Cisco ISE for BYOD and Secure Unified Access Front Cover

Cisco ISE for BYOD and Secure Unified Access

  • Length: 752 pages
  • Edition: 1
  • Publisher:
  • Publication Date: 2013-06-20
  • ISBN-10: 1587143259
  • ISBN-13: 9781587143250
  • Sales Rank: #1565682 (See Top 100 Books)
Description

Plan and deploy identity-based secure access for BYOD and borderless networks

Using Cisco Secure Unified Access Architecture and Cisco Identity Services Engine, you can secure and regain control of borderless networks in a Bring Your Own Device (BYOD) world. This book covers the complete lifecycle of protecting a modern borderless network using these advanced solutions, from planning an architecture through deployment, management, and troubleshooting.

Cisco ISE for BYOD and Secure Unified Access begins by reviewing the business case for an identity solution. Next, you’ll walk through identifying users, devices, and security posture; gain a deep understanding of Cisco’s Secure Unified Access solution; and master powerful techniques for securing borderless networks, from device isolation to protocol-independent network segmentation.

You’ll find in-depth coverage of all relevant technologies and techniques, including 802.1X, profiling, device onboarding, guest lifecycle management, network admission control, RADIUS, and Security Group Access.

Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors present detailed sample configurations to help you plan your own integrated identity solution. Whether you’re a technical professional or an IT manager, this guide will help you provide reliable secure access for BYOD, CYOD (Choose Your Own Device), or any IT model you choose.

  • Review the new security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT
  • Understand the building blocks of an Identity Services Engine (ISE) solution
  • Design an ISE-Enabled network, plan/distribute ISE functions, and prepare for rollout
  • Build context-aware security policies
  • Configure device profiling, endpoint posture assessments, and guest services
  • Implement secure guest lifecycle management, from WebAuth to sponsored guest access
  • Configure ISE, network access devices, and supplicants, step-by-step
  • Walk through a phased deployment that ensures zero downtime
  • Apply best practices to avoid the pitfalls of BYOD secure access
  • Simplify administration with self-service onboarding and registration
  • Deploy Security Group Access, Cisco’s tagging enforcement solution
  • Add Layer 2 encryption to secure traffic flows
  • Use Network Edge Access Topology to extend secure access beyond the wiring closet
  • Monitor, maintain, and troubleshoot ISE and your entire Secure Unified Access system

Table of Contents

Section I: The Evolution of Identity Enabled Networks
Chapter 1 Regain Control of Your IT Security
Chapter 2 Introducing Cisco Identity Services Engine

Section II: The Blueprint, Designing an ISE Enabled Network
Chapter 3 The Building Blocks in an Identity Services Engine Design
Chapter 4 Making Sense of All the ISE Deployment Design Options
Chapter 5 Following a Phased Deployment

Section III: The Foundation, Building a Context-Aware Security Policy
Chapter 6 Building a Cisco ISE Network Access Security Policy
Chapter 7 Building a Device Security Policy
Chapter 8 Building an ISE Accounting and Auditing Policy

Section IV: Configuration
Chapter 9 The Basics: Principal Configuration Tasks for Cisco ISE
Chapter 10 Profiling Basics
Chapter 11 Bootstrapping Network Access Devices
Chapter 12 Authorization Policy Elements
Chapter 13 Authentication and Authorization Policies
Chapter 14 Guest Lifecycle Management
Chapter 15 Device Posture Assessment
Chapter 16 Supplicant Configuration
Chapter 17 BYOD: Self-Service Onboarding and Registration
Chapter 18 Setting Up a Distributed Deployment
Chapter 19 Inline Posture Node

Section V: Deployment Best Practices
Chapter 20 Deployment Phases
Chapter 21 Monitor Mode
Chapter 22 Low-Impact Mode
Chapter 23 Closed Mode

Section VI: Advanced Secure Unified Access Features
Chapter 24 Advanced Profiling Configuration
Chapter 25 Security Group Access
Chapter 26 MACSec and NDAC
Chapter 27 Network Edge Authentication Topology

Section VII: Monitoring, Maintenance, and Troubleshooting
Chapter 28 Understanding Monitoring and Alerting
Chapter 29 Troubleshooting
Chapter 30 Backup, Patching, and Upgrading

Appendix A: Sample User Community Deployment Messaging Material
Appendix B: Sample ISE Deployment Questionnaire
Appendix C: Configuring the Microsoft CA for BYOD
Appendix D: Using a Cisco IOS Certificate Authority for BYOD Onboarding
Appendix E: Sample Switch Configurations

To access the link, solve the captcha.