JNCIA-IDP

Main Menu
HOME TRAINING Cyber Forensics EnCase I EnCase II EnCase III Cisco Associate Level CCNA CCNA Security CCNA Voice CCNA Wireless CCDA Professional Level CCNP New CCDP CCIP CCNP CCSP CCVP Expert Level CCIE Routing & Switching CCIE Security CCIE Voice CCIE Service Provider CCDE Juniper JUNOS Routing M-Series & T-Series JNCIA-M JNCIS-M Enterprise Routing JNCIA-ER JNCIS-ER JUNOS Security Enterprise Switching JNCIA-EX E-Seires JNCIA-E JNCIS-E Firewall/VPN JNCIA-FWV JNCIS-FWV IDP JNCIA-IDP SSL VPN JNCIA-SSL JNCIS-SSL DX Application WX Application UAC Microsoft MCP MCSA 2003 MCSE 2003 MCITP Server Admin MCITP Enterprise Admin Checkpoint CCSA CCSE Nokia Checkpoint (IPSO) Nortel Checkpoint (NSF) IT Management ITILv3 CISA CISSP EC-Council CEH ENSA CHFI EDRP CompTIA A+ Network+ Security+ Wireless (Planet3) CWNA CWTS CWSP CWNP Certification Package Routing Switching Firewall Prevention System Voice Hacking Virtualization VMware Workstation VMware ESX Videos CONSULTING Assist Services Network Design Implementation Services Network Security Penetration Testing IT Security Audit Network Operations BOOTCAMP Juniper Bootcamp Cisco Bootcamp CCNP Bootcamp CCSP Bootcamp CCVP Bootcamp Checkpoint NMAP Microsoft ITILv3 Bootcamp COMPANY INFO Company Trainer Profile Work Culture Leadership Infrastructure CAREER Working With Junisys Hot Jobs CONTACT US FORUM LAB Rack Rental Online LAB

Main Menu

Live Chat

Login Form
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Student Talk

Student Talk

NEWS

JNCIA-IDP

Implementing Intrusion Detection and Prevention (24hrs)

Course Overview

This three-day course discusses the configuration of Juniper Intrusion Detection and Prevention (IDP) sensors in a typical network environment. Key topics include sensor configuration, creating and fine-tuning security policies, managing attack objects, creating custom signatures, and troubleshooting. This course is based upon IDP software version 4.1 and Security Manager 2007.3.

Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the IDP sensor.

Objectives

After successfully completing this course, you should be able to:

Deploy an IDP sensor on the network.
Monitor and understand IDP logs.
Configure, install, and fine-tune IDP policies.
Configure the Profiler.
Troubleshoot sensor problems.
Create custom signature attack objects.
Configure sensors for high availability using third-party devices.

Intended Audience

This course is intended for network engineers, support personnel, reseller support, and others responsible for implementing Juniper Networks IDP products.

Course Level

This is an introductory-level course.

Prerequisites

This course assumes that students have basic networking knowledge and experience in the following areas:

Understanding of TCP/IP operation;
Understanding of network security concepts;
Experience in network security administration; and
Experience in UNIX system administration.

It also assumes that students have attended the Juniper Networks Security Manager Fundamentals course.

Course Contents

Course Introduction

Intrusion Detection and Prevention Concepts

Network Attack Phases and Detection
Juniper Networks IDP Product Offerings
Juniper Networks IDP Three-Tier Architecture
Juniper IDP Deployment Modes

Initial Configuration of IDP Sensor

Overview of IDP Sensor Deployment Process
Initial Configuration Steps—IDP Standalone Device
Initial Configuration Steps—ISG1000/ISG2000

IDP Policy Basics

Attack Object Terminology
IDP Rule Components
IDP Rule-Matching Algorithm
Terminal rules

Fine-Tuning Policies

Tuning Process Overview
Step 1: Identifying Machines and Protocols to Monitor
Step 2: Identifying and Eliminating False Positives
Step 3: Identifying and Configuring Responses to Real Attacks
Step 4: Configuring Other Rulebases to Detect Attacks

Configuring Additional Rulebases

Overview of IDP-Related Rulebases
Exempt Rulebases
Traffic Anomalies Rulebase
Backdoor Rulebase
SYN Protector Rulebase
Network Honeypot Rulebase
Rulebase Processing Order

Profiler

Profiler Overview
How to Operate Profiler
Using Profiler for Network Discovery
Using Profiler to Discover Running Applications
Using Profiler to Detect New Devices and Ports
Using Profiler to Detect Policy Violations

Sensor Operation and Sensor Commands

Main Components of the Sensor
Description of Sensor Processes
Managing Policies with the scio Utility
Managing Sensor Configuration with the scio Utility
Monitoring with the sctop Utility

Troubleshooting

Review of Sensor Communication
Troubleshooting Tools
Troubleshooting Scenarios
Reimaging the Sensor

Managing Attack Objects

Examining Predefined Attack Objects
Examining Predefined Attack Object Groups
Creating New Custom Attack Object Groups
Updating the Attack Object Database
Searching the Attack Object Database

Creating Custom Signatures

IDP Packet Inspection
Obtaining Attack Information
Understanding Regular Expressions
Creating a Signature-Based Attack Object
Creating a Compound Attack Object

Configuring Sensors for External High Availability

External HA Operation
Configuring Sensors for External HA