JNCIS – junisys

Mon – Sat: 9:30am – 7:00pm

Junos Security (JSEC)

Course Overview

This course covers the configuration, operation, and implementation of SRX Series Services Gateways in a typical network environment. Key topics within this course include security technologies such as security zones, security policies, intrusion detection and prevention (IDP), Network Address Translation (NAT), and high availability clusters, as well as details pertaining to basic implementation, configuration, and management. Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos OS and monitoring device operations. Thiscourse uses Juniper Networks SRX Series Services Gateways for the hands-on component, but the lab environment does not preclude the course from being applicable to other Juniper hardware platforms running the Junos OS. This course is based on Junos OS Release 12.1R1.9.

Objectives

Junos Operating System Fundamentals

After successfully completing this course, you should be able to:
- Describe traditional routing and security and the current trends in internetworking.
- Provide an overview of SRX Series devices and software architecture.
- Describe the logical packet flow and session creation performed by SRX Series devices.
- Describe, configure, and monitor zones.
- Describe, configure, and monitor security policies.
- Describe, configure, and monitor firewall user authentication.
- Describe various types of network attacks.
- Configure and monitor Screen options to prevent network attacks.
- Explain, implement, and monitor NAT, as implemented on Junos security platforms.
- Explain the purpose and mechanics of IP Security (IPsec) virtual private networks (VPNs).
- Implement and monitor policy-based and route-based IPsec VPNs.
- Utilize and update the IDP signature database.
- Configure and monitor IDP policy with policy templates.
- Describe, configure, and monitor high availability chassis clusters.

Intended Audience

This course benefits operators of SRX Series devices. These operators include network
engineers, administrators, support personnel, and reseller support personnel.

Course Level

JSEC is an intermediate-level course.

Prerequisites

Students should have basic networking knowledge and an understanding of the Open Systems
Interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also attend
the Introduction to the Junos Operating System (IJOS) course and the Junos Routing Essentials
(JRE) course, or have equivalent experience prior to attending this class.

Course Contents

Chapter 1: Course Introduction

Chapter 2: Introduction to Junos Security

Traditional Routing
Traditional Security
The Junos OS Architecture

Chapter 3: Zones

The Definition of Zones
Zone Configuration
Monitoring Security Zones
Lab 1: Configuring and Monitoring Zones

Chapter 4: Security Policies

Security Policy Overview
Junos ALGs
Policy Components
Verifying Policy Operation
Policy Scheduling and Rematching
Policy Case Study
Lab 2: Security Policies

Chapter 5: Firewall User Authentication

Firewall User Authentication Overview
Pass-Through Authentication
Web Authentication
Client Groups
Using External Authentication Servers
Verifying Firewall User Authentication
Lab 3: Configuring Firewall Authentication

Chapter 6: Screen Options

Multilayer Network Protection
Stages and Types of Attacks
Using Junos Screen Options—Reconnaissance Attack Handling
Using Junos Screen Options—Denial of Service Attack Handling
Using Junos Screen Options—Suspicious Packets Attack Handling
Applying and Monitoring Screen Options
Lab 4: Implementing Screen Options

Chapter 7: Network Address Translation

NAT Overview
Source NAT Operation and Configuration
Destination NAT Operation and Configuration
Static NAT Operation and Configuration
Proxy ARP
Monitoring and Verifying NAT Operation
Lab 5: Network Address Translation