Implementing Intrusion Detection and Prevention Products

Course No: EDU-NS-NIDP

Length: 2 days

Cost: $2,000 (US) Schedule and Registration

Overview

This two-day course discusses the configuration of Juniper Intrusion Detection and Prevention (IDP) products in a typical network environment. Key topics include the IDP Sensor and Management Server, the IDP Deployment Modes, policy creation, and attack investigation techniques.

Through demonstrations and hands on labs, students will gain experience in configuring, testing, and troubleshooting basic facets of the IDP product.

Target audience

Network engineers, support personnel, reseller support, and others responsible for implementing Juniper IDP products.

Prerequisites

This course assumes that students have basic networking knowledge and experience in the following areas:

• Internetworking basics
• TCP/IP Operations
• Network security concepts
• Network administration
• Application support

Course Contents

• Module 1: Network Security Architecture and IDP
  • Understand how Firewalls fit into network security architectures
  • Understand how IDS fit into network security architectures
  • Identify how an IPS/IDP fits into today's network security architectures

• Module 2: About the Juniper Networks IDP
  • Be familiar with Product line/Hardware platforms
  • Understand IDP Architecture - 3 tiers
  • Identify IDP Processes and relationship between 3 tiers

• Module 3: Sensor Deployment and Configuration
  • Deploy IDP in Sniffer and Inline modes
  • Configure Sensor with CLI and ACM (WebUI)

• Module 4: Management Server Configuration
  • Centralizes data for logging, reporting, and security policy management
  • Configure the Management Server
  • Maintain multiple sensors with the Management Server

• Module 5: UI Configuration
  • Configure the UI client
  • Configure the Management Server
  • Recognize the Main UI components

• Module 6: Network Profiling
  • Monitor the network for a comprehensive view of traffic patterns
  • Create network objects and analyze traffic flows
  • Establish your network risks and what the threats are

• Module 7: Security Policy Configuration
  • Configure a basic security policy
  • Use security policy templates for sniffer and inline modes
  • Set up rules for normal traffic flows, honeypots, and advanced settings

• Module 8: Logs and Reporting
  • Customize the Log Viewer preferences and filtering content
  • View and recognize attacks with the log viewer
  • Setup and generate reports
  • Integrate the Log Viewer with the Reports

• Module 9: Management Server and Sensor Administration
  • Administer the Management Server
  • Update the attack objects
  • Understand Rulebase Maintainence
  • Administer the Sensor
  • Run Sensor Configuration utilities