This five-day course, which is designed to build off of the current Junos Security (JSEC) offering, delves deeper into Junos security. Through demonstrations and hands-on labs, you will gain experience in configuring and monitoring the advanced Junos OS security features with advanced coverage of virtualization, AppSecure, advanced Network Address Translation (NAT) deployments, Layer 2 security, and Sky ATP. This course uses Juniper Networks SRX Series Services Gateways for the hands-on component. This course is based on Junos OS Release 15.1X49-D70.3 and Junos Space Security Director 16.1.

Advanced Junos Security (AJSEC) is an advanced-level course.

After successfully completing this course, you should be able to:

• Demonstrate understanding of concepts covered in the prerequisite Junos Security course.
• Describe the various forms of security supported by the Junos OS.
• Implement features of the AppSecure suite, including AppID, App FW, AppTrack, AppQoS, and SSL Proxy.
• Configure custom application signatures.
• Describe Junos security handling at Layer 2 versus Layer 3.
• Implement next generation Layer 2 security features.
• Demonstrate understanding of Logical Systems (LSYS).
• Use Junos debugging tools to analyze traffic flows and identify traffic processing patterns and problems.
• Describe Junos routing instance types used for virtualization.
• Implement virtual routing instances in a security setting.
• Describe and configure route sharing between routing instances using logical tunnel interfaces.
• Utilize Junos tools for troubleshooting Junos security implementations.
• Perform successful troubleshooting of some common Junos security issues.
• Describe and discuss Sky ATP and its function in the network.
• Describe and configure UTM functions.
• Discuss IPS and its function in the network.
• Implement IPS policy.
• Describe and implement SDSN in a network.
• Describe and implement user role firewall in a network.
• Demonstrate the understanding of integrated user firewall.

This course benefits individuals responsible for implementing, monitoring, and troubleshooting Junos security components.

Students should have a strong level of TCP/IP networking and security knowledge. Students should also attend the Introduction to the Junos Operating System (IJOS) and Junos Security (JSEC) courses prior to attending this class.

Day 1

Chapter 1: Course Introduction

Chapter 2: Junos Layer 2 Packet

• Handling and Security Features
• Transparent Mode Security
• Secure Wire
• Layer 2 Next Generation Ethernet Switching
• MACsec
• Lab 2: Implementing Layer 2 Security

Chapter 3: Virtualization

• Virtualization Overview
• Routing Instances
• Logical Systems
• Lab 3: Implementing Junos Virtual Routing
   

Chapter 4: AppSecure Theory

• AppSecure Overview
• AppID Overview
• AppID Techniques
• Application System Cache
• Custom Application Signatures

Day 2

Chapter 5: AppSecure Implementation

• AppTrack
• AppFW
• AppQoS
• APBR
• SSL Proxy
• Lab 4: Implementing AppSecure

Chapter 6: Working with Log Director

• Log Director Overview
• Log Director Components
• Installing and setting up Log Director
• Clustering with the Log Concentrator VM
• Administrating Log Director
• Lab 5: Deploying Log Director

Day 3

Chapter 7: Sky ATP Theory

• Sky ATP Overview
• Monitoring Sky ATP
• Analysis and Detection of Malware

Chapter 8: Sky ATP Implementation

• Configuring Sky ATP
• Installing Sky ATP
• Analysis and detection of Malware
• Infected Host Case Study
• Lab 6: Instructor Led Sky ATP Demo

Chapter 9: Implementing UTM

• UTM Overview
• AntiSpam
• AntiVirus
• Content and Web Filtering
• Lab 7: Implementing UTM

Day 4

Chapter 10: Introduction to IPS

• IPS Overview
• Network Asset Protection
• Intrusion Attack Methods
• Intrusion Prevention Systems
• IPS Inspection Walkthrough

Chapter 11: IPS Policy and Configuration

• SRX IPS Requirements
• IPS Operation Modes
• Basic IPS Policy Review
• IPS Rulebase Operations
• Lab 8: Implementing Basic IPS Policy

Day 5

Chapter 12: SDSN

• SDSN Overview
• SDSN Components
• SDSN Configuration
• Policy Enforcer Troubleshooting
• SDSN Use Cases
• Lab 9: Implementing SDSN

Chapter 13: Enforcement, Monitoring, and Reporting

• User Role Firewall and Integrated User Firewall Overview
• User Role Firewall Implementation
• Monitoring User Role Firewall
• Integrated User Firewall Implementation
• Monitoring Integrated User Firewall
• Lab 10: Configure User Role Firewall and Integrated User Firewall

Chapter 14: Troubleshooting Junos Security

• Troubleshooting Methodology
• Troubleshooting Tools
• Identifying IPsec Issues
• Lab 11: Performing Security Troubleshooting Techniques

Appendix A: SRX Series Hardware and Interfaces

• Branch SRX Platform Overview
• High End SRX Platform Overview
• SRX Traffic Flow and Distribution
• SRX Interfaces