advanced-level course. Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS) and Junos Security (JSEC) courses prior to attending this class.
 
Objectives:
After successfully completing this course, you should be able to:
  • Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
  • Describe the various forms of security supported by the Junos OS.
  • Implement features of the AppSecure suite, including AppID, AppFW, AppTrack, AppQoS, and SSL
  • Proxy.
  • Configure custom application signatures.
  • Describe Junos security handling at Layer 2 versus Layer 3.
  • Implement next generation Layer 2 security features.
  • Demonstrate understanding of Logical Systems (LSYS).
  • Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
  • Describe Junos routing instance types used for virtualization.
  • Implement virtual routing instances in a security setting.
  • Describe and configure route sharing between routing instances using logical tunnel interfaces.
  • Utilize Junos tools for troubleshooting Junos security implementations.
  • Perform successful troubleshooting of some common Junos security issues.
  • Describe and discuss Sky ATP and its function in the network.
  • Describe and configure UTM functions.
  • Discuss IPS and its function in the network.
  • Implement IPS policy.
  • Describe and implement SDSN in a network.
  • Describe and implement user role firewall in a network.
  • Demonstrate the understanding of integrated user firewall.

Course contents:
Chapter 1: Course Introduction
 
Chapter 2: Junos Layer 2 Packet Handling and Security Features
  • Transparent Mode Security
  • Secure Wire
  • Layer 2 Next Generation Ethernet Switching
  • MACsec
  • Lab 2: Implementing Layer 2 Security 
     
Chapter 3: Virtualization
  • Virtualization Overview
  • Routing Instances
  • Logical Systems
  • Lab 3: Implementing Junos Virtual Routing 
     
Chapter 4: AppSecure Theory
  • AppSecure Overview
  • AppID Overview
  • AppID Techniques
  • Application System Cache
  • Custom Application Signatures 
     
Chapter 5: AppSecure Implementation
  • AppTrack
  • AppFW
  • AppQoS
  • APBR
  • SSL Proxy
  • Lab 4: Implementing AppSecure 
     
Chapter 6: Working with Log Director
  • Log Director Overview
  • Log Director Components
  • Installing and setting up Log Director
  • Clustering with the Log Concentrator VM
  • Administrating Log Director
  • Lab 5: Deploying Log Director 
     
Chapter 7: Sky ATP Theory
  • Sky ATP Overview
  • Monitoring Sky ATP
  • Analysis and Detection of Malware 
     
Chapter 8: Sky ATP Implementation
  • Configuring Sky ATP
  • Installing Sky ATP
  • Analysis and detection of Malware
  • Infected Host Case Study
  • Lab 6: Instructor Led Sky ATP Demo 
     
Chapter 9: Implementing UTM
  • UTM Overview
  • AntiSpam
  • AntiVirus
  • Content and Web Filtering
  • Lab 7: Implementing UTM 
     
Chapter 10: Introduction to IPS
  • IPS Overview
  • Network Asset Protection
  • Intrusion Attack Methods
  • Intrusion Prevention Systems
  • IPS Inspection Walkthrough 
     
Chapter 11: IPS Policy and Configuration
  • SRX IPS Requirements
  • IPS Operation Modes
  • Basic IPS Policy Review
  • IPS Rulebase Operations
  • Lab 8: Implementing Basic IPS Policy 
     
Chapter 12: SDSN
  • SDSN Overview
  • SDSN Components
  • SDSN Configuration
  • Policy Enforcer Troubleshooting
  • SDSN Use Cases
  • Lab 9: Implementing SDSN 
     
Chapter 13: Enforcement, Monitoring, and Reporting
  • User Role Firewall and Integrated User Firewall Overview
  • User Role Firewall Implementation
  • Monitoring User Role Firewall
  • Integrated User Firewall Implementation
  • Monitoring Integrated User Firewall
  • Lab 10: Configure User Role Firewall and Integrated User Firewall 
     
Chapter 14: Troubleshooting Junos Security
  • Troubleshooting Methodology
  • Troubleshooting Tools
  • Identifying IPsec Issues
  • Lab 11: Performing Security Troubleshooting Techniques 
     
Appendix A: SRX Series Hardware and Interfaces
  • Branch SRX Platform Overview
  • High End SRX Platform Overview
  • SRX Traffic Flow and Distribution
  • SRX Interfaces
     
Certification:
AJSEC + exam = JNCIP-SEC (Juniper Networks Certified Internet Security Professional Junos Security)

Duration:
5 days