Book description
Fully updated: The complete guide to Cisco Identity Services Engine solutions
Using Cisco Secure Access Architecture and Cisco Identity Services Engine, you can secure and gain control of access to your networks in a Bring Your Own Device (BYOD) world.
This second edition of Cisco ISE for BYOD and Secure Unified Accesscontains more than eight brand-new chapters as well as extensively updated coverage of all the previous topics in the first edition book to reflect the latest technologies, features, and best practices of the ISE solution. It begins by reviewing today’s business case for identity solutions. Next, you walk through ISE foundational topics and ISE design. Then you explore how to build an access security policy using the building blocks of ISE. Next are the in-depth and advanced ISE configuration sections, followed by the troubleshooting and monitoring chapters. Finally, we go in depth on the new TACACS+ device administration solution that is new to ISE and to this second edition.
With this book, you will gain an understanding of ISE configuration, such as identifying users, devices, and security posture; learn about Cisco Secure Access solutions; and master advanced techniques for securing access to networks, from dynamic segmentation to guest access and everything in between.
Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors offer in-depth coverage of the complete lifecycle for all relevant ISE solutions, making this book a cornerstone resource whether you’re an architect, engineer, operator, or IT manager.
Review evolving security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT
Understand Cisco Secure Access, the Identity Services Engine (ISE), and the building blocks of complete solutions
Design an ISE-enabled network, plan/distribute ISE functions, and prepare for rollout
Build context-aware security policies for network access, devices, accounting, and audit
Configure device profiles, visibility, endpoint posture assessments, and guest services
Implement secure guest lifecycle management, from WebAuth to sponsored guest access
Configure ISE, network access devices, and supplicants, step by step
Apply best practices to avoid the pitfalls of BYOD secure access
Set up efficient distributed ISE deployments
Provide remote access VPNs with ASA and Cisco ISE
Simplify administration with self-service onboarding and registration
Deploy security group access with Cisco TrustSec
Prepare for high availability and disaster scenarios
Implement passive identities via ISE-PIC and EZ Connect
Implement TACACS+ using ISE
Monitor, maintain, and troubleshoot ISE and your entire Secure Access system
Administer device AAA with Cisco IOS, WLC, and Nexus
Table of contents
- About This E-Book
- Title Page
- Copyright Page
- Dedication Page
- Acknowledgments
- Contents at a Glance
- Contents
- Introduction
- Part I Identity-Enabled Network: Unite!
- Part II The Blueprint, Designing an ISE-Enabled Network
-
Part III The Foundation, Building a Context-Aware Security Policy
-
Chapter 7 Building a Cisco ISE Network Access Security Policy
- Components of a Cisco ISE Network Access Security Policy
- Determining the High-Level Goals for Network Access Security
- Defining the Security Domains
- Understanding and Defining ISE Authorization Rules
- Establishing Acceptable Use Policies
-
Host Security Posture Assessment Rules to Consider
- Sample NASP Format for Documenting ISE Posture Requirements
- Common Checks, Rules, and Requirements
-
Method for Adding Posture Policy Rules
- Research and Information
- Establishing Criteria to Determine the Validity of a Security Posture Check, Rule, or Requirement in Your Organization
- Method for Determining What Posture Policy Rules a Particular Security Requirement Should Be Applied To
- Method for Deploying and Enforcing Security Requirements
- Defining Dynamic Network Access Privileges
- Summary
- Chapter 8 Building a Device Security Policy
- Chapter 9 Building an ISE Accounting and Auditing Policy
-
Chapter 7 Building a Cisco ISE Network Access Security Policy
-
Part IV Let’s Configure!
- Chapter 10 Profiling Basics and Visibility
-
Chapter 11 Bootstrapping Network Access Devices
- Cisco Catalyst Switches
- Cisco Wireless LAN Controllers
- Summary
- Chapter 12 Network Authorization Policy Elements
- Chapter 13 Authentication and Authorization Policies
- Chapter 14 Guest Lifecycle Management
-
Chapter 15 Client Posture Assessment
- ISE Posture Assessment Flow
- Configure Global Posture and Client Provisioning Settings
- Configure the AnyConnect and NAC Client Provisioning Rules
- Configure the Client Provisioning Portal
- Configure Posture Elements
- Configure Posture Policy
- Configure Host Application Visibility and Context Collection (Optional)
- Enable Posture Client Provisioning and Assessment in Your ISE Authorization Policies
- Posture Reports and Troubleshooting
- Enable Posture Assessment in the Network
- Summary
- Chapter 16 Supplicant Configuration
- Chapter 17 BYOD: Self-Service Onboarding and Registration
- Chapter 18 Setting Up and Maintaining a Distributed ISE Deployment
- Chapter 19 Remote Access VPN and Cisco ISE
- Chapter 20 Deployment Phases
-
Part V Advanced Secure Access Features
- Chapter 21 Advanced Profiling Configuration
- Chapter 22 Cisco TrustSec AKA Security Group Access
- Chapter 23 Passive Identities, ISE-PIC, and EasyConnect
- Chapter 24 ISE Ecosystems: The Platform eXchange Grid (pxGrid)
-
Part VI Monitoring, Maintenance, and Troubleshooting for Network Access AAA
- Chapter 25 Understanding Monitoring, Reporting, and Alerting
- Chapter 26 Troubleshooting
- Chapter 27 Upgrading ISE
-
Part VII Device Administration
- Chapter 28 Device Administration Fundamentals
- Chapter 29 Configuring Device Admin AAA with Cisco IOS
- Chapter 30 Configuring Device Admin AAA with Cisco WLC
- Chapter 31 Configuring Device Admin AAA with Cisco Nexus Switches
- Part VIII Appendixes
- Index
- Code Snippets
Product information
- Title: Cisco ISE for BYOD and Secure Unified Access, 2nd Edition
- Author(s):
- Release date: June 2017
- Publisher(s): Cisco Press
- ISBN: 9780134586656
You might also like
book
Cisco ISE for BYOD and Secure Unified Access
Plan and deploy identity-based secure access for BYOD and borderless networks Using Cisco Secure Unified Access …
book
Cisco Software-Defined Access
The definitive Cisco SD-Access resource, from the architects who train Ciscos own engineers and partners This …
video
CCNP and CCIE Security Core SCOR 350-701
12+ Hours of Video Instruction More than 12 hours of video instruction and remediation organized to …
book
IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS
Create and manage highly-secure Ipsec VPNs with IKEv2 and Cisco FlexVPN The IKEv2 protocol significantly improves …