Cisco ISE for BYOD and Secure Unified Access und über 1,5 Millionen weitere Bücher verfügbar für Amazon Kindle. Erfahren Sie mehr


oder
Loggen Sie sich ein, um 1-Click® einzuschalten.
oder
Mit kostenloser Probeteilnahme bei Amazon Prime. Melden Sie sich während des Bestellvorgangs an.
Jetzt eintauschen
und EUR 10,76 Gutschein erhalten
Eintausch
Alle Angebote
Möchten Sie verkaufen? Hier verkaufen
Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.
Beginnen Sie mit dem Lesen von Cisco ISE for BYOD and Secure Unified Access auf Ihrem Kindle in weniger als einer Minute.

Sie haben keinen Kindle? Hier kaufen oder eine gratis Kindle Lese-App herunterladen.

Cisco Ise for Byod and Secure Unified Access [Englisch] [Taschenbuch]

Jamey Heary , Aaron Woland

Preis: EUR 39,38 kostenlose Lieferung Siehe Details.
  Alle Preisangaben inkl. MwSt.
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Nur noch 5 auf Lager (mehr ist unterwegs).
Verkauf und Versand durch Amazon. Geschenkverpackung verfügbar.
Lieferung bis Dienstag, 23. Dezember: Wählen Sie an der Kasse Morning-Express. Siehe Details.
‹  Zurück zur Artikelübersicht

Inhaltsverzeichnis

Introduction xxvi Section I The Evolution of Identity Enabled Networks Chapter 1 Regain Control of Your IT Security 1 Security: A Weakest-Link Problem with Ever More Links 2 Cisco Identity Services Engine 3 Sources for Providing Identity and Context Awareness 4 Unleash the Power of Centralized Policy 5 Summary 6 Chapter 2 Introducing Cisco Identity Services Engine 7 Systems Approach to Centralized Network Security Policy 7 What Is the Cisco Identity Services Engine? 9 ISE Authorization Rules 12 Summary 13 Section II The Blueprint, Designing an ISE Enabled Network Chapter 3 The Building Blocks in an Identity Services Engine Design 15 ISE Solution Components Explained 15 Infrastructure Components 16 Policy Components 20 Endpoint Components 20 ISE Personas 21 ISE Licensing, Requirements, and Performance 22 ISE Licensing 23 ISE Requirements 23 ISE Performance 25 ISE Policy-Based Structure Explained 27 Summary 28 Chapter 4 Making Sense of All the ISE Deployment Design Options 29 Centralized Versus Distributed Deployment 29 Centralized Deployment 30 Distributed Deployment 32 Summary 35 Chapter 5 Following a Phased Deployment 37 Why Use a Phased Deployment Approach? 37 Monitor Mode 38 Choosing Your End-State Mode 40 End-State Choice 1: Low-Impact Mode 42 End-State Choice 2: Closed Mode 44 Transitioning from Monitor Mode into an End-State Mode 45 Summary 46 Section III The Foundation, Building a Context-Aware Security Policy Chapter 6 Building a Cisco ISE Network Access Security Policy 47 What Makes Up a Cisco ISE Network Access Security Policy? 47 Network Access Security Policy Checklist 48 Involving the Right People in the Creation of the Network Access Security Policy 49 Determining the High-Level Goals for Network Access Security 51 Common High-Level Network Access Security Goals 52 Defining the Security Domains 55 Understanding and Defining ISE Authorization Rules 57 Commonly Configured Rules and Their Purpose 58 Establishing Acceptable Use Policies 59 Defining Network Access Privileges 61 Enforcement Methods Available with ISE 61 Commonly Used Network Access Security Policies 62 Summary 65 Chapter 7 Building a Device Security Policy 67 Host Security Posture Assessment Rules to Consider 67 Sample NASP Format for Documenting ISE Posture Requirements 72 Common Checks, Rules, and Requirements 74 Method for Adding Posture Policy Rules 74 Research and Information 75 Establishing Criteria to Determine the Validity of a Security Posture Check, Rule, or Requirement in Your Organization 76 Method for Determining Which Posture Policy Rules a Particular Security Requirement Should Be Applied To 77 Method for Deploying and Enforcing Security Requirements 78 ISE Device Profiling 79 ISE Profiling Policies 80 ISE Profiler Data Sources 81 Using Device Profiles in Authorization Rules 82 Summary 82 Chapter 8 Building an ISE Accounting and Auditing Policy 83 Why You Need Accounting and Auditing for ISE 83 Using PCI DSS as Your ISE Auditing Framework 84 ISE Policy for PCI 10.1: Ensuring Unique Usernames and Passwords 87 ISE Policy for PCI 10.2 and 10.3: Audit Log Collection 89 ISE Policy for PCI 10.5.3, 10.5.4, and 10.7: Ensure the Integrity and Confidentiality of Log Data 90 ISE Policy for PCI 10.6: Review Audit Data Regularly 91 Cisco ISE User Accounting 92 Summary 94 Section IV Configuration Chapter 9 The Basics: Principal Configuration Tasks for Cisco ISE 95 Bootstrapping Cisco ISE 95 Using the Cisco ISE Setup Assistant Wizard 98 Configuring Network Devices for ISE 106 Wired Switch Configuration Basics 106 Wireless Controller Configuration Basics 109 Completing the Basic ISE Setup 113 Install ISE Licenses 113 ISE Certificates 114 Installing ISE Behind a Firewall 116 Role-Based Access Control for Administrators 121 RBAC for ISE GUI 121 RBAC: Session and Access Settings and Restrictions 121 RBAC: Authentication 123 RBAC: Authorization 124 Summary 126 Chapter 10 Profiling Basics 127 Understanding Profiling Concepts 127 Probes 130 Probe Configuration 130 Deployment Considerations 133 DHCP 134 Deployment Considerations 135 NetFlow 137 Deployment Considerations 137 RADIUS 137 Deployment Considerations 138 Network Scan (NMAP) 138 Deployment Considerations 139 DNS 139 Deployment Considerations 139 SNMP 140 Deployment Considerations 140 IOS Device-Sensor 141 Change of Authorization 142 CoA Message Types 142 Configuring Change of Authorization in ISE 143 Infrastructure Configuration 144 DHCP Helper 145 SPAN Configuration 145 VLAN Access Control Lists (VACL) 146 VMware Configurations to Allow Promiscuous Mode 148 Best Practice Recommendations 149 Examining Profiling Policies 152 Endpoint Profile Policies 152 Cisco IP Phone 7970 Example 155 Using Profiles in Authorization Policies 161 Endpoint Identity Groups 161 EndPointPolicy 163 Logical Profiles 164 Feed Service 166 Configuring the Feed Service 166 Summary 168 Chapter 11 Bootstrapping Network Access Devices 169 Bootstrap Wizard 169 Cisco Catalyst Switches 170 Global Configuration Settings for All Cisco IOS 12.2 and 15.x Switches 170 Configure Certificates on a Switch 170 Enable the Switch HTTP/HTTPS Server 170 Global AAA Commands 171 Global RADIUS Commands 172 Create Local Access Control Lists 174 Global 802.1X Commands 175 Global Logging Commands (Optional) 175 Global Profiling Commands 177 Interface Configuration Settings for All Cisco Switches 179 Configure Interfaces as Switch Ports 179 Configure Flexible Authentication and High Availability 179 Configure Authentication Settings 182 Configure Authentication Timers 184 Apply the Initial ACL to the Port and Enable Authentication 184 Cisco Wireless LAN Controllers 184 Configure the AAA Servers 185 Add the RADIUS Authentication Servers 185 Add the RADIUS Accounting Servers 186 Configure RADIUS Fallback (High Availability) 187 Configure the Airespace ACLs 188 Create the Web Authentication Redirection ACL 188 Create the Posture Agent Redirection ACL 191 Create the Dynamic Interfaces for the Client VLANs 193 Create the Employee Dynamic Interface 193 Create the Guest Dynamic Interface 194 Create the Wireless LANs 195 Create the Guest WLAN 195 Create the Corporate SSID 199 Summary 202 Chapter 12 Authorization Policy Elements 205 Authorization Results 206 Configuring Authorization Downloadable ACLs 207 Configuring Authorization Profiles 209 Summary 212 Chapter 13 Authentication and Authorization Policies 215 Relationship Between Authentication and Authorization 215 Authentication Policies 216 Goals of an Authentication Policy 216 Accept Only Allowed Protocols 216 Route to the Correct Identity Store 216 Validate the Identity 217 Pass the Request to the Authorization Policy 217 Understanding Authentication Policies 217 Conditions 218 Allowed Protocols 220 Identity Store 224 Options 224 Common Authentication Policy Examples 224 Using the Wireless SSID 225 Remote-Access VPN 228 Alternative ID Stores Based on EAP Type 230 Authorization Policies 232 Goals of Authorization Policies 232 Understanding Authorization Policies 233 Role-Specific Authorization Rules 237 Authorization Policy Example 237 Employee and Corporate Machine Full-Access Rule 238 Internet Only for iDevices 240 Employee Limited Access Rule 243 Saving Attributes for Re-Use 246 Summary 248 Chapter 14 Guest Lifecycle Management 249 Guest Portal Configuration 251 Configuring Identity Source(s) 252 Guest Sponsor Configuration 254 Guest Time Profiles 254 Guest Sponsor Groups 255 Sponsor Group Policies 257 Authentication and Authorization Guest Policies 258 Guest Pre-Authentication Authorization Policy 258 Guest Post-Authentication Authorization Policy 262 Guest Sponsor Portal Configuration 263 Guest Portal Interface and IP Configuration 264 Sponsor and Guest Portal Customization 264 Customize the Sponsor Portal 264 Creating a Simple URL for Sponsor Portal 265 Guest Portal Customization 265 Customizing Portal Theme 266 Creating Multiple Portals 268 Guest Sponsor Portal Usage 271 Sponsor Portal Layout 271 Creating Guest Accounts 273 Managing Guest Accounts 273 Configuration of Network Devices for Guest CWA 274 Wired Switches 274 Wireless LAN Controllers 275 Summary 277 Chapter 15 Device Posture Assessment 279 ISE Posture Assessment Flow 280 Configure Global Posture and Client Provisioning Settings 283 Posture Client Provisioning Global Setup 283 Posture Global Setup 285 General Settings 285 Reassessments 286 Updates 287 Acceptable Use Policy 287 Configure the NAC Agent and NAC Client Provisioning Settings 288 Configure Posture Conditions 289 Configure Posture Remediation 292 Configure Posture Requirements 295 Configure Posture Policy 296 Enabling Posture Assessment in the Network 298 Summary 299 Chapter 16 Supplicant Configuration 301 Comparison of Popular Supplicants 302 Configuring Common Supplicants 303 Mac OS X 10.8.2 Native Supplicant Configuration 303 Windows GPO Configuration for Wired Supplicant 305 Windows 7 Native Supplicant Configuration 309 Cisco AnyConnect Secure Mobility Client NAM 312 Summary 317 Chapter 17 BYOD: Self-Service Onboarding and Registration 319 BYOD Challenges 320 Onboarding Process 322 BYOD Onboarding 322 Dual SSID 322 Single SSID 323 Configuring NADs for Onboarding 324 ISE Configuration for Onboarding 329 End-User Experience 330 Configuring ISE for Onboarding 347 BYOD Onboarding Process Detailed 357 MDM Onboarding 367 Integration Points 367 Configuring MDM Integration 368 Configuring MDM Onboarding Policies 369 Managing Endpoints 372 Self Management 373 Administrative Management 373 The Opposite of BYOD: Identify Corporate Systems 374 EAP Chaining 375 Summary 376 Chapter 18 Setting Up a Distributed Deployment 377 Configuring ISE Nodes in a Distributed Environment 377 Make the Policy Administration Node a Primary Device 377 Register an ISE Node to the Deployment 379 Ensure the Persona of All Nodes Is Accurate 381 Understanding the HA Options Available 382 Primary and Secondary Nodes 382 Monitoring and Troubleshooting Nodes 382 P...

‹  Zurück zur Artikelübersicht