Cisco Identity Services Engine (ISE)
Published by Pearson
From Start to Secure
This live training course will teach you how to use Cisco Identity Services Engine -- more commonly called “ISE” -- to improve security within your environment following industry best practices for network access control. We will start off with making sure you have an understanding of the ISE architecture and deployment types, then you will learn how to build policies that enforce your desired level of network for different users and devices. Topics include profiling endpoints, remediation tricks and techniques, accommodating bring your own device (BYOD), delivering elite guest services, secure remote workers and TrustSec. You will learn from first-hand experience how to properly plan and deploy ISE following a crawl, walk and run approach including best practices from the field. Teachers are both Cisco security experts who have deployed for various fortune 500 and government organizations.
What you’ll learn and how you can apply it
- How to plan, design, deploy, troubleshoot and support ISE within your lab or network environment
- Accommodate the most common requests for deploying NAC technology, which include BYOD, guest services, network wide access control and automated remediation.
- Learn about the latest version of ISE and what Cisco experts are seeing in the field regarding best practices and potential landmines to avoid.
This live event is for you because...
- You are new to ISE, or have some experience, and have a desire to learn how to deliver enterprise quality access control using ISE
Prerequisites
- Topics will assume some level of network and security foundation including a basic understanding of authentication, authorization and accountings (AAA), network segmentation, and CCNA level switching and routing concepts.
- A basic understanding of virtualization is a plus.
- Basic knowledge of endpoint and endpoint network configuration preferred (Windows / MAC).
Recommended Preparation
- CCNP Security Cisco Identity Services Engine SISE 300-715 Complete Video Course (Video Training): https://learning.oreilly.com/videos/ccnp-security-cisco/9780136677208
Recommended Follow-up
- CCNP Security Cisco Identity Services Engine SISE 300-715 Complete Video Course (Video Training)
- Cisco ISE for BYOD and Secure Unified Access (2nd Edition) (Networking Technology: Security): https://learning.oreilly.com/library/view/cisco-ise-for/9780134586656/
- CCNP Security Identity Management SISE 300-715 Official Cert Guide: https://learning.oreilly.com/library/view/ccnp-security-identity/9780136905776/
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1
Lesson 1 – Intro and Architecture (50 min)
- Intro
- Deployment
- Architecture
- Certificates
- Considerations
Break
Lesson 2 - Policies and Components (50 min)
- Policies
- AAA Concepts
- Directory Stores (AD/LDAP/Internal)
- Troubleshooting and Closing
Break
Lesson 3 – Network Authentication / Authorization (50 min)
- 802.1x and MAB
- Deployment Options
- Network Access Devices
- Troubleshooting and Closing
Break
Lesson 4 – TrustSec – Software Defined Segmentation (60 min)
- Introduction and Overview
- Configuring
- Troubleshooting and Wrap Up
Day 2
Lesson 5 – Guest Services (25 mins)
- Planning Guest Services
- Configuring Guest Service, Sponsor and Guest Portals
- Troubleshooting
Lesson 6 – Profiling (35 mins)
- Profiling Overview
- Configuring Switches for Profiling
- Implementing Profiling
- Troubleshooting
Break
Lesson 7 – BYOD (40)
- Introduction to BYOD concepts
- Planning BYOD
- Configuring On-boarding
- Mobile Device Management
- Configuring Certificates for BYOD
- Troubleshooting
Lesson 8 – Endpoint Compliance (Posture) (50 min)
- Intro and Use Cases
- Posture Components, policies
- How does it actually work
- Troubleshooting and Wrap up
Break
Lesson 9 – TACACS on ISE (45 Min)
- Intro
- Architecture - Differences – ISE vs traditional ACS
- Policy components
- Troubleshooting and Wrap Up
Closing – 15 mins
Your Instructors
Joseph Muniz
Joseph Muniz is a renowned security expert and security artificial intelligence specialist at Microsoft. With a passion for making the world a safer place, he is dedicated to promoting education and research on adversary tactics. Joseph has over two decades of experience designing security solutions and architectures for Fortune 500 companies and the US Government, serving as a trusted advisor. He is a researcher and thought leader in the industry, regularly speaking at international conferences and contributing to technical magazines. Joseph also develops training for various industry certifications, and has invented the fictitious character of Emily Williams to raise awareness of social engineering. As the founder of thesecurityblogger.com, Joseph has created a valuable resource for security and product implementation. He is the author and contributor of several publications, ranging from security best practices to exploitation tactics. His latest title, The Modern Security Operations Center, was released in 2021 and is his tenth publication. Follow Joseph’s work on Twitter at @SecureBlogger.
Kevin Tigges
Kevin Tigges is a Technical Solutions Architect at Cisco Systems focusing on large enterprise accounts. He has more than 30 years of experience in small and large enterprises designing network and security solutions. Kevin worked in the healthcare industry for a number of years and enjoys focusing on helping other healthcare customers understand how Cisco ISE can provide a secure access platform. Kevin has deployed ISE as a customer and has a deep understanding of considerations and caveats of a successful deployment.
Kevin is from Kentucky originally and is a huge Kentucky Basketball fan and enjoys his bourbon. In his spare time, he enjoys time with his wife of 29 years, his two boys, being outside hiking, reading and target archery