Beschrijving
You will also learn the knowledge and skills to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.
Doelgroep
The audience for this course is as follows:
- Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorisation to sell Cisco ISE.
- Field engineers, network administrators, and consulting systems engineers who implement and maintain the Cisco ISE in enterprise networks.
- Security architects, design engineers, network designers and others seeking hands-on experience with the Cisco ISE.
- Integrators who install and implement the Cisco Identity Service Engine
Voorkennis
It is recommended that a learning have the following knowledge and skills before attending this course:
- CCNA Security certification, completion of Implementing Cisco Network Security (IINS) course or equivalent knowledge
- Foundation-level network knowledge and skills necessary to install, configure, operate, and troubleshoot network devices and applications
- Foundation-level wireless knowledge and skills
- Basic knowledge of Cisco IOS networking and concepts
Doelstellingen
Upon completing this course, the learner will be able to meet these overall objectives:
- Describe Cisco ISE architecture, installation, and distributed deployment options
- Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE – Implement Cisco ISE web authentication and guest services
- Deploy Cisco ISE profiling, posture and client provisioning services
- Describe administration, monitoring, troubleshooting, and TrustSec SGA security
- Configure device administration using TACACS+ in Cisco ISE
Gedetailleerde cursusinhoud
Module 1: Introducing Cisco ISE Architecture and Deployment
- Security challenges
- Cisco ISE solutions Use Cases
- Guest use
- BYOD
- Profiling
- Compliance
- Security group access
- Secure Access Control
- ISE function
- ISE deployment components
- Admin node
- Policy service node
- Monitoring node
- pxGrid Services
- Policy synchronization
- Deployment options
- Context visibility
- Benefits
- Wizard
- Streamline wizard
Module 2: Cisco ISE Policy Enforcement
- IEEE 802.1X primeer
- MAC authentication bypass
- 802.1X and MAB
- Identity sources
- Multi-AD overview and configuration
- Lightweight directory access protocol
- RADIUS
- SAMLv2
- Identity source sequence
- Certification authority services
- Authentication and authorization process
- Exception policies and policy sets
- Global vs local exception processing
- Third-party NAD support
- Cisco TrustSec
- Easy connect
- Overview
- Modes and flows
- Configuration
Module 3: Web Auth & Guest Services
- Web authentication overview
- Guest access services overview
- Guest access settings
- ISE sponsor components and configuration
Module 4: Cisco ISE Profiler
- Profiler service and policies
- Configure
- Prepare
- Enable
- Probe configuration
- Feed service
- Settings
- Profiling parameters
- NMAP scan action
Module 5: Cisco ISE BYOD
- Problem and solutions
- Design
- Portal selection process
- Device portal configuration
- ISE CA server and local certificates
Module 6: Cisco ISE Endpoint Compliance Services
- Posture service
- Conditions
- Compliance module
- Flow
- Agents
- Deployment and licensing
- Client provisioning
- Posture general settings
- Client provisioning portal and policy
Module 7: Cisco ISE with AMP and VPN-Based Services
- AAA – external authentication
- Cisco ASA for VPN authentication
- Threat centric NAC
Module 8: Cisco ISE Integrated Solutions with APIs
- Location-based authorization
- pxGrid framework
Module 9: Working with Network Access Devices
- TACACS+
- Device administration
- Configuration
- Guidelines
- Best practices
- Migrating Cisco ACS to ISE
Module 10: Cisco ISE Design (Self-Study)
- ISE planning and Pre-deployment
- ISE sizing and scaling practices
- Deployment best practices
- Web portals best practices
- PSN HA or load sharing
- Deploying monitoring personas
- Network infrastructure preparation
Module 11: Configuring Thrid Party NAD Support (optional/Self-Study/Reference)
- Third-party NAD support configuration
Labs:
- Initial Configuration of Cisco ISE
- Complete Cisco ISE GUI Setup
- Integrate Cisco ISE with Active Directory
- Integrating Cisco ISE with a second Microsoft Active Directory
- Basic Policy Configuration
- Configure Guest Access
- Guest Access Operations
- Guest Reports
- Configuring Profiling
- Customizing the Cisco ISE Profiling Configuration
- ISE Profiling Reports
- BYOD Configuration
- Device Blacklisting
- Compliance
- Configuring Client Provisioning
- Configuring Posture Policies
- Testing and Monitoring Compliance Based Access
- Compliance Policy Testing
- MDM Integration with Cisco ISE
- MDM Access and Configuration
- Client Access with MDM
- Using Cisco ISE for VPN Access
- Configuring Backups and Patching
- Configuring Administrative Access
- Review of General Tools
- Report Operations