The future of IBM Maximo: Work Centers and Inspections Can Transform Your Business

closeClose

Implementing Intrusion Detection and Prevention

  • Tuition USD $2,500
  • Reviews star_rate star_rate star_rate star_rate star_half 482 Ratings
  • Course Code JP-IIDP
  • Duration 3 days
  • Available Formats Classroom

This three-day course discusses the configuration of Juniper Intrusion Detection and Prevention (IDP) sensors in a typical network environment. Key topics include sensor configuration, creating and fine-tuning security policies, managing attack objects, creating custom signatures, and troubleshooting. This course is based upon IDP software version 4.1 and Security Manager 2007.3. Through demonstrations and hands-on labs, you will gain experience in configuring, testing, and troubleshooting the IDP sensor.

Skills Gained

  • After successfully completing this course, you should be able to:
  • Deploy an IDP sensor on the network
  • Monitor and understand IDP logs
  • Configure, install, and fine-tune IDP policies
  • Configure the Profiler
  • Troubleshoot sensor problems
  • Create custom signature attack objects
  • Configure sensors for high availability using third-party devices

Who Can Benefit

  • This course is intended for network engineers, support personnel, reseller support, and others responsible for implementing Juniper Networks IDP products.

Prerequisites

  • This course assumes that you have basic networking knowledge and experience in the following areas:
  • Internetworking basics
  • TCP/IP Operations
  • Network security concepts
  • Network administration
  • Application support

Course Details

Implementing Intrusion Detection and Prevention

  • Day 1Chapter 1: Course Introduction
  • Chapter 2: Intrusion Detection and Prevention ConceptsNetwork Attack Phases and Detection
  • Juniper Networks IDP Product Offerings
  • Juniper Networks IDP Three-Tier Architecture
  • Juniper IDP Deployment ModesChapter 3: Initial Configuration of IDP Sensor Overview of IDP Sensor Deployment Process
  • Initial Configuration StepIDP Standalone Device
  • Initial Configuration StepISG1000/ISG2000
  • Lab 1: Sensor Initial Configuration
  • Chapter 4: IDP Policy BasicsAttack Object Terminology
  • IDP Rule Components
  • IDP Rule-Matching Algorithm
  • Terminal rules
  • Lab 2: Configuring IDP Policies
  • Chapter 5: Fine-Tuning PoliciesTuning Process Overview
  • Step 1: Identifying Machines and Protocols to Monitor
  • Step 2: Identifying and Eliminating False Positives
  • Step 3: Identifying and Configuring Responses to Real Attacks
  • Step 4: Configuring Other Rulebases to Detect Attacks
  • Lab 3: Fine-Tuning IDP Policies
  • Day 2 Chapter 6: Configuring Additional RulebasesOverview of IDP-Related Rulebases
  • Exempt Rulebases
  • Traffic Anomalies Rulebase
  • Backdoor Rulebase
  • SYN Protector Rulebase
  • Network Honeypot Rulebase
  • Rulebase Processing Order
  • Lab 4: Configuring Additional Rulebases
  • Chapter 7: ProfilerProfiler Overview
  • How to Operate Profiler
  • Using Profiler for Network Discovery
  • Using Profiler to Discover Running Applications
  • Using Profiler to Detect New Devices and Ports
  • Using Profiler to Detect Policy Violations
  • Lab 5: Using Profiler
  • Chapter 8: Sensor Operation and Sensor CommandsMain Components of the Sensor
  • Description of Sensor Processes
  • Managing Policies with the scio Utility
  • Managing Sensor Configuration with the scio Utility
  • Monitoring with the sctop Utility
  • Lab 6: Using Sensor Commands
  • Chapter 9: TroubleshootingReview of Sensor Communication
  • Troubleshooting Tools
  • Troubleshooting Scenarios
  • Reimaging the Sensor
  • Lab 7: Troubleshooting
  • Day 3 Chapter 10: Managing Attack ObjectsExamining Predefined Attack Objects
  • Examining Predefined Attack Object Groups
  • Creating New Custom Attack Object Groups
  • Updating the Attack Object Database
  • Searching the Attack Object Database
  • Lab 8: Managing Attack Objects
  • Chapter 11: Creating Custom Signatures IDP Packet Inspection
  • Obtaining Attack Information
  • Understanding Regular Expressions
  • Creating a Signature-Based Attack Object
  • Creating a Compound Attack Object
  • Lab 9: Creating Custom Signatures
  • Chapter 12: Configuring Sensors for External High AvailabilityExternal HA Operation
  • Configuring Sensors for External HA

How do I enroll?

A comprehensive listing of ExitCertified courses can be found here. You can register directly for the required course/location when you select "register". If you have any questions or prefer to speak with an ExitCertified education consultant directly, please submit your query here. A representative will contact you shortly.

How do I pay for a class?

You can pay at the time of registration using credit card (Mastercard/Visa/American Express) cheque or PO.

What if I have training credits?

ExitCertified honors all savings programs from the partners we work with. ExitCertified also offers training credits across multiple partners through our FLEX Account.

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Lunchtime?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

Setup for the training was easy and participants were mostly provided with the necessary things for continued learning, however, a couple people in my class dealt with technical issues with their virtual machines in the virtual training.

Very prompt during an issue that occurred, and accidentally contacted an individual on their vacation, but they quickly pointed me to another individual who got my issue resolved.

The format and presentation using the iMVP software worked as well.

The exit certified aws course provided a good introduction to the tools available on aws.

Instructor was engaging, very knowledgeable, and explained things clearly. Labs were helpful in getting used to the tools that were being taught. Course location (Atlanta Microtek facility) was very comfortably set up. I'd definitely recommend this to anyone learning a new skill. (I took the 3-day AWS Big Data training).

Good course content and had mixed reviews with the instructors. Some were poor, some were really great.

0 options available

There are currently no scheduled dates for this course. If you are interested in this course, request a course date with the links above. We can also contact you when the course is scheduled in your area.

Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward