- Home
- Trainingen
- Training details
Juniper Networks
7. Impl. Intrusion Detection and Prevention Products
Code:
IIDP
Overzicht:
This three-day course discusses the configuration of Juniper Intrusion Detection and Prevention (IDP) sensors in a typical network environment. Key topics include: sensor configuration, creating and fine-tuning security policies, managing attack objects, creating custom signatures, and troubleshooting.
Through demonstrations and hands on labs, students will gain experience in configuring, testing, and troubleshooting the IDP sensor.
Doelstellingen:Intrusion Detection Concepts • Network attack phases and detection • Juniper IDP product offerings • IDP three-tier architecture • IDP sensor transparent mode Initial Configuration of IDP Sensor • Overview of IDP sensor deployment process • Attach IDP sensor to network • Establishing communication between SM and IDP sensor • Creating initial IDP policy • Installing policy on IDP sensor Policy Basics • IDP attack terminology • IDP rule components • Packet flow through IDP sensor Fine-tuning Security Policies • Step 1: Identify Machines to Monitor • Step 2: Eliminate False Positives • Step 3: Configure Response to Real Attacks • Step 4: Configure Other Rulebases to Detect Attacks Configuring Other Rulebases • Exempt Rulebase • Traffic Anomolies Rulebase • Backdoor Detection Rulebase • SYN Protector Rulebase • Network Honeypot Rulebase Profiler • Profiler Overview • How to Operate the Profiler • Using Profiler for Network Discovery • Using Profiler to Detect New Devices and Ports • Using Profiler to Detect Policy Violations Sensor Operation and Command-line Utilities • Sensor main components • Description of sensor processes • Managing policies and decoder engine with scio • Managing sensor configuration with scio • Monitoring with sctop • Using tech-support tool Managing Attack Objects • Examining predefined attack objects • Examining predefined attack object groups • Creating new custom attack groups: static groups vs dynamic groups • Updating attack objects • Searching attack DB Creating Custom Signatures • IDP packet inspection • Obtaining attack information using scio ccap & scio pcap • Using regular expressions • Configuring a simple signature • Configuring a compound signature Maintenance & Troubleshooting • Appliance Configuration Manager (ACM) • Backup of sensor • Re-imaging sensor with reinstall CD • Removing old logs, exporting logs • Troubleshooting connectivity problems between Security Manager and IDP sensor High-Availability • NIC bypass • Standalone HA • External HA
Doelgroep:Network engineers, support personnel, reseller support, and others responsible for implementing Juniper IDP products.
Voorkennis:This course assumes that students have basic networking knowledge and experience in the following areas: • Internetworking basics • TCP/IP Operations • Network security concepts • Network administration • Application support Also assumes that students have attended the Security Manager Fundamentals (2 day course)
Verdere informatie:Certification:
IIDP + exam: Juniper Networks Certified Internet Associate (JNCIA-IDP)
€1750.00
Beschikbare data:
16 december 2009 - Londen (Engels)
15 maart 2010 - Eindhoven
28 juni 2010 - Eindhoven (Engels)
INSCHRIJVEN
