| FIREWALL VPN SECURITY |
|
| IIDP - Implementing Intrusion Detection and Prevention Products |
| Course ID |
: |
EDU-JUN-IIDP |
| Length |
: |
Three days |
|
|
| |
| About this Course |
This three-day course discusses the configuration of Juniper Intrusion Detection and Prevention (IDP) sensors in a typical network environment. Key topics include sensor configuration, creating and fine-tuning security policies, managing attack objects, creating custom signatures, and troubleshooting. This course is based upon IDP software version 4.1 and Security Manager 2007.3. |
| |
| Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the IDP sensor. |
|
|
| |
| Objectives |
| After successfully completing this course, you should be able to deploy the SA Series products to support common environments. Specific topics include the following: |
| |
| » |
Deploy an IDP sensor on the network. |
| » |
Monitor and understand IDP logs. |
| » |
Configure, install, and fine-tune IDP policies. |
| » |
Configure the Profiler. |
| » |
Troubleshoot sensor problems. |
| » |
Create custom signature attack objects. |
| » |
Configure sensors for high availability using third-party devices. |
|
| |
| Intended Audience |
This course is intended for network engineers, support personnel, reseller support, and others responsible for implementing Juniper Networks IDP products. |
|
|
| |
| Course Level |
This is an introductory-level course. |
|
|
| |
| Prerequisites |
This course assumes that students have basic networking knowledge and experience in the following areas: |
|
|
| |
| Course Contents |
| Day One |
| Chapter 1 |
: |
Course Introduction |
| Chapter 2 |
: |
Intrusion Detection and Prevention Concepts |
|
| » |
Network Attack Phases and Detection |
| » |
Juniper Networks IDP Product Offerings |
| » |
Juniper Networks IDP Three-Tier Architecture |
| » |
Juniper IDP Deployment Modes |
|
|
|
| |
| Chapter 3: Initial Configuration of IDP Sensor |
| » |
Overview of IDP Sensor Deployment Process |
| » |
Initial Configuration Steps—IDP Standalone Device |
| » |
Initial Configuration Steps—ISG1000/ISG2000 |
| » |
Lab 1: Sensor Initial Configuration |
|
|
|
| |
| Chapter 4: IDP Policy Basics |
| » |
Attack Object Terminology |
| » |
IDP Rule Components |
| » |
IDP Rule-Matching Algorithm |
| » |
Terminal rules |
| » |
Lab 2: Configuring IDP Policies |
|
|
|
| |
| Chapter 5: Fine-Tuning Policies |
| » |
Tuning Process Overview |
| » |
Step 1: Identifying Machines and Protocols to Monitor |
| » |
Step 2: Identifying and Eliminating False Positives |
| » |
Step 3: Identifying and Configuring Responses to Real Attacks |
| » |
Step 4: Configuring Other Rulebases to Detect Attacks |
| » |
Lab 3: Fine-Tuning IDP Policies |
|
|
|
| |
| |
| Day Two |
| |
| Chapter 6: Configuring Additional Rulebases |
| » |
Overview of IDP-Related Rulebases |
| » |
Exempt Rulebases |
| » |
Traffic Anomalies Rulebase |
| » |
Backdoor Rulebase |
| » |
SYN Protector Rulebase |
| » |
Network Honeypot Rulebase |
| » |
Rulebase Processing Order |
| » |
Lab 4: Configuring Additional Rulebases |
|
|
|
| |
| Chapter 7: Profile |
| » |
Profiler Overview |
| » |
How to Operate Profiler |
| » |
Using Profiler for Network Discovery |
| » |
Using Profiler to Discover Running Applications |
| » |
Using Profiler to Detect New Devices and Ports |
| » |
Using Profiler to Detect Policy Violations |
| » |
Lab 5: Using Profiler |
|
|
|
| |
| Chapter 8: Sensor Operation and Sensor Commands |
| » |
Main Components of the Sensor |
| » |
Description of Sensor Processes |
| » |
Managing Policies with the scio Utility |
| » |
Managing Sensor Configuration with the scio Utility |
| » |
Monitoring with the sctop Utility |
| » |
Lab 6: Using Sensor Commands |
|
|
|
| |
| Chapter 9: Troubleshooting |
| » |
Review of Sensor Communication |
| » |
Troubleshooting Tools |
| » |
Troubleshooting Scenarios |
| » |
Reimaging the Sensor |
| » |
Lab 7: Troubleshooting |
|
|
|
| |
| Day Three |
| |
| Chapter 10: Managing Attack Objects |
| » |
Examining Predefined Attack Objects |
| » |
Examining Predefined Attack Object Groups |
| » |
Creating New Custom Attack Object Groups |
| » |
Updating the Attack Object Database |
| » |
Searching the Attack Object Database |
| » |
Lab 8: Managing Attack Objects |
|
|
|
| |
| Chapter 11: Creating Custom Signatures |
| » |
IDP Packet Inspection |
| » |
Obtaining Attack Information |
| » |
Understanding Regular Expressions |
| » |
Creating a Signature-Based Attack Object |
| » |
Creating a Compound Attack Object |
| » |
Lab 9: Creating Custom Signatures |
|
|
|
| |
| Chapter 1Configuring Sensors for External High Availability |
| » |
External HA Operation |
| » |
Configuring Sensors for External HA |
|
|
|
