JNCIP-SEC Security Certification Prep Boot Camp

JNCIP-SEC Security Certification Prep Boot Camp Course Description

Duration: 5.00 days (40 hours)

In this hands-on course, you will prepare for your JNCIP-SEC certification by experiencing both the JIPS and AJSEC courses. You will learn the concepts, ideas, and terminology relating to providing intrusion prevention using the SRX Series platform. Hands-on labs provide you with the opportunity to configure various IPS features and to test and analyze those functions. And through the AJSEC portion you will go deeper into Junos security with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security with Juniper Networks SRX Series Services Gateways. Through demonstrations and hands-on labs, you will gain experience configuring and monitoring advanced security features of the Junos operating system. The hands-on labs will also provide you with an introduction to the Intrusion Prevention System (JIPS) feature set available on the Juniper Networks SRX Series Services Gateway.

Next Class Dates

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this JNCIP-SEC Security Certification Prep Boot Camp Course

  • » Network technicians and engineers responsible for configuring and monitoring the IPS aspects of SRX Series devices, and implementing, monitoring, and troubleshooting Junos security components

Back to Top

JNCIP-SEC Security Certification Prep Boot Camp Course Objectives

  • » Types of intrusions and network penetration steps
  • » How to access the SRX Series Services Gateways with IPS functionality for configuration and management
  • » How to configure the SRX Series Services Gateways for IPS functionality
  • » Steps that the IPS engine takes when inspecting packets
  • » Components of IPS rules and rulebases
  • » Types of signature-based attacks
  • » Uses of custom signatures and how to configure them
  • » How scanning can be used to gather information about target networks
  • » Configure screens to block various scan types
  • » Commonly used evasion techniques and how to block them
  • » Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • » Mechanisms available on the SRX Series device to detect and block DoS and DDoS attacks
  • » Configure screens to block DoS and DDoS attacks
  • » Reporting capabilities available for IPS functionality
  • » Terms and concepts related to intrusion prevention
  • » Functions and features available on the SRX Series platform that provide IPS functionality
  • » Configure fundamental IPS features and functions on an SRX240 device
  • » Security supported by the Junos OS
  • » Junos security handling at Layer 2 vs. Layer 3
  • » Placement and traffic distribution of the various components of SRX devices
  • » Configure, utilize, and monitor the various interface types available to the SRXSeries product line
  • » Junos OS processing of Application Layer Gateways (ALGs)
  • » Alter the Junos default behavior of ALG and application processing
  • » Implement address books with dynamic addressing
  • » Compose security policies utilizing ALGs, custom applications, and dynamic addressing for various scenarios
  • » Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems
  • » Junos routing instance types used for virtualization
  • » Implement virtual routing instances
  • » Configure route sharing between routing instances using logical tunnel interfaces
  • » Implement selective packet-based forwarding
  • » Implement filter-based forwarding
  • » Implement static, source, destination, and dual NAT in complex LAN environments
  • » Implement variations of cone or persistent NAT
  • » Interaction between NAT and security policy
  • » Implement optimized chassis clustering
  • » IP version 6 (IPv6) support for chassis clusters
  • » Differentiate and configure standard point-to-point IP Security (IPsec) virtual private network (VPN) tunnels, hub-and-spoke VPNs, dynamic VPNs, and group VPNs
  • » Implement OSPF over IPsec tunnels and utilize generic routing encapsulation (GRE) to interconnect to legacy firewalls
  • » Monitor the operations of the various IPsec VPN implementations
  • » Public key cryptography for certificates
  • » Junos tools for troubleshooting Junos security implementations
  • » Perform successful troubleshooting of some common Junos security issues

Back to Top

JNCIP-SEC Security Certification Prep Boot Camp Course Outline

      1. IPS Functionality
        1. Reasons for Network Attacks
        2. Categories of Attacks
        3. Anatomy of an Attack
        4. IPS Mechanisms on SRX Series Devices
      2. Initial Device Configuration
        1. Deployment Options for IPS Functionality
        2. Management Options
        3. Network Settings
        4. Preparing the SRX Series Device for IPS Features
      3. IPS Terminology and Concepts
        1. Attack Objects
        2. IPS Rulebase Details
        3. Rule Match Conditions
        4. Rule Actions
        5. Terminal Rules
        6. IP Actions
        7. Notification
        8. IPS Traffic Flow
      4. IPS Attack Objects
        1. IPS Rules and Rulebases
        2. Attack Objects
        3. Custom Signatures
      5. Scanning and Reconnaissance
        1. Types of Scans
        2. Fingerprinting
        3. IPS Scan Prevention
      6. Blocking Evasion Techniques and DoS
        1. FIN Scans
        2. IP Spoofing
        3. IP Source Routing Options
        4. DoS and DDoS Attacks
        5. Mechanisms for Blocking DoS and DDoS
      7. Reporting
        1. NSM Reports
        2. Junos Syslog and Operational Commands
      8. Junos Security Review
        1. Junos Security Components
        2. Selective Packet-Based Forwarding
        3. Junos Layer 2 Packet Handling
      9. Security Policy Components
        1. Application Layer Gateways (ALGs)
        2. Junos ALGs
        3. Custom Application Definitions
        4. Advanced Addressing
        5. Policy Matching
      10. Virtualization
        1. Routing Instances
        2. Filter-Based Forwarding
      11. Advanced NAT Concepts
        1. Beyond Layer 3 and Layer 4 Headers
        2. Advanced NAT Scenarios
      12. High Availability Clustering
        1. High Availability
        2. Chassis Clustering Implementations
        3. Advanced HA Topics
      13. IPsec Implementations
        1. Standard VPN Implementations
        2. Public Key Infrastructure
        3. Hub-and-Spoke VPNs
      14. Enterprise IPsec Technologies
        1. Group VPN
        2. GDOI Protocol
        3. Group VPN Configuration and Monitoring
        4. Dynamic VPN Implementation
      15. IPsec VPN Case Studies and Solutions
        1. Routing over VPNs
        2. IPsec with Overlapping Addresses
        3. Dynamic Gateway IP Addresses
        4. Enterprise VPN Deployment Tips and Tricks
      16. Troubleshooting Junos Security
        1. Troubleshooting Methodology
        2. Troubleshooting Tools
        3. Identifying IPsec Issues
      17. SRX Series Hardware and Interfaces
        1. Branch SRX Platform
        2. High End SRX Platform
        3. SRX Traffic Flow and Distribution
        4. SRX Interfaces

Back to Top

Do you have the right background for JNCIP-SEC Security Certification Prep Boot Camp?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Our instructors are passionate at teaching and are experts in their respective fields. Our average NetCom instructor has many, many years of real-world experience and impart their priceless, valuable knowledge to our students every single day. See our world-class instructors.   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

The instructor was clear in his lessons and very knowledgeable. Overall I liked the course and Dominic, the instructor, was very thorough/knowledgeable on the topics we covered.
- Matthew H.
Course(s) Taken

» Juniper Networks

Excellent instructor, good course layout. Great learning structure, the courses I have taken have been taught by great teachers.
- Chris C.
Course(s) Taken

» Juniper Networks

  More testimonials »  

Back to Top