NETWORK SECURITY EXPERT

NG Networks is offering a lifetime opportunity for the aspirants looking for making a career in Network Security domain. This program is the next level to the certification program as it covers multi-vendor technologies like the checkpoint, Palo Alto, Fortinet and ASA which is high in demand in Industries nowadays.

This program is made up by using top content required in Real-Time as per clients demand and its based on the requirement of the Real-Time environment. Training at NG Networks is provided by highly experienced Security Engineers from the top industries.

Register for Free Demo Class!!

It’s High Time to make a smart move for your career. Register Now!

Objectives

Training starts from Cisco Data and F5 will be adjoined to consign it into a right flavour. Then the profile is furnished by giving Security Training on different Firewall.

Overall it is one of the finest curriculums one can have in IT Network infrastructure
NG Networks offering flexible courses schedules with shorter times

Firewall Covered – ASA, Checkpoint, Palo Alto and Fortinet

Prerequisite – Knowledge of CCNA or equivalent

Course Summary

Basic Network Security Knowledge

Configure ASA with IP address and Access-lists

Execute change management in ASA Firewalls

Perform access related trouble shooting using Trace & Ping Commands

Checkpoint knowledge with rule base

Configure routes on NAT on ASA & checkpoint firewalls

Palo Alto, Architecture, Application & policy configuration

Vulnerability Management

Download Complete Syllabus

Course Curriculum

NETWORK BASICS - QUICK REVIEW

Introduction to Networks
1.1) LAN
1.2) WAN
Review OSI & TCP/IP Reference Model
2.1) Layers and communication
2.2) Encapsulation & De-encapsulation
Review IP Addressing
3.1) IP Address Components
3.2) Classes of Addresses
Review important Protocols
4.1) IP
4.2) TCP
4.3) UDP
4.4) ICMP
4.5) ARP
TCP 3-Way Handshake
How Router Works
Static & Dynamic Routing
How Switch Works
Review VLAN Concepts
How Trace route works

NETWORK SECURITY – QUICK OVERVIEW

Network Security Overview
Security Goal (CIA)
Security Attacks
Defence In-Depth
Introduction to Firewall
Introduction to IPS / IDS

CONFIGURATION & ADMINISTRATION OF CISCO ASA FIREWALL

Cisco ASA Essentials
1.1) Cisco ASA Features
1.2) Cisco ASA Hardware
1.3) Cisco ASA Licensing Overview
1.4) Cisco File System
Basic Connectivity and Device Management
2.1) Managing the Cisco ASA Using the CLI
2.2) Managing the Cisco ASA Using Cisco ASDM
2.3) Navigating Basic Cisco ASDM Features
2.4) Managing Cisco ASA Security Levels
2.5) Configuring and Verifying Basic Connectivity Parameters
2.6) Troubleshooting Basic Connectivity
2.7) Using TCP Ping
Implement ASA Static Routing
3.1) Configuring Static Routes
3.2) Configuring Default Route
Network Access Control
4.1) Configuring and Verifying Interface ACLs
4.2) Configuring and Verifying Global ACLs
4.3) Configuring and Verifying Time based ACLs
4.4) Configuring and Verifying Objects
4.5) Configuring and Verifying Object Groups
4.6) Maintaining and updating ACLs
4.7) Controlling ICMP traffic through the ASA
4.8) Controlling ICMP traffic to the ASA
4.9) Troubleshooting ACLs
4.10) uRPF
4.11) shun
4.12) Troubleshooting connection using Packet Tracer and Packet Capture feature
Implement Network Address Translation (NAT) on the ASA
5.1) Pre 8.3 – static, dynamic, policy, identity nat, nat exemption
5.2) 8.3 – Auto (Object) NAT, Manual (Twice) NAT
Interface High Availability
6.1) Configuring and Verifying EtherChannel
6.2) Configuring and Verifying Redundant Interfaces
6.3) Troubleshooting EtherChannel and Redundant Interfaces
Implement ASA transparent firewall
7.1) Routed vs. Transparent Mode
7.2) Traffic flow and ACL in transparent firewall
Cisco Modular Policy Framework Overview
8.1) MPF Policies
8.2) Class Maps
8.3) Policy Maps
8.4) Services Policies
8.5) TCP state bypass
8.6) Connection limits
Implement ASA Virtualization feature
9.1) Security Contexts
9.2) Security Contexts Resource Limiting
ASA High Availability
10.1) Implement ASA Stateful Failover
10.2) Active/Standby
10.3) Active/Active
ASA IPSEC VPN
11.1) Implement basic IPSEC S2S VPN operations with PSK.
11.2) Implement basic IKEv2 based IPSEC S2S VPN operations with PSK.
11.3) Verify and Troubleshoot the IPSEC S2S VPN.
11.4) Implement basic IPSEC Remote Access VPN operations.
11.5) Verify and Troubleshoot the IPSEC S2S VPN.
ASA Management Configuration
12.1) Configuring Logon Banners
12.2) Configuring Usernames, and Authentication, Authorization, and Accounting (AAA)
12.3) Configuring ASA as DHCP Server & DHCP Relay
12.4) Configuring SNMP on ASA
12.5) Enabling Logging on ASA (Syslog)
12.6) Synchronizing ASA with NTP Server
12.7) Performing the ASA Password Recovery Process

CONFIGURATION & ADMINISTRATION OF CHECKPOINT FIREWALL

Introduction to Check Point Technology — 2 hours
1.1) Check Point Security Management Architecture(SMART)
– Smart Console
– Security Management Server
– Security Gateway
1.2) Security Gateway Inspection Architecture
– INSPECT Engine Packet Flow
1.3) Checkpoint Deployment Considerations
– Standalone Deployment
– Distributed Deployment
1.4) Checkpoint Smart Console Clients
– SmartDashboard
– Smartview Tracker
– SmartLog
– SmartEvent
– SmartView Monitor
– SmartReporter
– SmartUpdate
– SmartProvisioning
– SmartEndpoint
1.5) Secure Internal Communication
1.6) Checkpoint deployment platform
– Checkpoint Security Appliances
– Checkpoint Security Blades
– Checkpoint Operating SystemLab-1) Distributed Installation – 2 hour
– Install and Configure Security Management Server Gaia R77.30
– Install and Configure Corporate Security Gateway Gaia R77.30
– Installing SmartConsole
– Testing the SIC Status
– Resetting the Trust State
– Add and Delete Administrators
– Introduction to Checkpoint CLI
– Applying useful commands in CLI
– Perform Backup and Restore
Introduction to the Security Policy – 1-2 hour
2.1) Security Policy Basics
– The Rule Base
– SmartDashboard and Objects
– Basic Rule Base Concepts
– Implicit/Explicit Rules
– Control Connections
– IP Spoofing & Anti-Spoofing
2.2) Database Revision Control
– Policy Package Management
– Database Revision ControlLab-2) Building a Security Policy – ½ -1 hour
– Create Security Gateway Object
– Create Access Rules for Gateway
– Save the Policy
– Install the Policy
– Test the Policy
– Database Revision Control
Introduction to Monitoring Traffic and Connections – 1 hour
3.1) Smart View Tracker
– Log Types
– SmartView Tracker Tabs
– Action Icons
– Log-File Management
– Administrator Auditing
– Global Logging and Alerting
– Time Setting
– Blocking Connections
3.2) SmartView Monitor
– Customized Views
– Gateway Status View
– Traffic View
– Tunnels View
– Remote Users View
– Cooperative Enforcement View
3.3) Monitoring Suspicious Activity Rules
3.4) SmartView Tracker vs.SmartView MonitorLab-3) Monitoring Through SmartView Tracker & SmartView Monitor – ½ hour
– Launch SmartView Tracker
– Track by Source and Destination
– SmartView Monitor
– Check the health status of Gateway
Introduction Network Address Translation – 1 hour
4.1) Network Address Translation
– IP Addressing
– Hide NAT
– Static NAT
– Original Packet
– Reply Packet
– NAT Global Properties
– Hide NAT Using Another Interface
– Manual NATLab-4) Configure and Test NAT – 1- 1 ½ hour
– Configure Static NAT
– Test the Static NAT Address
– Configure Hide NAT
– Test the Hide NAT Address
– Observe Hide NAT Traffic Using fw monitor
– Observe Static NAT Traffic Using fw monitor
– Configure Manual NAT rules
Introduction to Automated Software and License Updates ½ hour
5.1) SmartUpdate
– SmartUpdate Architecture
– Overview of Managing Licenses
– License Terminology
– Upgrading Licenses
– Retrieving License Data from Security Gateways
– Adding New Licenses to the License & Contract Repository
– Importing License Files
– Adding License Details Manually
– Attaching Licenses
– Detaching Licenses
– Deleting Licenses From
– Checking for Expired Licenses To Export a License to a File
– Managing Contracts Updating ContractsLab-5) Using SmartUpdate ½ hour
– View License Properties
– Add New Licenses to the License & Contract Repository
– Attach Licenses
– Detach Licenses
– Delete Licenses From
Introduction to User Management & Identity Awareness 1 ½ – 2 hour
6.1) Users and Groups
– User Types
– Authentication Methods
– LDAP Features
– Distinguished Name
– Using an Existing LDAP Server
– Configuring Entities to Work with the Gateway
– Defining an Account Unit
– Managing Users
– User Directory Groups6.2) Identity Awareness
– AD Query
– Browser-Based AuthenticationLab-6) Configuring User Directory & Implement Identity Awareness 1 hour
– Connect User Directory to Security Management Server
– Test Identity Based Awareness
Introduction to Check Point VPNs 1 hour
7.1) VPN Deployments
– Site-to-Site VPNs
– Remote-Access VPNs7.2) VPN Topologies
– Meshed VPN Community
– Star VPN Community7.3) VPN Gateway Conditions
– Domain-Based VPNs
– Route-Based VPN7.4) Access Control and VPN Communities
– Accepting All Encrypted Traffic
– Excluded Services7.5) Remote Access VPNs
– Connection between a Remote User and a Gateway
Lab-7) Site-to-site VPN 2 hour
– Define the VPN Domain
– Create the VPN Community
– Create the VPN Rule and Modifying the Rule Base
– Test VPN Connection
– VPN Troubleshooting
Introduction to Checkpoint High Availability 1 hour
8.1) ClusterXL – ClusterXL
– Cluster Synchronization
– Synchronized-Cluster Restrictions
– Securing the Sync Interface
– To Synchronize or Not to SynchronizeLab-8) Build and Test Checkpoint Cluster 1 ½ – 2 hour
9.) Upgrade the Checkpoint Cluster OS
9.1) Backup and Restore Security Gateways and Management Servers
– Snapshot management
– Upgrade Tools
– Backup Recommendations9.2) Performing UpgradesLab-9) Upgrade Security Gateway from R77 to R77.30 2 hour
Troubleshooting Tools 1 hour
10.1) TCPDUMP
10.2) FW MONITOR

CONFIGURATION & ADMINISTRATION OF PALO ALTO FIREWALL

Platform & Architecture 2 hour
1.1) Understand Single Pas Architecture
1.2) Understand Control Plane and Data Plane
1.3) Understand Flow Logic
1.4) Detailed Packet Flow
Administration and Management 2 hour
2.1) Understand GUI, CLI, and API
2.2) Understand Configuration Management
2.3) Understand PAN-OS and Software Updates
Interface Configuration 1 ½ -2 hour
3.1) Understand Interface Configuration
– Layer 2
– Layer 2
– Virtual Wire
– Tap
– Sub-interfaces
3.2) Understand Security Zones
Layer 3 configuration 2 hour
4.1) Interface Management
4.2) Service Routes
4.3) DHCP
4.4) Virtual Routers
Network Address Translation 2 hour
5.1) Source and Destination NAT
5.2) NAT Policy Configuration
Application Identification 2 hour
6.1) App-ID traffic flow
6.2) App-ID and Security Policy Configuration
6.3) Policy Administration
6.4) Policy Objects
Understand Authentication Profiles 2 hour
7.1) Setting Up Authentication Profiles
7.2) Creating a Local User Database
7.3) Configuring RADIUS Server Settings
7.4) Configuring LDAP Server Settings
User-ID Concepts 2 hour
8.1) User-ID Agent
8.2) Enumerating Users
8.3) Mapping Users to IP
8.4) Users in Security Policy
VPN Technologies 2 hour
9.1) IPSec and IKE
9.2) IPSec and IKE Crypto Profiles
9.3) Setting Up IPSec VPNs
9.4) Defining IKE Gateways
9.5) Defining IKE Crypto Profiles
9.6) Defining IPSec Crypto Profiles
9.7) Viewing IPSec Tunnel Status on the Firewall
Reports and Logs 1 hour
10.1) Logging Configuration
10.2) Scheduling Log Exports
10.3) Defining Configuration Log Settings
10.4) Defining System Log Settings
10.5) Defining HIP Match Log Settings
10.6) Defining Alarm Log Settings
10.7) Managing Log Settings
10.8) Configuring Syslog Servers
10.9) Custom Syslog Field Descriptions.
Centralized Management Overview 2 hour
11.1) Introduction to Centralized Management
11.2) Overview of Panorama Architecture

Why Choose Us ??

Years Experience

Job Assistance

Success Stories

Batches

Placement Updates

Join The Course Now !!

NETWORK DATA ANALYST

Get Real Time Training

Suitable for - Freshers ( in IT domain)

Packages - Upto 5 Lacs PA

NETWORK DATA SPECIALIST

Get Real Time Training

Suitable for - Freshers ( in IT domain)

Packages - Upto 9.5 Lacs PA