Ny Beskrivning
This two-day course is designed to provide an introduction to the Intrusion Prevention System (IPS) feature set available on the Juniper Networks SRX Series Services Gateway. The course covers concepts, ideas, and terminology related to providing intrusion prevention using the SRX Series platform. Hands-on labs offer students the opportunity to configure various IPS features and to test and analyze those functions.
Målgrupp
This course benefits individuals responsible for configuring and monitoring the IPS aspects of SRX Series devices.
Förkunskaper
Students should have basic networking knowledge, an understanding of the Open Systems Interconnection (OSI) reference model for layered communications and computer network protocol design, and an understanding of the TCP/IP protocol suite. Students should also attend the Introduction to JUNOS Software (IJS) course and the JUNOS for Security Platforms (JSEC) course, or they should have equivalent experience prior to attending this class.
Övrigt
This course is available as scheduled training and the presentation is given in Swedish. The course is mixing theory and practical exercises. We can also give this course as on-site training. If you are interested in customized education, don’t hesitate to contact us for further information.
Agenda
Course Introduction Overview of IPS Functionality
- Reasons for Network Attacks
- Categories of Attacks
- Anatomy of an Attack
- IPS Mechanisms on SRX Series Devices
- Lab 1: Initial Configuration
Initial Device Configuration
- Deployment Options for IPS Functionality
- Management Options
- Network Settings
- Preparing the SRX Series Device for IPS Features
- Lab 2: Creating a Basic Policy
IPS Terminology and Concepts
- Terminology Overview
- Attack Objects
- IPS Rulebase Details
- Rule Match Conditions
- Rule Actions
- IP Actions
- Notification
- Terminology Review
- IPS Traffic Flow
- Lab 3: Examining and Modifying the Recommended Policy
- Lab 4: Exempt Rulebase
- Lab 5: Rule Actions
IPS Attack Objects
- IPS Rules and Rulebases
- Attack Objects
- Custom Signatures
- Lab 6: Custom Signatures
Scanning and Reconnaissance
- Overview of Scanning
- Types of Scans
- Fingerprinting
- IPS Scan Prevention
Blocking Evasion Techniques and Denial of Service
- FIN Scans
- IP Spoofing
- IP Source Routing Options
- DoS and DDoS Attacks
- Mechanisms for Blocking DoS and DDoS
Reporting
- NSM Reports
- Syslog Structure
- The Junos OS Commands
Utskriftsvänlig version
