瞻博互联网高级专员(JNCIP-SEC)
瞻博互联网高级专员(JNCIP-SEC)
  • 观看数
    865次
  • 课时
    0课时
  • 难度
    初级
瞻博互联网高级专员(JNCIP-SEC)
价格: 5000.00元
购买课程 咨询客服
讲师:博学高级讲师  | 开课时间:03月04日 09:00
课程评价: (0人)
收藏 扫一扫 扫码用手机学习
课程介绍

JUNIPER网络公司路由器操作和故障排除(OTJNR)是一门由教师指导的中级课程,主要介绍JUNIPER网络公司M-系列和T-系列平台的操作和故障排除。该课程向学员讲授故障分析步骤和故障排除技巧以帮助他们迅速确定并排除故障。讲授的这些技能和JUNIPER网络公司技术援助中心(JTAC)工程师在日常工作中使用的技能非常相似。请注意,这一课程的重点不是配置或路由协议的运行/理论。

该课程分配大量时间来进行各种故障排除亲手实验操作。这些实验操作的重点是M-系列和T-系列硬件、JUNOS软件、接口和传输线路、路由协议及转发平面的故障隔离和纠正措施。该课程还介绍有助于完成故障隔离的JTAC流程和建议的最佳实践方法。

 

培训课程

高级Junos安全性(AJSEC)           3天

Junos入侵防御系统功能(JIPS)      2天 

 

◎ Advanced Junos Security (AJSEC) 高级Junos安全性

This three-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security. Through demonstrations and hands-on labs, students gain experience in configuring and monitoring the advanced Junos operating system security features with advanced coverage of IPsec deployments, virtualization, AppSecure, advanced Network Address Translation (NAT) deployments, and Layer 2 security. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component, but the lab environment does not preclude the course frombeing applicable to other Juniper hardware platforms running the Junos OS. This course is based on Junos OS Release 12.1R1.9.

 

课程目标

After successfully completing this course, you should be able to:

°§Demonstrate understanding of concepts covered in the prerequisite Junos Security course.

°§Describe the various forms of security supported by the Junos OS.

°§Implement features of the AppSecure suite, including AppID, AppFW, and AppTrack.

°§Configure customapplication signatures.

°§Describe Junos security handling at Layer 2 versus Layer 3.

°§Implement Layer 2 transparent mode security features.

°§Demonstrate understanding of Logical Systems (LSYS).

°§Implement address books with dynamic addressing.

°§ Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios.

°§Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.

°§Describe Junos routing instance types used for virtualization.

°§Implement virtual routing instances.

°§Describe and configure route sharing between routing instances using logical tunnel interfaces.

°§Describe and implement static, source, destination, and dual NAT in complex LAN environments.

°§Describe and implement variations of persistent NAT.

°§Describe and implement Carrier Grade NAT (CGN) solutions for IPv6 NAT, such as NAT64, NAT46, and DS-Lite.

°§Describe the interaction between NAT and security policy.

°§Demonstrate understanding of DNS doctoring.

°§Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs.

°§Implement IPsec tunnels using virtual routers.

°§ Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls.

°§Monitor the operations of the various IPsec VPN implementations.

°§Describe public key cryptography for certificates.

°§Utilize Junos tools for troubleshooting Junos security implementations.

°§Perform successful troubleshooting of some common Junos security issues

 

培训对象

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.

 

学员基础

Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos Security (JSEC) courses prior to attending this class.

 

课程内容

Day 1

Chapter 1: Course Introduction

Chapter 2: AppSecure

°§AppSecure Overview

°§AppID

°§AppTrack

°§AppFW

°§AppDoS

°§AppQoS

°§Lab 1: Implementing AppSecure

Chapter 3: Junos Layer 2 Packet Handling and Security Features

°§Transparent Mode Security

°§Layer 2 Ethernet Switching

°§Lab 2: Implementing Layer 2 Security

Chapter 4: Virtualization

°§Virtualization Overview

°§Routing Instances

°§Logical Systems

°§Lab 3: Implementing Junos Virtual Routing

Day 2

Chapter 5: Advanced NAT Concepts

°§Operational Review

°§NAT: Beyond Layer 3 and Layer 4 Headers

°§DNS Doctoring

°§IPv6 NAT

°§Advanced NAT Scenarios

°§Lab 4: Advanced NAT Implementations

Chapter 6: IPsec Implementations

°§Standard VPN Implementations Review

°§Public Key Infrastructure

°§Hub-and-Spoke VPNs

°§Lab 5: Hub-and-Spoke IPsec VPNs

Day 3

Chapter 7: Enterprise IPsec Technologies: Group and Dynamic VPNs

°§Group VPN Overview

°§GDOI Protocol

°§Group VPN Configuration and Monitoring

°§Dynamic VPN Overview

°§Dynamic VPN Implementation

°§Lab 6: Configuring Group VPNs

Chapter 8: IPsec VPN Case Studies and Solutions

°§Routing over VPNs

°§IPsec with Overlapping Addresses

°§Dynamic Gateway IP Addresses

°§Enterprise VPN Deployment Tips and Tricks

°§Lab 7: Implementing Advanced IPsec VPN Solutions

Chapter 9: Troubleshooting Junos Security

°§Troubleshooting Methodology

°§Troubleshooting Tools

°§Identifying IPsec Issues

°§Lab 8: Performing SecurityTroubleshooting Techniques

Appendix A: SRX Series Hardware and Interfaces

°§Branch SRX PlatformOverview

°§High End SRX PlatformOverview

°§SRX Traffic Flow and Distribution

°§SRX 

 

 

◎ Junos Intrusion Prevention SystemFunctionality (JIPS) Junos入侵防御系统功能(JIPS)

This two-day course is designed to provide an introduction to the Intrusion Prevention System (IPS) feature set available on the Juniper Networks SRX Series Services Gateway. The course covers concepts, ideas, and terminology relating to providing intrusion prevention using the SRX Series platform. Hands-on labs offer students the opportunity to configure various IPS features and to test and analyze those functions. This course is based on the Junos operating systemRelease 10.4R1.

 

课程目标

After successfully completing this course, you should be able to:

°§Describe general types of intrusions and network penetration steps.

°§Describe how to access the SRX Series Services Gateways with IPS functionality for configuration and management.

°§Configure the SRX Series Services Gateways for IPS functionality.

°§Define and describe terminology which comprises Juniper Networks IPS functionality.

°§Describe the steps that the IPS engine takes when inspecting packets.

°§Describe the components of IPS rules and rulebases.

°§Explain the types of signature-based attacks.

°§Describe the uses of customsignatures and how to configure them.

°§Explain how scanning can be used to gather information about target networks.

°§Configure screens to block various scan types.

°§Describe commonly used evasion techniques and how to block them.

°§ Describe denial of service (DoS) and distributed denial of service (DDoS) attacks.

°§Explain the mechanisms available on the SRX Series device to detect and block DoS and DDoS attacks.

°§Configure screens to block DoS and DDoS attacks.

°§Describe the reporting capabilities available for IPS functionality.

°§Explain the terms and concepts related to intrusion prevention.

°§Describe the basic functions and features available on the SRX Series platformthat provide IPS functionality.

°§Configure fundamental IPS features and functions on an SRX240 device

 

培训对象

This course benefits individuals responsible for configuring and monitoring the IPS aspects of SRX Series devices.

 

学员基础

Students should have basic networking knowledge, an understanding of the Open Systems Interconnection (OSI) reference model for layered communications and computer network protocol design, and an understanding of the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS) course, the Junos Routing Essentials (JRE) course, and the Junos Security (JSEC) course, or they should have equivalent experience prior to attending this class.

 

培训内容

Day 1

Chapter 1: Course Introduction

Chapter 2: Overview of IPS Functionality

°§Reasons for Network Attacks

°§Categories of Attacks

°§Anatomy of an Attack

°§IPS Mechanisms on SRX Series Devices

°§Lab 1: Initial Configuration

Chapter 3: Initial Device Configuration

°§Deployment Options for IPS Functionality

°§Management Options

°§Network Settings

°§Preparing the SRX Series Device for IPS Features

°§Lab 2: Initial IDP Setup

Chapter 4: IPS Terminology and Concepts

°§Terminology Overview

°§Attack Objects

°§IPS Rulebase Details

°§Rule Match Conditions

°§Rule Actions

°§Terminal Rules

°§IP Actions

°§Notification

°§Terminology Review

°§IPS Traffic Flow

°§Lab 3: Examining and Modifying the Recommended Policy

°§Lab 4: Exempt Rulebase

°§Lab 5: Rule Actions

Day 2

Chapter 5: IPS Attack Objects

°§IPS Rules and Rulebases

°§Attack Objects

°§CustomSignatures

°§Lab 6: Custom Signatures

Chapter 6: Scanning and Reconnaissance

°§Overview of Scanning

°§Types of Scans

°§Fingerprinting

°§IPS Scan Prevention

Chapter 7: Blocking Evasion Techniques and Denial of Service

°§FIN Scans

°§IP Spoofing

°§IP Source Routing Options

°§DoS and DDoS Attacks

°§Mechanisms for Blocking DoS and DDoS

°§Lab 7: Detecting Evasion Attempts

°§Lab 8: Denial of Service

Chapter 8: Reporting

°§NSMReports

°§Junos Syslog and Operational Commands

 

 

 

授课教师

微软Technet讲师,微软MVP,有丰富的虚拟化项目实战经验。

博学教育致力于国内IT领域o2o教育,有丰富的教学和实战经验

最新学员

暂无学员

学员动态

还没有动态