JNCIP-SEC Journey Begins

snadam

Finished my notes on Chatper 5 of the JIPS book, now on to the last two chapters, "additional attack protection mechanisms" and "logging and reporting"

two chapters away from firing up the ole lab; which is my favorite part.

snadam

finished reading the additional attack protection mechanisms chapter. Just some notes and then one more chapter left!

Also, booked my exam, so that is fun and exciting!

I hopefully will build my topology/lab this weekend if I keep may pace.

snadam

Last chapter and notes are DONE!!! Now the fun part; lab! I have my base topology sorted out. Once I configure my lab (hopefully tomorrow), I will post my starting topology. Due to the exam objectives, the topology will probably change slightly from topic to topic. the goal from here on out is to do the following:

- Read My notes on a particular chapter
- Do a practice lab
- Review notes from previous chapter/s
- Repeat if necessary

Now that the notes part is over, I can post my lab outputs and topologies that I am currently working on. In other words, a lot less boring "I read this today..." and more interesting "Here is my lab, here was my output, here was where I went wrong, and how I fixed it".

snadam

So here is my base lab topology. The goal was to keep it pretty vanilla so I can build and add the different labs on it, hence the extra bits on the bottom right corner. I have 3 different sites, HQ, site A and site B. I put a cluster of my 100B's at HQ, one 210H at site A, and the other 210H at site B. I threw in a HA cluster in there just for fun and in case I run in to something cluster specific. If I find out later its not needed, I'll disband the HA cluster. I also have two laptops running Kali Linux, which will serve as my "servers". Those two should be able to generate various types of traffic for my labs.


The first lab in the material is AppSecure. Since I don't have the licensing for that, we'll see far I can take it

snadam

So unfortunately, I couldn't get too far with this lab, but I tried to follow the syntax/commands in the book just for fun. The lab basically introduces you to the operational commands for appID and appTrack, as well as some configuration commands for appFW and application system cache (ASC).

One of the cool parts about this lab is that they show you the power of layer 7 'firewalling'. As an example, you were assigned to create a custom application for TCP port 8080. The requirement was that only HTTP traffic can use port 8080 and all other applications/protocols were to be denied use of 8080. An FTP session over TCP port 8080 from one host to another through the SRX was initiated. This worked, although the requirement in the lab was to only allow HTTP on port 8080. So, a search for a suitable application signature was done, and an application firewall rule set was made to only allow http on port 8080 and deny any other application attempting to use that port. Once the application firewall rule was applied to the existing security policy action, you were only able to initiate an HTTP session on said port; the objective was met.

So while I didn't get to complete the lab per say, I ran through it and was able to answer all the questions provided in the lab book for the most part. Since I have limited exposure to AppSecure features, this will be an objective I revisit again.

Next up is a lab I CAN do; L2 Security (transparent mode firewall).

snadam

still at it. Just haven't had enough time to post my detailed lab work. Working on various IPSEC, NAT, Virtualization labs the past week. Once I get a good system/pattern, I will probably post more.

snadam

STILL AT IT! Just finished AJSEC training course, will take JIPS next week. Unless I have spare time (which is hard to find) I am not sure if I am going to post diagrams/labs like I said I was going to. I think I am going to keep my nose in the books and labs from here on out.

snadam

JNCIP-SEC Journey ENDS!!!
http://www.techexams.net/forums/juniper-certifications/111959-jncip-sec-pass.html#post950798