Blue Coat Certified ProxySGProfessional (BCCPP)Course Description

The Blue Coat Certified ProxySG Professional (BCCPP) Course includesmore complex and technical concepts and extensive hands-on practice. Itcovers:

●System Architecture●Caching Architecture●Services - Advanced Topics●Content Policy Language (CPL)●Regular Expressions●Managing downloads and apparent data types●HTTP Details●Using Authentication in Transparent Proxy Mode●Understanding and Using Kerberos Authentication●Advanced Authentication●Guest Authentication●SSL Proxy●Policy Tracing●Forwarding●Reverse Proxy Implementation●Two-Way URL Rewrite●Blue Coat Director●Failover●Health Checks●Web Cache Communication Protocol●VLAN Support●Managing Streaming Media●Proxy Client●Proxy Client Filtering● ICAP Concepts

Students will become Blue Coat Certified ProxySG Professionals upon

completing this course and passing the Prometric online exam.Audience

IT network or security professionals who have practical experience withthe ProxySG in the field and wish to master the advanced networksecurity capabilities of Blue Coat products.

Course Objectives

The Blue Coat Certified ProxySG Professional (BCCPP) Course isintended for IT professionals who wish to master the advance features ofthe Blue Coat ProxySG. After completing this course, you willunderstand:

●The architecture of the ProxySG●How to use Content Policy Language and trace policy execution●Authentication realms and how to configure them on the ProxySG●How to use the ProxySG for forwarding and failover●Streaming media and bandwidth management●How the ProxySG works with the ProxyAV to perform anti-virus

scanning●How Blue Coat Director can be used to manage multiple ProxySG

appliances

Prerequisites

Blue Coat Certified ProxySG Administrator (BCCPA) certification, orwaiver exam, plus practical experience with the ProxySG in the field.Additionally, students should possess advanced knowledge ofnetworking, security, and authentication.

Course Outline

Chapter 1: System Architecture

ProxySG® architecture is complex and evolves continually to supportnew and better features. This chapter discusses how the ProxySG handlestransactions, analyzes, and processes policy. You can use the informationin this chapter to better understand ProxySG hardware sizing.

Chapter 2: Caching Architecture

This chapter introduces the concept of caching, where copies of pagesand files requested from the web are saved to reduce the time it takes tore-request them. This can reduce latency, provide bandwidthmanagement, and prevent high loads on servers. The chapter alsoexplains how caching is implemented in the ProxySG.

Chapter 3: Services - Advanced Topics

This chapter describes TCP tunneling and how to use it in an edge-coredeployment. TCP tunneling can be combined with byte caching and datacompression to reduce bandwidth and increase performance. It is usefulfor detecting peer-to-peer connections going over open ports on thefirewall.

Chapter 4: Content Policy Language

This chapter covers the structure and syntax of Content Policy Language(CPL). Numerous examples will help you will learn proper usage andbest practices. The chapter also discusses policy files used by theProxySG.

Chapter 5: Regular Expressions

After giving a brief history of regular expressions, this chapter discussesthe syntax of the Blue Coat implementation of Perl-compatible regularexpressions. The chapter gives many examples and discussesperformance issues arising from their use.

Chapter 6: Managing Downloads and Apparent Data Types

As users download seemingly safe content such as music files, they mightunknowingly download viruses, Trojans, or malware. This chapterdescribes how you can protect your network from these hidden dangers.Details on the possible tampering of MIME types and its consequencesare also discussed. To overcome this tampering of the MIME types, aunique technique called Apparent Data Types is used, which allows youto create policies based on the actual file signature.

Chapter 7: HTTP Details

This chapter looks at HTTP in detail to show how you can use HTTP toperform special redirection. It shows practical examples of howadministrators use redirection, authentication, and cookies to accomplishtheir business goals. This chapter is fundamental to understanding howthe ProxySG manages authentication in transparent proxy mode.

Chapter 8: Authentication in Transparent Proxy Mode

Authentication in transparent proxy deployments is a challenge. Thischapter discusses how the ProxySG authenticates users in a scenariowhere HTTP 407 is not available, without the user receiving multipleauthentication requests.

Chapter 9: Using Kerberos Authentication

In this chapter, you will explore the system requirements and

configuration necessary to support Kerberos authentication with theProxySG. This chapter introduces the Blue Coat Authentication andAuthorization Agent (BCAAA), which is used to pass authenticationrequests between the ProxySG and the authentication database. Thischapter also focuses on configuring the ProxySG and BCAAA to supportKerberos authentication.Chapter 10: Advanced Authentication

This chapter is designed to both dive into the details on how ProxySGhandles the authentication process and as a primer for the GuestAuthentication feature. The complexity pertaining to authentication is thatProxySG is a multi-protocol device. A single user can be using a Webbrowser, have an FTP download going, chatting through instantmessaging, and streaming a video all from the same desktop. The chapterdescribes how the ProxySG deals with the different scenarios. Alsodiscussed in the chapter are details on surrogate credentials, inactivitytimer during authentication, and the authentication model on which theProxySG is based.

Chapter 11: Guest Authentication

This chapter discusses the ability of the ProxySG to allow access tounauthenticated and/or unauthorized users even when there areauthentication policies in place. The chapter provides a detailedunderstanding of the features that the ProxySG makes available to theadministrator. The chapter also discusses persistent connections, bestpractices to be followed while authenticating, and a possibletroubleshooting scenario.

Chapter 12: SSL Proxy

This chapter provides an introduction to the Blue Coat SSL proxy.HTTPS, which is HTTP over SSL, offers secure communication betweena client and a server. Unfortunately, malicious internal users and Websites can retrieve or distribute inappropriate content over HTTPS. Thischapter discusses how the SSL proxy overcomes these securitychallenges.

Chapter 13: Policy Tracing

This chapter explains how policies are created to enforce anorganization's rules for acceptable Web use. This chapter also illustrateswhy only a secure proxy with an object-handling operating system canoffer the framework needed to identify and enforce policies across anentire enterprise.

Chapter 14: Forwarding

Forwarding is the ability to forward Web requests to other appliancesbefore sending the request to an origin content server. This chapter

describes how forwarding can be used to provide administrators with theflexibility to define scalable proxy-hierarchy designs. It also shows howstudents can create forwarding commands.Chapter 15: Reverse Proxy Implementation

This chapter expands on the reverse proxy concepts discussed in the BlueCoat Certified Proxy Administrator (BCCPA) course. It explains typicalreverse proxy deployments and describes the many benefits of theProxySG reverse proxy.

Chapter 16: Two-Way URL Rewrite

This chapter discusses two-way URL rewrite, a way to ensure theconsistency and accuracy of links served by the ProxySG to the client andheaders from the ProxySG to the server. This feature is an important toolin successfully implementing a reverse proxy deployment.

Chapter 17: Failover

Today's networks require total device availability; downtime is not anoption. To guarantee continuity of service, a failover mechanism isrequired. The ProxySG offers the capability to implement a redundantconfiguration of Blue Coat secure proxy appliances. This chapterdescribes failover, how it is used, and how it is configured.

Chapter 18: Health Checks

The goal of this chapter is to describe the function of ProxySG healthchecks, why they are important and useful, and how they work. The mainfunction of health checks is to allow Blue Coat customers to monitor theirexternal resources that work with Blue Coat products. Customers are ableto monitor many resources such as SOCKS gateways and Websense off-box services.

Chapter 19: Web Cache Communication Protocol

The Web Cache Communication Protocol was developed by CiscoSystems and specifies interactions between one or more routers (or Layer3 switches) and one or more Web caches. The purpose of the interactionis to establish and maintain a transparent redirection of selected types oftraffic flowing through a router. This chapter describes how Web trafficcan be transparently redirected to the ProxySG from a Cisco router,allowing comprehensive Web policies to be implemented for theenterprise.

Chapter 20: VLAN Support

A Virtual Local Area Network (VLAN) is a logical broadcast domain thatspans multiple physical LAN segments. Unlike the routers which split thenetwork based on its geographical location, VLANs can logically group

switch ports and their connected users by functions, departments, orapplications. Topics include VLAN tags, trunking, asymmetric trunking,and some possible deployment situations.Chapter 21: Managing Streaming Media

This chapter introduces the concepts behind streaming media, anddescribes how using the ProxySG for streaming delivery minimizesbandwidth use. Allowing the ProxySG to handle the broadcast allows forpolicy enforcement over streaming use. Also discussed are supportedclients and formats and how the ProxySG handles streaming mediaaccording to its delivery method.

Chapter 22: ProxyClient

This chapter introduces ProxyClient®, a thick client whose primaryfunction is to accelerate application traffic over a WAN with a ProxySGat the core. Covered in this chapter are the features and benefits of usingProxyClient in implementation for mobile users or small remote offices.

Chapter 23: ProxyClient Filtering

This chapter goes into more detail about the content filtering options ofProxyClient. After covering the benefits of using filtering and loggingwith ProxyClient, this chapter shows you how to configure for filteringand perform maintenance and troubleshooting.

Chapter 24: Introduction to ProxyAV

This chapter introduces the ProxyAV?"?, Blue Coat's virus-scanningappliance. Traditional Web anti-virus gateways often lack scalability andperformance for HTTP and FTP scanning, which leaves desktopsvulnerable. Combined with the ProxySG, the ProxyAV providesscalability for virus scanning, plus complete visibility and control ofenterprise Web communications.

Chapter 25: ICAP Concepts

This chapter covers the Internet Content Adaptation Protocol (ICAP), thecommunication mechanism between the ProxySG and virus-scanningappliances such as the ProxyAV. After reviewing the fundamentalsbehind ICAP, this chapter discusses how an ICAP server is configured,how to use associated tools for scanning and delivering data, how secureICAP differs from plain ICAP, and how to configure ICPcommunications between the ProxySG and virus-scanning appliances.

Chapter 26: Introduction to Director

This chapter explains how organizations with multiple ProxySGappliances can benefit by using Blue Coat Director. It shows howDirector can be deployed and how administrators can use it to manage

ProxySG configurations, set policy, distribute and control Web content,and perform backups.Appendix A: Understanding Digital Certificates

The appendix gives details about asymmetric cipher, Public KeyInfrastructure, digital certificates, and certification - topics essential insecuring transmission of data over networks.

Appendix B: Understanding Kerberos Authentication

This appendix discusses the basic concepts behind Kerberosauthentication. It also explains the differences between NTLM andKerberos authentication realms. The chapter also focuses on Kerberosticket structure, ticket granting tickets, and ticket granting services.