CART

(0) items

Cisco ISE for BYOD and Secure Unified Access,9781587143250
This item qualifies for
FREE SHIPPING!
FREE SHIPPING OVER $59!

Your order must be $59 or more, you must select US Postal Service Shipping as your shipping preference, and the "Group my items into as few shipments as possible" option when you place your order.

Bulk sales, PO's, Marketplace Items, eBooks, Apparel, and DVDs not included.

Cisco ISE for BYOD and Secure Unified Access

by ;
Edition:
1st
ISBN13:

9781587143250

ISBN10:
1587143259
Format:
Paperback
Pub. Date:
6/10/2013
Publisher(s):
Cisco Press

Questions About This Book?

Why should I rent this book?
Renting is easy, fast, and cheap! Renting from eCampus.com can save you hundreds of dollars compared to the cost of new or used books each semester. At the end of the semester, simply ship the book back to us with a free UPS shipping label! No need to worry about selling it back.
How do rental returns work?
Returning books is as easy as possible. As your rental due date approaches, we will email you several courtesy reminders. When you are ready to return, you can print a free UPS shipping label from our website at any time. Then, just return the book to your UPS driver or any staffed UPS location. You can even use the same box we shipped it in!
What version or edition is this?
This is the 1st edition with a publication date of 6/10/2013.
What is included with this book?
  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any CDs, lab manuals, study guides, etc.
  • The Rental copy of this book is not guaranteed to include any supplemental materials. You may receive a brand new copy, but typically, only the book itself.

Summary

Plan and deploy identity-based secure access for BYOD and borderless networks

 

Using Cisco Secure Unified Access Architecture and Cisco Identity Services Engine, you can secure and regain control of borderless networks in a Bring Your Own Device (BYOD) world. This book covers the complete lifecycle of protecting a modern borderless network using these advanced solutions, from planning an architecture through deployment, management, and troubleshooting.

 

Cisco ISE for BYOD and Secure Unified Access begins by reviewing the business case for an identity solution. Next, you’ll walk through identifying users, devices, and security posture; gain a deep understanding of Cisco’s Secure Unified Access solution; and master powerful techniques for securing borderless networks, from device isolation to protocol-independent network segmentation.

 

You’ll find in-depth coverage of all relevant technologies and techniques, including 802.1X, profiling, device onboarding, guest lifecycle management, network admission control, RADIUS, and Security Group Access.

Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors present detailed sample configurations to help you plan your own integrated identity solution. Whether you’re a technical professional or an IT manager, this guide will help you provide reliable secure access for BYOD, CYOD (Choose Your Own Device), or any IT model you choose.

 

  • Review the new security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT
  • Understand the building blocks of an Identity Services Engine (ISE) solution
  • Design an ISE-Enabled network, plan/distribute ISE functions, and prepare for rollout
  • Build context-aware security policies
  • Configure device profiling, endpoint posture assessments, and guest services
  • Implement secure guest lifecycle management, from WebAuth to sponsored guest access
  • Configure ISE, network access devices, and supplicants, step-by-step
  • Walk through a phased deployment that ensures zero downtime
  • Apply best practices to avoid the pitfalls of BYOD secure access
  • Simplify administration with self-service onboarding and registration
  • Deploy Security Group Access, Cisco’s tagging enforcement solution
  • Add Layer 2 encryption to secure traffic flows
  • Use Network Edge Access Topology to extend secure access beyond the wiring closet
  • Monitor, maintain, and troubleshoot ISE and your entire Secure Unified Access system

 

Author Biography

Aaron Woland , CCIE No. 20113, is a Senior Secure Access Engineer at Cisco Systems and works with Cisco’s largest customers all over the world. His primary job responsibilities include secure access and ISE deployments, solution enhancements, futures, and escalations. Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards. Prior to joining Cisco, he spent 12 years as a consultant and technical trainer. His areas of expertise include network and host security architecture and implementation, regulatory compliance, and routing and switching. Aaron is the author of many white papers and design guides, including the TrustSec 2.0 Design and Implementation Guide and the NAC Layer 3 OOB Using VRFs for Traffic Isolation design guide. He is also a distinguished speaker at Cisco Live for topics related to identity and is a security columnist for Network World , where he blogs on all things related to identity. Additional certifications include CCSP, CCNP, CCDP, Certified Ethical Hacker, MCSE, and many other industry certifications.

 

Jamey Heary , CCIE No. 7680, is a Distinguished Systems Engineer at Cisco Systems, where he works as a trusted security advisor to Cisco customers and business groups. He is also a featured security columnist for Network World , where he blogs on all things security. Jamey sits on the PCI Security Standards Council-Board of Advisors, where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access . He also has a patent pending on a new DDoS mitigation technique. Jamey sits on numerous security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. His other certifications include CISSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 19 years and in IT security for 15 years.

Table of Contents

Section I. The Evolution of Identity Enabled Networks

1. The Evolution of Network Access

2. Introducing Cisco TrustSec and the Identity Services Engine

Section II. The Blueprint, Designing a TrustSec Enabled Network

3. What are the building blocks in TrustSec Design?

4. Making Sense of all the ISE Design Options

5. Navigating the Deployment Phases of TrustSec

Section III. The Foundation, Building a Context-Aware Security Policy

6. Creating Authentication and Authorization Policies

7. Building a Device Security Policy

8. Building an Accounting and Audit Policy

Section IV. Configuration

9. The Basics. Principal Configuration Tasks for ISE

10. Profiling Configuration

11. Bootstrapping Network Access Devices

12. The Building Blocks. Roles and Authorization Results

13. Authentication and Authorization Policies

14. Guest Lifecycle Management

15. Device Posture Assessments

16. Supplicant Configuration

17. Setting up a Distributed ISE Deployment

18. Configuring an Inline Posture Node

Section V. Deployment Best Practices

19. TrustSec Deployment Phases

20. Monitor Mode Deployment

21. Authenticated Mode

22. Enforcement Mode

23. Closed Mode

Section VI. Advanced TrustSec Features

24. Secure Group Access

25. 802.1AE MACSec

26. Network Device Access Control

27. Network Edge Access Topology

Section VII. Monitoring, Maintenance, and Troubleshooting

28. Understanding Monitoring and Alerting

29. Troubleshooting

30. Backup, Upgrading

Appendix A. Device Security Policy Template

Appendix B. Authentication and Authorization Policy Template

Appendix C. Sample User Community Deployment Me

Appendix D. Sample ISE Deployment Project Plan

Glossary



Please wait while the item is added to your cart...