Juniper Implementing Intrusion Detection and Prevention
This three-day course discusses the configuration of Juniper Intrusion Detection and Prevention (IDP) sensors in a typical network environment. Key topics include sensor configuration, creating and fine-tuning security policies, managing attack objects, creating custom signatures, and troubleshooting. This course is based upon IDP software version 4.1 and Security Manager 2007.3. Through demonstrations and hands-on labs, you will gain experience in configuring, testing, and troubleshooting the IDP sensor.
Skills Gained
- After successfully completing this course, you should be able to:
- Deploy an IDP sensor on the network
- Monitor and understand IDP logs
- Configure, install, and fine-tune IDP policies
- Configure the Profiler
- Troubleshoot sensor problems
- Create custom signature attack objects
- Configure sensors for high availability using third-party devices
Who Can Benefit
- This course is intended for network engineers, support personnel, reseller support, and others responsible for implementing Juniper Networks IDP products.
Prerequisites
- This course assumes that you have basic networking knowledge and experience in the following areas:
- Internetworking basics
- TCP/IP Operations
- Network security concepts
- Network administration
- Application support
Course Details
Implementing Intrusion Detection and Prevention
- Day 1Chapter 1: Course Introduction
- Chapter 2: Intrusion Detection and Prevention ConceptsNetwork Attack Phases and Detection
- Juniper Networks IDP Product Offerings
- Juniper Networks IDP Three-Tier Architecture
- Juniper IDP Deployment ModesChapter 3: Initial Configuration of IDP Sensor Overview of IDP Sensor Deployment Process
- Initial Configuration StepsIDP Standalone Device
- Initial Configuration StepsISG1000/ISG2000
- Lab 1: Sensor Initial Configuration
- Chapter 4: IDP Policy BasicsAttack Object Terminology
- IDP Rule Components
- IDP Rule-Matching Algorithm
- Terminal rules
- Lab 2: Configuring IDP Policies
- Chapter 5: Fine-Tuning PoliciesTuning Process Overview
- Step 1: Identifying Machines and Protocols to Monitor
- Step 2: Identifying and Eliminating False Positives
- Step 3: Identifying and Configuring Responses to Real Attacks
- Step 4: Configuring Other Rulebases to Detect Attacks
- Lab 3: Fine-Tuning IDP Policies
- Day 2 Chapter 6: Configuring Additional RulebasesOverview of IDP-Related Rulebases
- Exempt Rulebases
- Traffic Anomalies Rulebase
- Backdoor Rulebase
- SYN Protector Rulebase
- Network Honeypot Rulebase
- Rulebase Processing Order
- Lab 4: Configuring Additional Rulebases
- Chapter 7: ProfilerProfiler Overview
- How to Operate Profiler
- Using Profiler for Network Discovery
- Using Profiler to Discover Running Applications
- Using Profiler to Detect New Devices and Ports
- Using Profiler to Detect Policy Violations
- Lab 5: Using Profiler
- Chapter 8: Sensor Operation and Sensor CommandsMain Components of the Sensor
- Description of Sensor Processes
- Managing Policies with the scio Utility
- Managing Sensor Configuration with the scio Utility
- Monitoring with the sctop Utility
- Lab 6: Using Sensor Commands
- Chapter 9: TroubleshootingReview of Sensor Communication
- Troubleshooting Tools
- Troubleshooting Scenarios
- Reimaging the Sensor
- Lab 7: Troubleshooting
- Day 3 Chapter 10: Managing Attack ObjectsExamining Predefined Attack Objects
- Examining Predefined Attack Object Groups
- Creating New Custom Attack Object Groups
- Updating the Attack Object Database
- Searching the Attack Object Database
- Lab 8: Managing Attack Objects
- Chapter 11: Creating Custom Signatures IDP Packet Inspection
- Obtaining Attack Information
- Understanding Regular Expressions
- Creating a Signature-Based Attack Object
- Creating a Compound Attack Object
- Lab 9: Creating Custom Signatures
- Chapter 12: Configuring Sensors for External High AvailabilityExternal HA Operation
- Configuring Sensors for External HA
Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com
Request a Date