Plan and deploy identity-based secure access for BYOD and borderless networks Using Cisco Secure Unified Access Architecture and Cisco Identity Services Engine, you can secure and regain control of borderless networks in a Bring Your Own Device (BYOD) world. This book covers the complete lifecycle of protecting a modern borderless network using these advanced solutions, from planning an architecture through deployment, management, and troubleshooting. Cisco ISE for BYOD and Secure Unified Access begins by reviewing the business case for an identity solution. Next, you’ll walk through identifying users, devices, and security posture; gain a deep understanding of Cisco’s Secure Unified Access solution; and master powerful techniques for securing borderless networks, from device isolation to protocol-independent network segmentation. You’ll find in-depth coverage of all relevant technologies and techniques, including 802.1X, profiling, device onboarding, guest lifecycle management, network admission control, RADIUS, and Security Group Access. Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors present detailed sample configurations to help you plan your own integrated identity solution. Whether you’re a technical professional or an IT manager, this guide will help you provide reliable secure access for BYOD, CYOD (Choose Your Own Device), or any IT model you choose. Review the new security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT Understand the building blocks of an Identity Services Engine (ISE) solution Design an ISE-Enabled network, plan/distribute ISE functions, and prepare for rollout Build context-aware security policies Configure device profiling, endpoint posture assessments, and guest services Implement secure guest lifecycle management, from WebAuth to sponsored guest access Configure ISE, network access devices, and supplicants, step-by-step Walk through a phased deployment that ensures zero downtime Apply best practices to avoid the pitfalls of BYOD secure access Simplify administration with self-service onboarding and registration Deploy Security Group Access, Cisco’s tagging enforcement solution Add Layer 2 encryption to secure traffic flows Use Network Edge Access Topology to extend secure access beyond the wiring closet Monitor, maintain, and troubleshoot ISE and your entire Secure Unified Access system
Cisco NAC Appliance Enforcing Host Security with Clean Access Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance Jamey Heary, CCIE® No. 7680 Contributing authors: Jerry Lin, CCIE No. 6469, Chad Sullivan, CCIE No. 6493, and Alok Agrawal With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past. Cisco® Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point. Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy. Jamey Heary, CCIE® No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP®, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. Understand why network attacks and intellectual property losses can originate from internal network hosts Examine different NAC Appliance design options Build host security policies and assign the appropriate network access privileges for various user roles Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide Set up and configure the NAC Appliance solution Learn best practices for the deployment of NAC Appliance Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press–Security Covers: End-Point Security
Fully updated: The complete guide to Cisco Identity Services Engine solutions Using Cisco Secure Access Architecture and Cisco Identity Services Engine, you can secure and gain control of access to your networks in a Bring Your Own Device (BYOD) world. This second edition of Cisco ISE for BYOD and Secure Unified Accesscontains more than eight brand-new chapters as well as extensively updated coverage of all the previous topics in the first edition book to reflect the latest technologies, features, and best practices of the ISE solution. It begins by reviewing today’s business case for identity solutions. Next, you walk through ISE foundational topics and ISE design. Then you explore how to build an access security policy using the building blocks of ISE. Next are the in-depth and advanced ISE configuration sections, followed by the troubleshooting and monitoring chapters. Finally, we go in depth on the new TACACS+ device administration solution that is new to ISE and to this second edition. With this book, you will gain an understanding of ISE configuration, such as identifying users, devices, and security posture; learn about Cisco Secure Access solutions; and master advanced techniques for securing access to networks, from dynamic segmentation to guest access and everything in between. Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors offer in-depth coverage of the complete lifecycle for all relevant ISE solutions, making this book a cornerstone resource whether you’re an architect, engineer, operator, or IT manager. · Review evolving security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT · Understand Cisco Secure Access, the Identity Services Engine (ISE), and the building blocks of complete solutions · Design an ISE-enabled network, plan/distribute ISE functions, and prepare for rollout · Build context-aware security policies for network access, devices, accounting, and audit · Configure device profiles, visibility, endpoint posture assessments, and guest services · Implement secure guest lifecycle management, from WebAuth to sponsored guest access · Configure ISE, network access devices, and supplicants, step by step · Apply best practices to avoid the pitfalls of BYOD secure access · Set up efficient distributed ISE deployments · Provide remote access VPNs with ASA and Cisco ISE · Simplify administration with self-service onboarding and registration · Deploy security group access with Cisco TrustSec · Prepare for high availability and disaster scenarios · Implement passive identities via ISE-PIC and EZ Connect · Implement TACACS+ using ISE · Monitor, maintain, and troubleshoot ISE and your entire Secure Access system · Administer device AAA with Cisco IOS, WLC, and Nexus
Thank you for visiting our website. Would you like to provide feedback on how we could improve your experience?
This site does not use any third party cookies with one exception — it uses cookies from Google to deliver its services and to analyze traffic.Learn More.