Juniper Service Provider Edge SecurityJSPESJPJuniper NetworksJP-JSPES21.1R1.11<ul>
<li>Define the general security architecture for 4G and 5G networks.</li><li>Configure data plane security protections.</li><li>Explain DoS and DDoS attacks.</li><li>Describe BGP Flowspec in protecting against DDoS attacks.</li><li>Explain the Corero solution for DDoS attacks.</li><li>Describe the use of stateful firewalls.</li><li>Explain the use of ALGs in stateful security firewalls.</li><li>Explain how to secure BGP on Junos devices.</li><li>Describe how to use IPsec to secure traffic.</li><li>Explain the new IoT threat to networks.</li><li>Describe AutoVPN IPsec architectures.</li><li>Explain the use and configuration of CGNAT on SRX Series devices</li></ul><ul>
<li>Intermediate level of TCP/IP networking and security knowledge</li><li>Attend the Introduction to Juniper Security (IJSEC) course before attending this class</li></ul><p>This course benefits those responsible for
implementing, monitoring, and troubleshooting Juniper
security components.</p><p><strong>DAY 1</strong></p>
<p><strong>1 Course Introduction</strong></p>
<p><strong>2 Security Challenges for Service Providers</strong>
</p>
<ul>
<li>Describe limitations of security devices</li><li>Describe DDoS attack threats</li><li>Describe BGP security threats</li><li>Explain IP address depletion challenges</li><li>Describe 5G security challenges</li></ul><p><strong>3 Juniper Networks Solutions for Service Providers</strong>
</p>
<ul>
<li>Describe Juniper Networks’ security solutions for the service provider challenges</li></ul><p><strong>4 Stateful Firewalls</strong>
</p>
<ul>
<li>Describe stateless firewall filters</li><li>Describe stateful firewall policies</li><li>Describe screens and ALGs</li><li>Explain asymmetrical routing</li></ul><p><strong>Lab 1: Configure Stateful Firewalls</strong></p>
<p><strong>5G Architecture using SRX Series Devices</strong>
</p>
<ul>
<li>Describe security insertion points</li><li>Describe 5G network evolution</li></ul><p>
<strong>6 DDoS Protection</strong>
</p>
<ul>
<li>Explain DDoS history and common protections</li><li>Describe SRX DDoS protection</li><li>Describe BGP FlowSpec</li><li>Describe Corero with MX DDoS protection</li></ul><p><strong>Lab 2: DDoS Protection</strong></p>
<p><strong>DAY 2</strong></p>
<p><strong>7 Carrier-Grade NAT</strong>
</p>
<ul>
<li>Explain IPv4 address exhaustion</li><li>Describe Source NAT</li><li>Describe CGNAT</li><li>Describe NAT64</li></ul><p><strong>Lab 3: CGNAT</strong></p>
<p><strong>8 Juniper Connected Security for Service Providers</strong>
</p>
<ul>
<li>Explain Juniper Connected Security</li><li>Describe SecIntel feeds</li><li>Describe a use case for IoT protection</li></ul><p><strong>Lab 4: Implementing Juniper Connected Security</strong></p>
<p><strong>9 IPsec Overview</strong>
</p>
<ul>
<li>Describe the IPsec and IKE protocols</li><li>Configure site-to-site IPsec VPNs</li><li>Describe and configure Proxy IDs and Traffic selectors</li><li>Monitor site-to-site IPsec VPNs</li><li>Describe IPsec use with gNodeB devices</li></ul><p>
<strong>Lab 5: Site-to-Site IPsec VPN</strong></p>
<p>
<strong>10 Scaling IPsec</strong>
</p>
<ul>
<li>Describe and implement PKI certificates in Junos OS</li><li>Describe AutoVPN</li><li>Describe SecGW firewall use case for scaling IPsec</li></ul><p>
<strong>Lab 6: Configuring AutoVPN</strong></p>
<p><strong>DAY 3</strong></p>
<p><strong>11 GPRS and GTP</strong>
</p>
<ul>
<li>Describe how to secure GTP tunnels</li><li>Describe the GPRS protocol</li><li>Describe the GTP</li><li>Explain how Roaming Firewall secures GTP</li></ul><p>
<strong>12 SCTP</strong>
</p>
<ul>
<li>Describe the SCTP</li></ul><p><strong>Lab 7: Video about Implementing the Roaming Firewall (Demo)</strong></p>
<p><strong>13 Securing the Control Plane</strong>
</p>
<ul>
<li>Explain how to secure the control plane on Junos devices</li><li>Describe how the loopback filter works to secure the control plane</li><li>Explain how to protect the control plane from DDoS attacks</li><li>Describe how to secure the IGP against attacks</li></ul><p><strong>Lab 8: Configure Control Plane Protections</strong></p>
<p><strong>14 Securing the BGP</strong>
</p>
<ul>
<li>Describe how to secure the BGP</li><li>Describe BGP security features</li><li>Describe BGP dampening</li></ul><p><strong>Lab 9: Configure BGP protections</strong></p>- Define the general security architecture for 4G and 5G networks.
- Configure data plane security protections.
- Explain DoS and DDoS attacks.
- Describe BGP Flowspec in protecting against DDoS attacks.
- Explain the Corero solution for DDoS attacks.
- Describe the use of stateful firewalls.
- Explain the use of ALGs in stateful security firewalls.
- Explain how to secure BGP on Junos devices.
- Describe how to use IPsec to secure traffic.
- Explain the new IoT threat to networks.
- Describe AutoVPN IPsec architectures.
- Explain the use and configuration of CGNAT on SRX Series devices- Intermediate level of TCP/IP networking and security knowledge
- Attend the Introduction to Juniper Security (IJSEC) course before attending this classThis course benefits those responsible for
implementing, monitoring, and troubleshooting Juniper
security components.DAY 1
1 Course Introduction
2 Security Challenges for Service Providers
- Describe limitations of security devices
- Describe DDoS attack threats
- Describe BGP security threats
- Explain IP address depletion challenges
- Describe 5G security challenges
3 Juniper Networks Solutions for Service Providers
- Describe Juniper Networks’ security solutions for the service provider challenges
4 Stateful Firewalls
- Describe stateless firewall filters
- Describe stateful firewall policies
- Describe screens and ALGs
- Explain asymmetrical routing
Lab 1: Configure Stateful Firewalls
5G Architecture using SRX Series Devices
- Describe security insertion points
- Describe 5G network evolution
6 DDoS Protection
- Explain DDoS history and common protections
- Describe SRX DDoS protection
- Describe BGP FlowSpec
- Describe Corero with MX DDoS protection
Lab 2: DDoS Protection
DAY 2
7 Carrier-Grade NAT
- Explain IPv4 address exhaustion
- Describe Source NAT
- Describe CGNAT
- Describe NAT64
Lab 3: CGNAT
8 Juniper Connected Security for Service Providers
- Explain Juniper Connected Security
- Describe SecIntel feeds
- Describe a use case for IoT protection
Lab 4: Implementing Juniper Connected Security
9 IPsec Overview
- Describe the IPsec and IKE protocols
- Configure site-to-site IPsec VPNs
- Describe and configure Proxy IDs and Traffic selectors
- Monitor site-to-site IPsec VPNs
- Describe IPsec use with gNodeB devices
Lab 5: Site-to-Site IPsec VPN
10 Scaling IPsec
- Describe and implement PKI certificates in Junos OS
- Describe AutoVPN
- Describe SecGW firewall use case for scaling IPsec
Lab 6: Configuring AutoVPN
DAY 3
11 GPRS and GTP
- Describe how to secure GTP tunnels
- Describe the GPRS protocol
- Describe the GTP
- Explain how Roaming Firewall secures GTP
12 SCTP
- Describe the SCTP
Lab 7: Video about Implementing the Roaming Firewall (Demo)
13 Securing the Control Plane
- Explain how to secure the control plane on Junos devices
- Describe how the loopback filter works to secure the control plane
- Explain how to protect the control plane from DDoS attacks
- Describe how to secure the IGP against attacks
Lab 8: Configure Control Plane Protections
14 Securing the BGP
- Describe how to secure the BGP
- Describe BGP security features
- Describe BGP dampening
Lab 9: Configure BGP protections3 jours2850.002850.002850.002850.002850.00