Arbor Networks SP Essentials

This five-day course focuses on using Arbor Networks SP for both network visibility and availability protection. The goal of the course is to build the attendee’s confidence by providing hands-on experience in using Arbor Networks SP to observe traffic characteristics of their network and to identify and mitigate DDoS (Distributed Denial of Service) attacks. Fundamental TMS countermeasures and mitigation workflow are introduced.

Target Audience

Security administrators, network operations personnel, and staff responsible for monitoring network traffic, mitigating DDoS attacks and ensuring peak performance of the Arbor Networks SP deployment.


40 Course Hours

Learning Credits

CEUs: 4.0
(ISC)2: 40 hours - Multiple Domains

Upon Completion

  • Navigate the SP UI (User Interface)
  • Use system status and monitoring to analyze deployment health
  • Use network status and related reports to verifying network operation
  • Create managed objects, analyze associated traffic reports, and configure anomaly detection settings
  • Differentiate anomalies that are DDoS attacks from non-attack occurrences
  • Mitigate DDoS attacks using flowspec filters and blackhole routes
  • Mitigate DDoS attacks using specific TMS countermeasures - flow filters, TCP SYN Authentication and Zombie Detection
  • Maintain the SP deployment with system tuning, configuration management, and backup/restore of databases

Course Topics

  • System monitoring
  • Managed objects
  • Network and managed object reports
  • Detection settings
  • Anomaly alerts
  • SP mitigation
  • System maintenance

Course Outline

  1. Technical Overview
    • System architecture and overall functionality
    • Traffic visibility and analysis capability
    • DDoS detection and mitigation capability
    • Capabilities as a service enabler
    • Lab: User Interface familiarization
  2. Surveying Your Deployment 
    • Checking Deployment Status
    • Checking Appliance Status
    • Checking Appliance Monitoring
    • Checking Security Status
    • Lab: Examining deployment status and health
  3. Verifying Your Network
    • Analyze the health of the network and monitored routers
    • Identify the network boundary
    • Describe interface classification
    • Configure interface auto-configuration rules
    • Lab: Examining network and interface classification
  4. Interpreting Network Reports
    • Use network reports
    • Build Explore queries
    • Create custom Wizard reports
    • Lab: Examining network and router reports
  5. Creating Managed Objects
    • Describe use of managed objects in SP
    • Describe managed object traffic counting
    • Configure managed objects
    • Configure managed object children
    • Lab: Creating managed objects
  6. Interpreting Managed Object Reports
    • Describe network and local boundaries
    • Explain managed object boundary-based counting
    • Apply managed object reporting
    • Lab: Examining managed objects reports
  7. Configuring Anomaly Detection
    • Identify the impact of DDoS attacks
    • Describe how SP detects and classifies anomalies
    • Configure Host detection settings
    • Configure Profiled Router and Profiled Network detection settings
    • Activate and configure Fingerprints
    • Lab: Examine anomaly detection settings
  8. Interpreting Anomaly Alerts
    • Monitor alert activity on your deployment
    • Interpret anomaly alert presentation
    • Analyze an anomaly to identify possible DDoS attacks
    • Lab: Examine anomaly alerts
  9. Mitigating Attacks with SP
    • Employ SP mitigation methods
    • Use SP-triggered blackhole mitigations
    • Lab: Mitigate attacks with blackhole routes and flow spec filters
  10. Mitigating Attacks Using the TMS
    • Launch and monitor TMS mitigations
    • Use filter lists to mitigate an attack
    • Build mitigation templates
    • Run learning mitigations
    • Use TCP SYN Authentication and Zombie Detection countermeasures to mitigate attacks
    • Lab: Mitigate attacks with TMS countermeasures
  11. Maintaining SP
    • Perform system maintenance using:
      • System Tuning
      • Configuration management
      • Backup/restore of databases
    • Describe system upgrade details and procedure
    • Implement maintenance timing