Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Segmentation, Context Sharing, Secure Connectivity and Virtualization, First Edition

Book description

The essential reference for security pros and CCIE Security candidates: identity, context sharing, encryption, secure connectivity and virtualization


Integrated Security Technologies and Solutions – Volume II brings together more expert-level instruction in security design, deployment, integration, and support. It will help experienced security and network professionals manage complex solutions, succeed in their day-to-day jobs, and prepare for their CCIE Security written and lab exams.


Volume II focuses on the Cisco Identity Services Engine, Context Sharing, TrustSec, Application Programming Interfaces (APIs), Secure Connectivity with VPNs, and the virtualization and automation sections of the CCIE v5 blueprint. Like Volume I, its strong focus on interproduct integration will help you combine formerly disparate systems into seamless, coherent, next-generation security solutions.


Part of the Cisco CCIE Professional Development Series from Cisco Press, it is authored by a team of CCIEs who are world-class experts in their Cisco security disciplines, including co-creators of the CCIE Security v5 blueprint. Each chapter starts with relevant theory, presents configuration examples and applications, and concludes with practical troubleshooting.


  • Review the essentials of Authentication, Authorization, and Accounting (AAA)
  • Explore the RADIUS and TACACS+ AAA protocols, and administer devices with them
  • Enforce basic network access control with the Cisco Identity Services Engine (ISE)
  • Implement sophisticated ISE profiling, EzConnect, and Passive Identity features
  • Extend network access with BYOD support, MDM integration, Posture Validation, and Guest Services
  • Safely share context with ISE, and implement pxGrid and Rapid Threat Containment
  • Integrate ISE with Cisco FMC, WSA, and other devices
  • Leverage Cisco Security APIs to increase control and flexibility
  • Review Virtual Private Network (VPN) concepts and types
  • Understand and deploy Infrastructure VPNs and Remote Access VPNs
  • Virtualize leading Cisco Security products
  • Make the most of Virtual Security Gateway (VSG), Network Function Virtualization (NFV), and microsegmentation

Table of contents

  1. Cover Page
  2. About This E-Book
  3. Title Page
  4. Copyright Page
  5. Credits
  6. About the Authors
  7. About the Technical Reviewer
  8. Dedications
  9. Acknowledgments
  10. Contents at a Glance
  11. Contents
  12. Reader Services
  13. Command Syntax Conventions
  14. Introduction
    1. Who Should Read This Book?
    2. How This Book Is Organized
  15. Part I: Knock, Knock! Who’s There?
    1. Chapter 1. Who and What: AAA Basics
      1. Fundamentals of AAA
      2. Understanding the Concept of Triple-A in the Real World
      3. Compare and Select AAA Options
      4. TACACS+
      5. RADIUS
      6. Comparing RADIUS and TACACS+
      7. Summary
    2. Chapter 2. Basic Network Access Control
      1. What Is Cisco ISE?
      2. ISE Architecture for Network Access AAA
      3. Configuring ISE for Single/Standalone and Multinode Deployments
      4. ISE Configuration for Network Access
      5. 802.1X and Beyond
      6. Configuring Wired Network Access with ISE
      7. Configuring Wireless Network Access with ISE
      8. Verifying Dot1X and MAB
      9. Summary
    3. Chapter 3. Beyond Basic Network Access Control
      1. Profiling with ISE
      2. ISE Profiler and CoA
      3. Profiles in Authorization Policies
      4. Passive Identities and EasyConnect
      5. Summary
    4. Chapter 4. Extending Network Access with ISE
      1. Get Ready, Get Set, Prerequisites
      2. BYOD Onboarding with ISE
      3. MDM Onboarding and Enforcement with ISE
      4. Posture Assessment and Remediation with ISE
      5. Guest Access with ISE
      6. TrustSec with ISE
      7. Summary
    5. Chapter 5. Device Administration Control with ISE
      1. The Case for Centralized AAA
      2. RADIUS Versus TACACS+ for Device Administration
      3. Using TACACS+ for Device Administration
      4. Using RADIUS for Device Administration
      5. Summary
  16. Part II: Spread the Love!
    1. Chapter 6. Sharing the Context
      1. The Many Integration Types of the Ecosystem
      2. pxGrid in Depth
      3. Summary
    2. Chapter 7. APIs in Cisco Security
      1. APIs 101
      2. Firepower Management Center APIs
      3. Identity Services Engine APIs
      4. Advanced Malware Protection APIs
      5. Threat Grid APIs
      6. Umbrella APIs
      7. Summary
      8. References
  17. Part III: c2889775343d1ed91b
    1. Chapter 8. Security Connectivity
      1. Hashing, Ciphers, Cryptography, and PKI
      2. Virtual Private Networks
      3. Layer 2 Encryption: IEEE 802.1AE/MACsec
      4. Summary
      5. References
    2. Chapter 9. Infrastructure VPN
      1. IPsec with IKEv1
      2. IPsec with IKEv2
      3. EzVPN
      4. DMVPN
      5. FlexVPN
      6. GETVPN
      7. Summary
      8. References
    3. Chapter 10. Remote Access VPN
      1. Remote Access VPN Overview
      2. Cisco AnyConnect Secure Mobility Client
      3. Client-Based Remote Access VPN
      4. Clientless Remote Access VPN
      5. Summary
      6. References
  18. Part IV: The Red Pill
    1. Chapter 11. Security Virtualization and Automation
      1. Cisco Virtual Solutions and Server Virtualization
      2. Virtualization and Automation Solutions
      3. Summary
      4. References
  19. Index
  20. Code Snippets

Product information

  • Title: Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Segmentation, Context Sharing, Secure Connectivity and Virtualization, First Edition
  • Author(s): Chad Mitchell, Jamie Sanbower, Aaron Woland, Vivek Santuka
  • Release date: April 2019
  • Publisher(s): Cisco Press
  • ISBN: 9780134807614