O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Segmentation, Context Sharing, Secure Connectivity and Virtualization, Fourth Edition

Book Description

This is the Rough Cut version of the printed book.

Integrated Security Technologies and Solutions - Volume II is part of the Cisco CCIE Professional Development Series from Cisco Press, which offers expert-level instruction in security design, deployment, integration and support methodologies to help security professionals manage complex solutions and prepare for their CCIE exams. A one-stop expert level guide for all aspects of Cisco Security, this guide will help security pros succeed in their day-to-day jobs as they get ready for their CCIE Security written and lab exams.


This guide has been written by a team of CCIEs who are world-class experts in their respective Cisco Security disciplines, including experts who were involved in creating the new CCIE Security 5.0 blueprint and possess unsurpassed understanding of its requirements. Each chapter starts with relevant theory, progresses through configuration examples and applications, and concludes with practical troubleshooting sections.


Volume 1 focuses on Identity, Context Sharing, Encryption, Secure Connectivity and Virtualization Security. With a strong focus on inter-product integration, it also shows how to combine formerly disparate systems into a seamless, coherent next-generation security solution.

Table of Contents

  1. Title Page
  2. Copyright Page
  3. About the Authors
    1. About the Technical Reviewer
  4. Dedications
  5. Acknowledgments
  6. Contents at a Glance
  7. Reader Services
  8. Table of Contents
  9. Command Syntax Conventions
  10. Introduction
    1. Who Should Read This Book?
    2. How This Book Is Organized
  11. Part 1: Knock, Knock! Who’s there?
    1. Chapter 1. Who and What: AAA Basics
      1. Fundamentals of AAA
      2. Understanding the Concept of Triple-A in the Real World
      3. Compare and Select AAA Options
      4. TACACS+
      5. RADIUS
      6. Comparing RADIUS and TACACS+
      7. Summary
    2. Chapter 2. Basic Network Access Control
      1. What Is Cisco ISE?
      2. ISE Architecture for Network Access AAA
      3. Configuring ISE for Single/Standalone and Multinode Deployments
      4. ISE Configuration for Network Access
      5. 802.1X and Beyond
      6. Configuring Wired Network Access with ISE
      7. Configuring Wireless Network Access with ISE
      8. Verifying Dot1X and MAB
      9. Summary
    3. Chapter 3. Beyond Basic Network Access Control
      1. Profiling with ISE
      2. ISE Profiler and CoA
      3. Profiles in Authorization Policies
      4. Passive Identities and EasyConnect
      5. Summary
    4. Chapter 4. Extending Network Access with ISE
      1. Get Ready, Get Set, Prerequisites
      2. BYOD Onboarding with ISE
      3. MDM Onboarding and Enforcement with ISE
      4. Posture Assessment and Remediation with ISE
      5. Guest Access with ISE
      6. TrustSec with ISE
      7. Summary
    5. Chapter 5. Device Administration Control with ISE
      1. The Case for Centralized AAA
      2. RADIUS Versus TACACS+ for Device Administration
      3. Using TACACS+ for Device Administration
      4. Using RADIUS for Device Administration
      5. Summary
  12. Part 2: Spread the love!
    1. Chapter 6. Sharing the Context
      1. The Many Integration Types of the Ecosystem
      2. pxGrid in Depth
      3. Summary
    2. Chapter 7. APIs in Cisco Security
      1. APIs 101
      2. Firepower Management Center APIs
      3. Identity Services Engine APIs
      4. Advanced Malware Protection APIs
      5. Threat Grid APIs
      6. Umbrella APIs
      7. Summary
      8. References
  13. Part 3
    1. Chapter 8. Security Connectivity
      1. Hashing, Ciphers, Cryptography, and PKI
      2. Virtual Private Networks
      3. Layer 2 Encryption: IEEE 802.1AE/MACsec
      4. Summary
      5. References
    2. Chapter 9. Infrastructure VPN
      1. IPsec with IKEv1
      2. IPsec with IKEv2
      3. EzVPN
      4. DMVPN
      5. FlexVPN
      6. GETVPN
      7. Summary
      8. References
    3. Chapter 10. Remote Access VPN
      1. Remote Access VPN Overview
      2. Cisco AnyConnect Secure Mobility Client
      3. Client-Based Remote Access VPN
      4. Clientless Remote Access VPN
      5. Summary
      6. References
  14. Part 4: The Red Pill
    1. Chapter 11. Security Virtualization and Automation
      1. Cisco Virtual Solutions and Server Virtualization
      2. Virtualization and Automation Solutions
      3. Summary
      4. References