NETWORK SECURITY EXPERT

NG Networks is offering a lifetime opportunity for the aspirants looking for making a career in Network Security domain. This program is the next level to the certification program as it covers multi-vendor technologies like the checkpoint, Palo Alto, Fortinet and ASA which is high in demand in Industries nowadays.

This program is made up by using top content required in Real-Time as per clients demand and its based on the requirement of the Real-Time environment. Training at NG Networks is provided by highly experienced Security Engineers from the top industries.

Register for Free Demo Class!!

It’s High Time to make a smart move for your career. Register Now!

Objectives

Training starts from Cisco Data and F5 will be adjoined to consign it into a right flavour. Then the profile is furnished by giving Security Training on different Firewall.

  • Overall it is one of the finest curriculums one can have in IT Network infrastructure
  • NG Networks offering flexible courses schedules with shorter times

Firewall Covered – ASA, Checkpoint, Palo Alto and Fortinet

Prerequisite – Knowledge of CCNA or equivalent

Course Summary

Basic Network Security Knowledge

Configure ASA with IP address and Access-lists

Execute change management in ASA Firewalls

Perform access related trouble shooting using Trace & Ping Commands

Checkpoint knowledge with rule base

Configure routes on NAT on ASA & checkpoint firewalls

Palo Alto, Architecture, Application & policy configuration

Vulnerability Management

Download Complete Syllabus

Course Curriculum

NETWORK BASICS - QUICK REVIEW

  • Introduction to Networks
    1.1) LAN
    1.2) WAN
  • Review OSI & TCP/IP Reference Model
    2.1) Layers and communication
    2.2) Encapsulation & De-encapsulation
  • Review IP Addressing
    3.1) IP Address Components
    3.2) Classes of Addresses
  • Review important Protocols
    4.1) IP
    4.2) TCP
    4.3) UDP
    4.4) ICMP
    4.5) ARP
  • TCP 3-Way Handshake
  • How Router Works
  • Static & Dynamic Routing
  • How Switch Works
  • Review VLAN Concepts
  • How Trace route works

NETWORK SECURITY – QUICK OVERVIEW

  • Network Security Overview
  • Security Goal (CIA)
  • Security Attacks
  • Defence In-Depth
  • Introduction to Firewall
  • Introduction to IPS / IDS

CONFIGURATION & ADMINISTRATION OF CISCO ASA FIREWALL

  • Cisco ASA Essentials
    1.1) Cisco ASA Features
    1.2) Cisco ASA Hardware
    1.3) Cisco ASA Licensing Overview
    1.4) Cisco File System
  • Basic Connectivity and Device Management
    2.1) Managing the Cisco ASA Using the CLI
    2.2) Managing the Cisco ASA Using Cisco ASDM
    2.3) Navigating Basic Cisco ASDM Features
    2.4) Managing Cisco ASA Security Levels
    2.5) Configuring and Verifying Basic Connectivity Parameters
    2.6) Troubleshooting Basic Connectivity
    2.7) Using TCP Ping
  • Implement ASA Static Routing
    3.1) Configuring Static Routes
    3.2) Configuring Default Route
  • Network Access Control
    4.1) Configuring and Verifying Interface ACLs
    4.2) Configuring and Verifying Global ACLs
    4.3) Configuring and Verifying Time based ACLs
    4.4) Configuring and Verifying Objects
    4.5) Configuring and Verifying Object Groups
    4.6) Maintaining and updating ACLs
    4.7) Controlling ICMP traffic through the ASA
    4.8) Controlling ICMP traffic to the ASA
    4.9) Troubleshooting ACLs
    4.10) uRPF
    4.11) shun
    4.12) Troubleshooting connection using Packet Tracer and Packet Capture feature
  • Implement Network Address Translation (NAT) on the ASA
    5.1) Pre 8.3 – static, dynamic, policy, identity nat, nat exemption
    5.2) 8.3 – Auto (Object) NAT, Manual (Twice) NAT
  • Interface High Availability
    6.1) Configuring and Verifying EtherChannel
    6.2) Configuring and Verifying Redundant Interfaces
    6.3) Troubleshooting EtherChannel and Redundant Interfaces
  • Implement ASA transparent firewall
    7.1) Routed vs. Transparent Mode
    7.2) Traffic flow and ACL in transparent firewall
  • Cisco Modular Policy Framework Overview
    8.1) MPF Policies
    8.2) Class Maps
    8.3) Policy Maps
    8.4) Services Policies
    8.5) TCP state bypass
    8.6) Connection limits
  • Implement ASA Virtualization feature
    9.1) Security Contexts
    9.2) Security Contexts Resource Limiting
  • ASA High Availability
    10.1) Implement ASA Stateful Failover
    10.2) Active/Standby
    10.3) Active/Active
  • ASA IPSEC VPN
    11.1) Implement basic IPSEC S2S VPN operations with PSK.
    11.2) Implement basic IKEv2 based IPSEC S2S VPN operations with PSK.
    11.3) Verify and Troubleshoot the IPSEC S2S VPN.
    11.4) Implement basic IPSEC Remote Access VPN operations.
    11.5) Verify and Troubleshoot the IPSEC S2S VPN.
  • ASA Management Configuration
    12.1) Configuring Logon Banners
    12.2) Configuring Usernames, and Authentication, Authorization, and Accounting (AAA)
    12.3) Configuring ASA as DHCP Server & DHCP Relay
    12.4) Configuring SNMP on ASA
    12.5) Enabling Logging on ASA (Syslog)
    12.6) Synchronizing ASA with NTP Server
    12.7) Performing the ASA Password Recovery Process

CONFIGURATION & ADMINISTRATION OF CHECKPOINT FIREWALL

  • Introduction to Check Point Technology — 2 hours
    1.1) Check Point Security Management Architecture(SMART)
    – Smart Console
    – Security Management Server
    – Security Gateway
    1.2) Security Gateway Inspection Architecture
    – INSPECT Engine Packet Flow
    1.3) Checkpoint Deployment Considerations
    – Standalone Deployment
    – Distributed Deployment
    1.4) Checkpoint Smart Console Clients
    – SmartDashboard
    – Smartview Tracker
    – SmartLog
    – SmartEvent
    – SmartView Monitor
    – SmartReporter
    – SmartUpdate
    – SmartProvisioning
    – SmartEndpoint
    1.5) Secure Internal Communication
    1.6) Checkpoint deployment platform
    – Checkpoint Security Appliances
    – Checkpoint Security Blades
    – Checkpoint Operating SystemLab-1) Distributed Installation – 2 hour
    – Install and Configure Security Management Server Gaia R77.30
    – Install and Configure Corporate Security Gateway Gaia R77.30
    – Installing SmartConsole
    – Testing the SIC Status
    – Resetting the Trust State
    – Add and Delete Administrators
    – Introduction to Checkpoint CLI
    – Applying useful commands in CLI
    – Perform Backup and Restore
  • Introduction to the Security Policy – 1-2 hour
    2.1) Security Policy Basics
    – The Rule Base
    – SmartDashboard and Objects
    – Basic Rule Base Concepts
    – Implicit/Explicit Rules
    – Control Connections
    – IP Spoofing & Anti-Spoofing
    2.2) Database Revision Control
    – Policy Package Management
    – Database Revision ControlLab-2) Building a Security Policy – ½ -1 hour
    – Create Security Gateway Object
    – Create Access Rules for Gateway
    – Save the Policy
    – Install the Policy
    – Test the Policy
    – Database Revision Control
  • Introduction to Monitoring Traffic and Connections – 1 hour
    3.1) Smart View Tracker
    – Log Types
    – SmartView Tracker Tabs
    – Action Icons
    – Log-File Management
    – Administrator Auditing
    – Global Logging and Alerting
    – Time Setting
    – Blocking Connections
    3.2) SmartView Monitor
    – Customized Views
    – Gateway Status View
    – Traffic View
    – Tunnels View
    – Remote Users View
    – Cooperative Enforcement View
    3.3) Monitoring Suspicious Activity Rules
    3.4) SmartView Tracker vs.SmartView MonitorLab-3) Monitoring Through SmartView Tracker & SmartView Monitor – ½ hour
    – Launch SmartView Tracker
    – Track by Source and Destination
    – SmartView Monitor
    – Check the health status of Gateway
  • Introduction Network Address Translation – 1 hour
    4.1) Network Address Translation
    – IP Addressing
    – Hide NAT
    – Static NAT
    – Original Packet
    – Reply Packet
    – NAT Global Properties
    – Hide NAT Using Another Interface
    – Manual NATLab-4) Configure and Test NAT – 1- 1 ½ hour
    – Configure Static NAT
    – Test the Static NAT Address
    – Configure Hide NAT
    – Test the Hide NAT Address
    – Observe Hide NAT Traffic Using fw monitor
    – Observe Static NAT Traffic Using fw monitor
    – Configure Manual NAT rules
  • Introduction to Automated Software and License Updates ½ hour
    5.1) SmartUpdate
    – SmartUpdate Architecture
    – Overview of Managing Licenses
    – License Terminology
    – Upgrading Licenses
    – Retrieving License Data from Security Gateways
    – Adding New Licenses to the License & Contract Repository
    – Importing License Files
    – Adding License Details Manually
    – Attaching Licenses
    – Detaching Licenses
    – Deleting Licenses From
    – Checking for Expired Licenses To Export a License to a File
    – Managing Contracts Updating ContractsLab-5) Using SmartUpdate ½ hour
    – View License Properties
    – Add New Licenses to the License & Contract Repository
    – Attach Licenses
    – Detach Licenses
    – Delete Licenses From
  • Introduction to User Management & Identity Awareness 1 ½ – 2 hour
    6.1) Users and Groups
    – User Types
    – Authentication Methods
    – LDAP Features
    – Distinguished Name
    – Using an Existing LDAP Server
    – Configuring Entities to Work with the Gateway
    – Defining an Account Unit
    – Managing Users
    – User Directory Groups6.2) Identity Awareness
    – AD Query
    – Browser-Based AuthenticationLab-6) Configuring User Directory & Implement Identity Awareness 1 hour
    – Connect User Directory to Security Management Server
    – Test Identity Based Awareness
  • Introduction to Check Point VPNs 1 hour
    7.1) VPN Deployments
    – Site-to-Site VPNs
    – Remote-Access VPNs7.2) VPN Topologies
    – Meshed VPN Community
    – Star VPN Community7.3) VPN Gateway Conditions
    – Domain-Based VPNs
    – Route-Based VPN7.4) Access Control and VPN Communities
    – Accepting All Encrypted Traffic
    – Excluded Services7.5) Remote Access VPNs
    – Connection between a Remote User and a GatewayLab-7) Site-to-site VPN 2 hour
    – Define the VPN Domain
    – Create the VPN Community
    – Create the VPN Rule and Modifying the Rule Base
    – Test VPN Connection
    – VPN Troubleshooting
  • Introduction to Checkpoint High Availability 1 hour
    8.1) ClusterXL     – ClusterXL
    – Cluster Synchronization
    – Synchronized-Cluster Restrictions
    – Securing the Sync Interface
    – To Synchronize or Not to SynchronizeLab-8) Build and Test Checkpoint Cluster 1 ½ – 2 hour
  • 9.) Upgrade the Checkpoint Cluster OS
    9.1) Backup and Restore Security Gateways and Management Servers
    – Snapshot management
    – Upgrade Tools
    – Backup Recommendations9.2) Performing UpgradesLab-9) Upgrade Security Gateway from R77 to R77.30 2 hour
  • Troubleshooting Tools 1 hour
    10.1) TCPDUMP
    10.2) FW MONITOR

CONFIGURATION & ADMINISTRATION OF PALO ALTO FIREWALL

  • Platform & Architecture 2 hour
    1.1) Understand Single Pas Architecture
    1.2) Understand Control Plane and Data Plane
    1.3) Understand Flow Logic
    1.4) Detailed Packet Flow
  • Administration and Management 2 hour
    2.1) Understand GUI, CLI, and API
    2.2) Understand Configuration Management
    2.3) Understand PAN-OS and Software Updates
  • Interface Configuration 1 ½ -2 hour
    3.1) Understand Interface Configuration
    – Layer 2
    – Layer 2
    – Virtual Wire
    – Tap
    – Sub-interfaces
    3.2) Understand Security Zones
  • Layer 3 configuration 2 hour
    4.1) Interface Management
    4.2) Service Routes
    4.3) DHCP
    4.4) Virtual Routers
  • Network Address Translation 2 hour
    5.1) Source and Destination NAT
    5.2) NAT Policy Configuration
  • Application Identification 2 hour
    6.1) App-ID traffic flow
    6.2) App-ID and Security Policy Configuration
    6.3) Policy Administration
    6.4) Policy Objects
  • Understand Authentication Profiles 2 hour
    7.1) Setting Up Authentication Profiles
    7.2) Creating a Local User Database
    7.3) Configuring RADIUS Server Settings
    7.4) Configuring LDAP Server Settings
  • User-ID Concepts 2 hour
    8.1) User-ID Agent
    8.2) Enumerating Users
    8.3) Mapping Users to IP
    8.4) Users in Security Policy
  • VPN Technologies 2 hour
    9.1) IPSec and IKE
    9.2) IPSec and IKE Crypto Profiles
    9.3) Setting Up IPSec VPNs
    9.4) Defining IKE Gateways
    9.5) Defining IKE Crypto Profiles
    9.6) Defining IPSec Crypto Profiles
    9.7) Viewing IPSec Tunnel Status on the Firewall
  • Reports and Logs 1 hour
    10.1) Logging Configuration
    10.2) Scheduling Log Exports
    10.3) Defining Configuration Log Settings
    10.4) Defining System Log Settings
    10.5) Defining HIP Match Log Settings
    10.6) Defining Alarm Log Settings
    10.7) Managing Log Settings
    10.8) Configuring Syslog Servers
    10.9) Custom Syslog Field Descriptions.
  • Centralized Management Overview 2 hour
    11.1) Introduction to Centralized Management
    11.2) Overview of Panorama Architecture

Why Choose Us ??

0
Years Experience
0
Job Assistance
0
Success Stories
0
Batches

Placement Updates

Join The Course Now !!

Rules and Regulation:

  • Aspirants must secure 7/10 in the tests which will be conducted on every module.
  • A candidate must not violate the Leave policy without the administration’s permission.
  • An aspirant is expected to be sincere towards the decorum of the class.
  • Misbehaviour with Trainer, Students, and Management is strictly forbidden.
  • They must be obedient towards the hierarchy.
  • A Delay in their fee may impact their Job Guarantee.
  • Failed in Test may lead to repeat the classes and delay in program time duration as per the commitment.
  • A Candidate must be a graduate
  • Candidate with forged documents is strictly prohibited.