Category: jncis-sec

JNCIS-SEC [ Web Filtering ]

There are three types of Web Filtering solutions: 1) Integrated Web Filtering:  This solution intercepts every HTTP request in a TCP connection. Then device identifies the category of a URL either from user-defined categories or from a category server (Surf Control Content Portal by Websense) 2) Redirect Web Filtering: This solution intercepts HTTP requests and
Read More »

JNCIS-SEC [ Content Filtering ]

Content filtering blocks or permits certain types of traffic based on the MIME type, file extension and protocol command. The content filter controls file transfers across the gateway. The content filter module evaluates traffic before all other UTM modules except Web Filtering. There are three types of content filters: 1) MIME Pattern Filter: It is
Read More »

JNCIS-SEC [ Antivirus ]

There are two types of protection techniques a) Full Antivirus Protection b) Express Antivirus Protection A) Full Antivirus Protection Files are scanned against a signature database.  Data packets are received and the original application content e.g email attachment is reconstructed. Kaspersky lab provides scan engine and if antivirus license expires, you can continue to use
Read More »

JNCIS-SEC [ Antispam ]

SPAM is an unwanted message as everyone knows. When SRX detects a message deemed to be spam, it blocks the email message or tags it with a configured string.  You can use a 3rd party spam block list (SBL) or create your own (whitelist or blacklist)  A) Server Based Antispam Filtering Firewall performs SBL lookups
Read More »

JNCIS-SEC [ Introduction to UTM ]

JNCIS-SEC exam has recently added UTM into its topic list  which I think makes the exam more difficult. I will try to summarize what I get from Junos Security Guide and present my configuration. Lets start with the first Introduction to UTM Unified Thread Management (UTM) is used to describe the consolidation of several security features
Read More »

JNCIS-SEC [ NAT ]

To delve into NAT processing in Junos it is better to see the packet flow in ASCII. First PATH: Screens->Static NAT->Dest NAT->Route->Zones->Policy->Reverse Static NAT->Source NAT->Services ALG->Session Fast PATH:  Screens->TCP->NAT->Services ALG Based on the first packet of session, JUNOS installes NAT and PAT information into the session table for fast path processing. You should pay attention
Read More »

JNCIS-SEC [ SCREEN ]

Screen is an option that you can use to prevent some sort of attacks. Once enabled, screen check is performed prior to any other check according to the packet flow diagram.  For an attack to take place, several stages have to be taken; Reconnaissance IP Address Sweep This is used to know the layout of
Read More »

JNCIS-SEC [ Firewall User Authentication ]

With firewall authentication,  users can be restricted. If a user tries to access a network resource, they will be asked for username/password.  Authentication methods are; * local password database * RADIUS * LDAP * SecurID There are two types of user authentication available * Pass-through authentication: Users are authenticated when they try to access a
Read More »

JNCIS-SEC [Security Policies]

Security policy is set of rules that tells a Junos device what to do with transit traffic between zones and within a zone. SRXs as apposed to Netscreen devices by default don’t allow intra zone traffic. If the destination of the traffic is the device itself, security policies aren’t applicable. Instead host-inbound-traffic option must be used
Read More »

JNCIS-SEC [Introduction]

Packet forwarding on Junos security devices are stateful as opposed to a traditional router whose behaviour is stateless/promiscuous. There are several requirements for security devices; 1) Stateful packet processing based on IP,transport and application layer 2) NAT,PAT 3) VPNs with authentication and encryption Stateful packet processing involves a unidirectional flow consisting of six elements 1)
Read More »