CCNP Security Cisco Identify Services Engine SISE 300-715

CCNP Security Cisco Identify Services Engine SISE 300-715

by Joseph Muniz / Kevin Tigges
Released February 2020
Publisher(s): Pearson
ISBN: 0136677207

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

8+ Hours of Video Instruction

CCNP Security Management (SISE) 300-715 Complete Video Course focuses on implementing and configuring Cisco Identity Services Engine for preparation for the SISE 300-715 certification, and providing the necessary skills for real-world deployment scenarios.

Overview

CCNP Security Management (SISE) 300-715 Complete Video Course focuses on a blend of the real-world experience and best practices mixed with the requirements for the CCNP SISE 300-715 exam. The goal of the course is to not only cover the objectives for the SISE 300-715, but also provide a solid learning resource for mastering key concepts regarding planning and delivering a Cisco ISE solution. Topics include how to develop an ISE architecture; what to consider during the crawl, walk, and run phases of a deployment; and how to support a mature ISE deployment. The course walks you through a successful deployment and elaborates on how to avoid common pitfalls. The course includes many examples and demos of how to configure the technology, so the viewer can follow along with their own lab to master each concept.

Topics Include:



Module 1: ISE Fundamentals

Module 2: Policies

Module 3: Device Identification and Onboarding

Module 4: Compliance and Network Device Control

About the Instructors

Joseph Muniz is an architect at Cisco Systems and a security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and the U.S. government. Joseph’s current role gives him visibility into the latest trends in cybersecurity, from both leading vendors and customers. Examples of Joseph’s research include his RSA talk titled Social Media Deception, which has been quoted by many sources (search for Emily Williams Social Engineering), as well as his articles in PenTest Magazine regarding various security topics.

Joseph runs The Security Blogger website, a popular resource for security, hacking, and product implementation. He is the author and contributor of several publications covering various penetration testing and security topics. Joseph has been involved with planning and delivering Cisco NAC appliance and Identity Services Engine deployments for more than 10 years for various types of customers around the world. You can follow Joseph at thesecurityblogger.com and @SecureBlogger @SecureBlogger.

Kevin Tigges is a consulting security engineer at Cisco Systems focusing on large enterprise accounts. He has more than 25 years of experience in small and large enterprises designing network and security solutions. Kevin worked in the healthcare industry for a number of years and enjoys focusing on helping other healthcare customers understand how Cisco ISE can provide a secure access platform. Kevin has deployed ISE as a customer and has a deep understanding of considerations and caveats of a successful deployment. In his spare time, he enjoys time with his wife of 28 years, his 2 boys, being outside, and target archery.

Skill Level

  • Intermediate

Learn How To

  • Understand ISE architecture, node types, and deployment models
  • Understand the fundamentals of network access control and the Cisco ISE offering
  • Be able to develop ISE policies for users, guests, BYOD, and headless devices
  • Develop deployment strategies for ISE with various third party integrations
  • Prepare for the SISE 300-715 certification exam

Who Should Take This Course

This course is designed for anybody interested in learning about access control best practices and how to use Cisco Identity Services Engine. This includes those looking to study for the SISE 300-715 exam, as well as those responsible for an organization’s security, looking to deploy network access control using Cisco ISE.

Course Requirements



Students should have a basic understanding of how networks function including routing and switching concepts. Experience with designing and deploying networks is a plus. A basic understand of security requirements is also beneficial.

Lesson Descriptions

Module 1, "ISE fundamentals," introduces the ISE key concepts you will need to know before moving on to other topics. In this course, we will cover the requirements for the SISE exam as well as recommendations and best practices we have learned from deploying ISE for various customers. By the end of this module, you should have a general understanding of Cisco ISE core concepts as well as know how to develop a plan to deploy each phase of an ISE engagement.

Module 2, "Policies," moves into the specifics of how the solution works. This module reviews how to build ISE policies, which includes managing identities of users and devices. Policies are the essential backbone of an ISE deployment, so having a good understanding of the different types of policies and components is essential to a successful implementation.

Module 3, "Device Identification and Onboarding," will look at three important deployment concepts that are usually encountered during an ISE deployment. First, guest access is covered, and then onto profiling, which is how to fingerprint devices. The module rounds out with BYOD.

Module 4, "Compliance and Network Device Control," dives into endpoint compliance, and adding and managing network access devices. Another term for endpoint compliance is posture, which tends to be part of the later phases of an ISE deployment. ISE uses NADs or network devices to enforce policies, so it is important to understand how to add and manage NADs to successfully deploy a ISE solution.

About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. CCNP Security Cisco Identity Services Engine SISE 300-715: Introduction
  2. Module 1: ISE Fundamentals
    1. Module introduction
  3. Lesson 1: NAC architecture and deployment strategies
    1. Learning objectives
    2. 1.1 Introducing ISE
    3. 1.2 Understanding ISE deployment options--Part 1
    4. 1.3 Understanding ISE deployment options--Part 2
    5. 1.4 Understanding ISE deployment options--Part 3
    6. 1.5 Understanding ISE and certificates--Part 1
    7. 1.6 Understanding ISE and certificates--Part 2
    8. 1.7 Understanding and configuring ISE personas
    9. 1.8 How people and process impact ISE deployments
  4. Module 2: Policies
    1. Module introduction
  5. Lesson 2: Identity Management
    1. Learning objectives
    2. 2.1 Introducing ISE policies--Part 1
    3. 2.2 Introducing ISE policies--Part 2
    4. 2.3 Introducing ISE policies--Part 3
    5. 2.4 Fundamentals of AAA
    6. 2.5 Configuring native Active Directory (AD)--Part 1
    7. 2.6 Configuring native Active Directory (AD)--Part 2
    8. 2.7 Configuring LDAP
    9. 2.8 Troubleshooting AD
    10. 2.9 Understanding ISE Identity Store
    11. 2.10 Identity Store options--Part 1
    12. 2.11 Identity Store options--Part 2
    13. 2.12 Troubleshooting ISE Identity Stores
  6. Lesson 3: 802.1x and MAC Address Bypass (MAB)
    1. Learning objectives
    2. 3.1 Configuring 802.1x wired/wireless network access--Part 1
    3. 3.2 Configuring 802.1x wired/wireless network access--Part 2
    4. 3.3 Configuring 802.1x wired/wireless network access--Part 23
    5. 3.4 Configuring 802.1x wired/wireless network access--Part 4
    6. 3.5 Understanding phased deployments for 802.1x--Part 1
    7. 3.6 Understanding phased deployments for 802.1x--Part 2
    8. 3.7 Understanding Network Access Device (NAD)
    9. 3.8 Configuring NAD
    10. 3.9 Troubleshooting NAD
    11. 3.10 Understanding MAC Address Bypass (MAB)
    12. 3.11 Configuring MAB--Part 1
    13. 3.12 Configuring MAB--Part 2
    14. 3.13 Troubleshooting MAB
  7. Lesson 4: TrustSec
    1. Learning objectives
    2. 4.1 Introducing TrustSec
    3. 4.2 Cisco TrustSec overview and devices configuration--Part 1
    4. 4.3 Cisco TrustSec overview and devices configuration--Part 2
    5. 4.4 Cisco TrustSec overview and devices configuration--Part 3
    6. 4.5 Cisco TrustSec policy configuration for ISE--Part 1
    7. 4.6 Cisco TrustSec policy configuration for ISE--Part 2
    8. 4.7 Troubleshooting TrustSec and ISE
  8. Module 3: Device Identification and Onboarding
    1. Module introduction
  9. Lesson 5: Guest Services
    1. Learning objectives
    2. 5.1 Planning guest services
    3. 5.2 Onboarding guests
    4. 5.2 Configuring guest services--Part 1
    5. 5.4 Configuring guest services--Part 2
    6. 5.3 Configuring guest services--Part 23
    7. 5.6 Configuring sponsor and guest portals--Part 1
    8. 5.7 Configuring sponsor and guest portals--Part 2
    9. 5.8 Configuring sponsor and guest portals--Part 3
    10. 5.9 Troubleshooting guest services--Part 1
    11. 5.10 Troubleshooting guest services--Part 2
  10. Lesson 6: Profiling overview
    1. Learning objectives
    2. 6.1 Introducing profiling
    3. 6.2 Profiling interworkings--Part 1
    4. 6.3 Profiling interworkings--Part 2
    5. 6.4 Implementing profiling services--Part 1
    6. 6.5 Implementing profiling services--Part 2
    7. 6.6 Implementing profiling services--Part 3
    8. 6.7 Configuring switches for profiling services
    9. 6.8 Profiling reports
    10. 6.9 Implementing probes
    11. 6.10 Probe overview
    12. 6.11 Profiling best practices
    13. 6.12 Implementing Change of Authorization (CoA)
    14. 6.13 Configuring endpoint identity management--Part 1
    15. 6.14 Configuring endpoint identity management--Part 2
    16. 6.15 Troubleshooting profiling
  11. Lesson 7: Bring Your own Device (BYOD) overview
    1. Learning objectives
    2. 7.1 Introducing BYOD--Part 1
    3. 7.2 Introducing BYOD--Part 2
    4. 7.3 Selling BYOD to endusers
    5. 7.4 Planning BYOD--Part 1
    6. 7.5 Planning BYOD--Part 2
    7. 7.6 Planning BYOD--Part 3
    8. 7.7 Overview of Cisco BYOD functionality--Part 1
    9. 7.8 Overview of Cisco BYOD functionality--Part 2
    10. 7.9 Configuring BYOD on-boarding using internal CA--Part 1
    11. 7.10 Configuring BYOD on-boarding using internal CA--Part 2
    12. 7.11 Configuring BYOD on-boarding using internal CA--Part 3
    13. 7.12 Onboarding mobile device management
    14. 7.13 Configuring certificates for BYOD
    15. 7.14 Configuring blacklist/whitelist--Part 1
    16. 7.15 Configuring blacklist/whitelist--Part 2
    17. 7.16 Troubleshooting BYOD
  12. Module 4: Compliance and Network Device Control
    1. Module introduction
  13. Lesson 8: Endpoint compliance
    1. Learning objectives
    2. 8.1 Introducing endpoint compliance
    3. 8.2 Understanding endpoint compliance, posture services, and client provisioning
    4. 8.3 Understanding posture conditions and policy
    5. 8.4 Understanding client provisioning
    6. 8.5 Understanding compliance modules
    7. 8.6 Understanding ISE posture agents and operational modes--Part 1
    8. 8.7 Understanding ISE posture agents and operational modes--Part 2
    9. 8.8 Understanding ISE posture agents and operational modes--Part 2 3
    10. 8.9 Understanding Supplicants--Part 1
    11. 8.10 Understanding Supplicants--Part 2
    12. 8.11 Troubleshooting ISE posture--Part 1
    13. 8.12 Troubleshooting ISE posture--Part 2
  14. Lesson 9: Network Access Device (NAD) administration
    1. Learning objectives
    2. 9.1 Introducing NAD administration
    3. 9.2 Configuring TACACS+ devices--Part 1
    4. 9.3 Configuring TACACS+ devices--Part 2
    5. 9.4 Understanding command authorization--Part 1
    6. 9.5 Understanding command authorization--Part 2
    7. 9.6 Troubleshooting network device administration
  15. Lesson 10: Closing items
    1. Learning objectives
    2. 10.1 Course overview
  16. Summary
    1. CCNP Security Cisco Identity Services Engine SISE 300-715: Summary

Product information

  • Title: CCNP Security Cisco Identify Services Engine SISE 300-715
  • Author(s): Joseph Muniz / Kevin Tigges
  • Release date: February 2020
  • Publisher(s): Pearson
  • ISBN: 0136677207