The JNCIS-SEC Certification Bundle is a 4-day event that covers intermediate aspects of Junos Security, including security zones, security policies, intrusion detection and prevention (IDP), Network Address Translation (NAT), and high availability clusters, as well as implementing Unified Threat Manager (detailed coverage of Web Filtering, antivirus (AV), antispam, and content filtering) running on Juniper Networks platforms.
Key topics include user interface options with a heavy focus on the command-line interface, configuration tasks typically associated with the initial setup devices, interface configuration basics, secondary system configuration, and the basics of operational monitoring and maintenance of devices running JUNOS Software. Students will also learn routing principles and concepts, configuring policies and firewall filters, and class of service (CoS).
Titles in the curriculum include:

  • JSEC
  • JUTM

Note: This course prepares students for the JNCIS-SEC Certification exam, whose topics are based on the content of this curriculum.

Audience: Network engineers, technical support personnel, reseller support engineers, and others responsible for implanting and/or maintaining the Juniper Networks products covered in this course.
Course Duration: 4 Days
Prerequisites:

Students should have basic networking knowledge and an understanding of the Open Systems interconnection (OSI) reference model and the TCP/IP protocol suite. Students should also have attended the Introduction to the Junos Operation System (IJOS) and the Junos Routing Essentials (JRE) prior to attending.

Course Objectives:
  • Describe, configure, and monitor zones
  • Describe, configure, and monitor security policies
  • Describe, configure, and monitor firewall user authentication
  • Describe various types of network attacks
  • Configure and monitor SCREEN options
  • Implement, and monitor NAT, as implemented on Junos security platforms
  • Explain the mechanics of IP Security (IPSec) virtual private networks (VPNs)
  • Implement and monitor policy-based and route-based IPSec VPNs
  • Utilize and update the IDP signature database
  • Configure and monitor IDP policy templates
  • Describe, configure, and monito high availability chassis clusters
  • Define terms used in the creation of effective antispam UTM policies
  • Outline the overall process of configuring an antispam UTM policy
  • Identify how the AV process examines traffic
  • Describe the settings that are required for configuring AV protection
  • Configure settings that affect scanning performance and effectiveness
  • Modify options available for scanning supported protocols
  • Identify content and Web filtering and their purpose
  • List parameters used when configuring Web and content filtering
  • Configure and monitor web and content filtering
  • Describe, configure, and monitor zones
  • Describe, configure, and monitor security policies
  • Describe, configure, and monitor firewall user authentication
  • Describe various types of network attacks
  • Configure and monitor SCREEN options
  • Implement, and monitor NAT, as implemented on Junos security platforms
  • Explain the mechanics of IP Security (IPSec) virtual private networks (VPNs)
  • Implement and monitor policy-based and route-based IPSec VPNs
  • Utilize and update the IDP signature database
  • Configure and monitor IDP policy templates
  • Describe, configure, and monito high availability chassis clusters
  • Define terms used in the creation of effective antispam UTM policies
  • Outline the overall process of configuring an antispam UTM policy
  • Identify how the AV process examines traffic
  • Describe the settings that are required for configuring AV protection
  • Configure settings that affect scanning performance and effectiveness
  • Modify options available for scanning supported protocols
  • Identify content and Web filtering and their purpose
  • List parameters used when configuring Web and content filtering
  • Configure and monitor web and content filtering
Course Outline:

Day 1

  • Course Introduction
  • JSEC Chapter 2: Introduction to Junos Security Platforms
    • Traditional Routing
    • Traditional Security
    • Breaking the Tradition
    • The Junos OS Architecture
  • JSEC Chapter 3: Zones
    • The Definition of Zones
    • Zone Configuration
    • Monitoring Security Zones
  • JSEC Chapter 4: Security Policies
    • Overview of Security Policy
    • Policy Components
    • Verifying Policy Operation
    • Policy Scheduling and Rematching
    • Policy Case Study

Day 2

  • JSEC Chapter 5: Firewall User Authentication
    • Firewall User Authentication Overview
    • Pass-Through Authentication
    • Web Authentication
    • Client Groups
    • Using External Authentication Servers
    • Verifying Firewall User Authentication
  • JSEC Chapter 6: SCREEN Options
    • Multilayer Network Protection
    • Stages and Types of Attacks
    • Using Junos SCREEN Options- Reconnaissance Attack Handling
    • Using Junos SCREEN Options- Denial of Service Attack Handling
    • Using Junos SCREEN Options- Suspicious Packets Attack Handling
    • Applying and Monitoring SCREEN Options
  • JSEC Chapter 7: Network Address Translation
    • NAT Overview
    • Source NAT Operation and Configuration
    • Destination NAT Operation and Configuration
    • Static NAT Operation and Configuration
    • Proxy ARP
    • Monitoring and Verifying NAT Operation

Day 3

  • JSEC Chapter 8: IPsec VPNS
    • VPN Types
    • Secure VPN Requirements
    • IPSec Details
    • Configuration of IPsec VPNs
    • IPsec VPN Monitoring
  • JSEC Chapter 9: Introduction to Intrusion Detection and Prevention
    • Introduction to Junos IDP
    • IDP Policy Components and Configuration
    • Signature Database
    • Case Study: Applying the Recommended IDP Policy
    • Monitoring IDP Operation
  • JSEC Chapter 10: High Availability Clustering
    • High Availability Overview
    • Chassis Cluster Components
    • Chassis Cluster Operation
    • Chassis Cluster Configuration
    • Chassis Cluster Monitoring

Day 4

  • JUTM Chapter 2: UTM Overview
    • Branch Office Challenges
    • UTM Feature Overview
    • Design Basics
    • Hardware Support
    • Licensing of Features
  • JUTM Chapter 3: Antispam
    • Antispam Terminology
    • Overview of Antispam Process
    • UTM policy Overview
    • Configuration Steps
    • Monitoring Antispam
  • JUTM Chapter 4: Full File-Based and Express Antivirus
    • Antivirus Terminology
    • Overview of Antivirus Process
    • AV Operation
    • Full File-based AV Configuration
    • Express AV Configuration
    • Monitoring
  • AV JUTM Chapter 5: Content and Web Filtering
    • Overview and Terminology
    • Configuration
    • Verification and Monitoring

Day 1

  • Course Introduction
  • JSEC Chapter 2: Introduction to Junos Security Platforms
    • Traditional Routing
    • Traditional Security
    • Breaking the Tradition
    • The Junos OS Architecture
  • JSEC Chapter 3: Zones
    • The Definition of Zones
    • Zone Configuration
    • Monitoring Security Zones
  • JSEC Chapter 4: Security Policies
    • Overview of Security Policy
    • Policy Components
    • Verifying Policy Operation
    • Policy Scheduling and Rematching
    • Policy Case Study

Day 2

  • JSEC Chapter 5: Firewall User Authentication
    • Firewall User Authentication Overview
    • Pass-Through Authentication
    • Web Authentication
    • Client Groups
    • Using External Authentication Servers
    • Verifying Firewall User Authentication
  • JSEC Chapter 6: SCREEN Options
    • Multilayer Network Protection
    • Stages and Types of Attacks
    • Using Junos SCREEN Options- Reconnaissance Attack Handling
    • Using Junos SCREEN Options- Denial of Service Attack Handling
    • Using Junos SCREEN Options- Suspicious Packets Attack Handling
    • Applying and Monitoring SCREEN Options
  • JSEC Chapter 7: Network Address Translation
    • NAT Overview
    • Source NAT Operation and Configuration
    • Destination NAT Operation and Configuration
    • Static NAT Operation and Configuration
    • Proxy ARP
    • Monitoring and Verifying NAT Operation

Day 3

  • JSEC Chapter 8: IPsec VPNS
    • VPN Types
    • Secure VPN Requirements
    • IPSec Details
    • Configuration of IPsec VPNs
    • IPsec VPN Monitoring
  • JSEC Chapter 9: Introduction to Intrusion Detection and Prevention
    • Introduction to Junos IDP
    • IDP Policy Components and Configuration
    • Signature Database
    • Case Study: Applying the Recommended IDP Policy
    • Monitoring IDP Operation
  • JSEC Chapter 10: High Availability Clustering
    • High Availability Overview
    • Chassis Cluster Components
    • Chassis Cluster Operation
    • Chassis Cluster Configuration
    • Chassis Cluster Monitoring

Day 4

  • JUTM Chapter 2: UTM Overview
    • Branch Office Challenges
    • UTM Feature Overview
    • Design Basics
    • Hardware Support
    • Licensing of Features
  • JUTM Chapter 3: Antispam
    • Antispam Terminology
    • Overview of Antispam Process
    • UTM policy Overview
    • Configuration Steps
    • Monitoring Antispam
  • JUTM Chapter 4: Full File-Based and Express Antivirus
    • Antivirus Terminology
    • Overview of Antivirus Process
    • AV Operation
    • Full File-based AV Configuration
    • Express AV Configuration
    • Monitoring
  • AV JUTM Chapter 5: Content and Web Filtering
    • Overview and Terminology
    • Configuration
    • Verification and Monitoring