OneStat.com Web Analytics Implementing Intrusion Detection and Prevention
Networking and Security - Training Courses

Implementing Intrusion Detection & Prevention

Course Code: JPIIDP | Duration: 3 days

This three-day course discusses the configuration of Juniper Intrusion Detection and Prevention (IDP) sensors in a typical network environment. Key topics include: sensor configuration, creating and fine-tuning security policies, managing attack objects, creating custom signatures, and troubleshooting. This course is based upon IDP software version 4.0, and Security Manager 2006.1.

Through demonstrations and hands on labs, students will gain experience in configuring, testing, and troubleshooting the IDP sensor.

Course Objectives


By the end of this course, students will understand:
Intrusion Detection Concepts
  • Network attack phases and detection
  • Juniper IDP product offering
  • IDP three-tier architecture
  • IDP sensor transparent mode
Initial Configuration of IDP Sensor
  • Overview of IDP sensor deployment process
  • Attach IDP sensor to network
  • Establishing communication between SM and IDP sensor
  • Creating initial IDP policy
  • Installing policy on IDP sensor
Policy Basics
  • IDP attack terminology
  • IDP rule components
  • Packet flow through IDP sensor
Fine-tuning Security Policies
  • Identify machines to monitor
  • Eliminate false positives
  • Configure response to real attacks
  • Configure other rulebases to detect attacks
Configuring Other Rulebases
  • Exempt rulebase
  • Traffic anomalies rulebase
  • Backdoor detection rulebase
  • SYN protector rulebase
  • Network honeypot rulebase
Profiler
  • Profiler overview
  • How to operate the profiler
  • Using profiler for network recovery
  • Using profiler to detect new devices and ports
  • Using profiler to detect policy variations
Sensor Operation and Command-line Utilities
  • Sensor main components
  • Description of sensor processes
  • Managing policies and decoder engine with scio
  • Managing sensor configuration with scio
  • Monitoring with sctop
  • Using tech-support tool
Managing Attack Objects
  • Examining predefined attack objects
  • Examining predefined attack object groups
  • Creating new custom attack groups: static groups vs dynamic groups
  • Updating attack objects
  • Searching attack DB
Creating Custom Signatures
  • IDP packet inspection
  • Obtaining attack information using scio ccap & scio pcap
  • Using regular expressions
  • Configuring a simple signature
  • Configuring a compound signature
Maintenance and Troubleshooting
  • Appliance Configuration Manager (ACM)
  • Backup of sensor
  • Re-imaging sensor with reinstall CD
  • Removing old logs, exporting logs
  • Troubleshooting connectivity problems between Security Manager and IDP sensor
High-Availability
  • NIC bypass
  • Standalone HA
  • External HA
Who should attend

Network engineers, support personnel, reseller support, and others responsible for implementing Juniper IDP products.

Pre-requisites

This course assumes that students have basic knowledge and experience in the following areas:

  • Internetworking basics
  • TCP/IP Operations
  • Network security concepts
  • Network administration
  • Application suppor

Delegates should also have attended the Security Manager Fundamentals course (SMF)

Latest News
Quantix named as a finalist in the Evening Post 'B...
16 June 2009
Quantix, UK''s leading provider of managed services, enterprise applications and...
www.eventureinternet.com