Plan and deploy identity-based secure access for BYOD and borderless networks
Using Cisco Secure Unified Access Architecture and Cisco Identity Services Engine, you can secure and regain control of borderless networks in a Bring Your Own Device (BYOD) world. This book covers the complete lifecycle of protecting a modern borderless network using these advanced solutions, from planning an architecture through deployment, management, and troubleshooting.
Cisco ISE for BYOD and Secure Unified Access begins by reviewing the business case for an identity solution. Next, you’ll walk through identifying users, devices, and security posture; gain a deep understanding of Cisco’s Secure Unified Access solution; and master powerful techniques for securing borderless networks, from device isolation to protocol-independent network segmentation.
You’ll find in-depth coverage of all relevant technologies and techniques, including 802.1X, profiling, device onboarding, guest lifecycle management, network admission control, RADIUS, and Security Group Access.
Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors present detailed sample configurations to help you plan your own integrated identity solution. Whether you’re a technical professional or an IT manager, this guide will help you provide reliable secure access for BYOD, CYOD (Choose Your Own Device), or any IT model you choose.
- Review the new security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT
- Understand the building blocks of an Identity Services Engine (ISE) solution
- Design an ISE-Enabled network, plan/distribute ISE functions, and prepare for rollout
- Build context-aware security policies
- Configure device profiling, endpoint posture assessments, and guest services
- Implement secure guest lifecycle management, from WebAuth to sponsored guest access
- Configure ISE, network access devices, and supplicants, step-by-step
- Walk through a phased deployment that ensures zero downtime
- Apply best practices to avoid the pitfalls of BYOD secure access
- Simplify administration with self-service onboarding and registration
- Deploy Security Group Access, Cisco’s tagging enforcement solution
- Add Layer 2 encryption to secure traffic flows
- Use Network Edge Access Topology to extend secure access beyond the wiring closet
- Monitor, maintain, and troubleshoot ISE and your entire Secure Unified Access system
|Sold by:||Barnes & Noble|
|File size:||132 MB|
|Note:||This product may take a few minutes to download.|
About the Author
Aaron Woland , CCIE No. 20113, is a Senior Secure Access Engineer at Cisco Systems and works with Cisco’s largest customers all over the world. His primary job responsibilities include secure access and ISE deployments, solution enhancements, futures, and escalations. Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards. Prior to joining Cisco, he spent 12 years as a consultant and technical trainer. His areas of expertise include network and host security architecture and implementation, regulatory compliance, and routing and switching. Aaron is the author of many white papers and design guides, including the TrustSec 2.0 Design and Implementation Guide and the NAC Layer 3 OOB Using VRFs for Traffic Isolation design guide. He is also a distinguished speaker at Cisco Live for topics related to identity and is a security columnist for Network World , where he blogs on all things related to identity. Additional certifications include CCSP, CCNP, CCDP, Certified Ethical Hacker, MCSE, and many other industry certifications.
Jamey Heary , CCIE No. 7680, is a Distinguished Systems Engineer at Cisco Systems, where he works as a trusted security advisor to Cisco customers and business groups. He is also a featured security columnist for Network World , where he blogs on all things security. Jamey sits on the PCI Security Standards Council-Board of Advisors, where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access . He also has a patent pending on a new DDoS mitigation technique. Jamey sits on numerous security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. His other certifications include CISSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 19 years and in IT security for 15 years.
Most Helpful Customer Reviews
I picked up this volume at a Security User Group meeting, partly attracted by BYOD in the title. But what I really ended up learning about is the Cisco Identity Services Engine (ISE). And while BYOD is a huge current trend, supporting secure BYOD access is only a portion of the overall ISE architecture and capabilities. I am impressed by how well the book organized and quite interesting to read, especially for volume that’s basically describing a product. After a historical overview and a refresher on network access control in Section I, followed by an overview of the major components, deployment options, and various ISE specs in Section II, authors pull no punches in Section III that for an ISE deployment to be successful and effective, defining the Network Access Security Policy and getting senior-level sponsorship for ISE deployment is a must. And that’s hard work. Checklists provided in that section are helpful. Another great advice from the authors: phased deployment, beginning with the monitor mode that allows for auditing of what would fail without initially denying access. Section IV, the largest out of seven comprising this work, has many insightful chapters on ISE configuration, but I found portions of it very hard to get through. Some of the ISE screenshots (not all) literally require a magnifying glass to read, and that’s for a 20/20 vision. Try looking at figures 9-24, 11-2, or 14-18, for example, and see what you can decipher. But that’s a relatively small price to pay in the overall context of a highly instructive security publication, and that not just in terms of the ISE product itself but of security principles as well. Last three sections on Best Practices, Advanced Features, and Troubleshooting, along with more good stuff in the Appendices wrap up this informative volume. Hence, even with a bit of annoyance for some unreadable screenshots, I am still giving it the highest rating.