SISE - Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0

Introdução

The Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0 course shows you how to deploy and use Cisco® Identity Services Engine (ISE) v2.4, an identity and access control policy platform that simplifies the delivery of consistent, highly secure access control across wired, wireless, and VPN connections. This hands-on course provides you with the knowledge and skills to implement and use Cisco ISE, including policy enforcement, profiling services, web authentication and guest access services, BYOD, endpoint compliance services, and TACACS+ device administration. Through expert instruction and hands-on practice, you will learn how to use Cisco ISE to gain visibility into what is happening in your network, streamline security policy management, and contribute to operational efficiency.

This course helps you prepare to take the exam, Implementing and Configuring Cisco Identity Services Engine (300-715 SISE), which leads to CCNP® Security and the Cisco Certified Specialist - Security Identity Management Implementation certifications.

BR Treinamentos offers as a differential:
• Local laboratory, using the latest ISE stable version;
• We present the ISE product news;
• Laboratory activities are individual, thus providing the best learning experience.

Calendário
Próximas Datas
Data
14/09 a 18/09/2020
05/10 a 09/10/2020
09/11 a 13/11/2020
07/12 a 11/12/2020
  • Presencial
  • Virtual
  • Turma Confirmada
Baixar PDF
Carga Horária:
5 horas
Investimento:
R$ 0,00
Solicitar Cotação
Formatos de Entrega

Público Alvo

• Professionals involved in deployment and maintenance of the Cisco ISE platform, integrating with wired and wireless control access.
• Professionals who need to prepare for the Cisco 300-715 certification exam.

Objetivo

After taking this course, you should be able to:
• Describe Cisco ISE deployments, including core deployment components;
• Describe how they components interact to create a cohesive security architecture;
• Describe the advantages of such a deployment;
• Describe how each Cisco ISE capability contributes to these advantages;
• Describe concepts and configure components related to 802.1X and MAC Authentication Bypass (MAB) authentication, identity management, and certificate services;
• Describe how Cisco ISE policy sets are used to implement authentication and authorization;
• Describe how to leverage this capability to meet the needs of your organization;
• Describe third-party Network Access Devices (NADs), Cisco TrustSec®, and Easy Connect;
• Describe and configure web authentication, processes, operation, and guest services, including guest access components and various guest access scenarios;
• Describe and configure Cisco ISE profiling services, and understand how to monitor these services to enhance your situational awareness about network-connected endpoints;
• Describe best practices for deploying this profiler service in your specific environment;
• Describe BYOD challenges, solutions, processes, and portals;
• Configure a BYOD solution, and describe the relationship between BYOD processes and their related configuration components;
• Describe and configure various certificates related to a BYOD solution;
• Describe the value of the My Devices portal and how to configure this portal;
• Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing, and the posture service in Cisco ISE;
• Describe and configure TACACS+ device administration using Cisco ISE, including command sets, profiles, and policy sets;
• Understand the role of TACACS+ within the Authentication, Authentication, and Accounting (AAA) framework and the differences between the RADIUS and TACACS+ protocols;
• Migrate TACACS+ functionality from Cisco Secure Access Control System (ACS) to Cisco ISE, using a migration tool.

Prepare for 300-715 SISE exam, that certifies your knowledge of Cisco Identify Services Engine, including architecture and deployment, policy enforcement, Web Auth and guest services, profiler, BYOD, endpoint compliance, and network access device administration.

Pré Requisitos

To fully benefit from this course, desirable have the following knowledge:
• Familiarity with Switch Cisco IOS® Software Command-Line Interface (CLI);
• Familiarity with WLC Cisco AirOS® Software GUI Interface;
• Familiarity with Cisco AnyConnect® Secure Mobility Client;
• Familiarity with Microsoft Windows operating systems;
• Familiarity with 802.1X.

Conteúdo Programatico

Course Introduction
Course Goal and Objectives
Course Flow

Introducing Cisco ISE Architecture and Deployment
Describe the advantages of each Cisco ISE capability contributes to network access control
Describe using Cisco ISE as a Network Access Policy Engine
Describe core components of secure access, Cisco ISE services, benefits, challenges, and functions.
Presenting examples of Cisco ISE Use Cases
Describe typical scenarios where Cisco ISE is particularly valuable
Describing Cisco ISE Functions
Describe each major Cisco ISE function, along with key aspects and advantages of those functions
Presenting the Cisco ISE Deployment Models
Describe Cisco ISE nodes, personas, and roles.
Presenting Radius & Tacacs+ Protocols
Describe the context visibility feature, and explain the advantages it offers to administration and
troubleshooting tasks
Practical Use: Install and input basic settings for ISE 2.X

Cisco ISE Policy Enforcement
Describe concepts and configure components related to 802.1X and MAB authentication
Describe using identity management and certificate services
Understanding Cisco ISE policy sets
Describe hierarchical policy system is used to implement authentication and authorization policies
Describe how using 802.1X for Wired and Wireless Access
Describe how to Cisco ISE interacts with NADs to limit user access
Describe how the use VLAN assignment, ACL assignment, time-based access, and SGA
Describe how to use 802.1X deployment, using monitor mode, low-impact mode, and closed mode
Describe the components and processes related to 802.1X authentication, authorization, and CoA
Describe how access switch ports can accommodate various 802.1X host modes,
Describe how to accommodate a single host or multiple hosts
Describes MAC Authentication Bypass (MAB) benefits and functionality
Describe MAB message flow, along with MAB design considerations 
Describe key 802.1X implementation guidelines using MAB for Wired and Wireless Access
Practical Usage: Using MAB (MAC Authentication Bypass) for Wired and Wireless Access
Practical Usage: 802.1X and MAB configuration

Introducing Identity Management
Describe identity sources databases of end user and machine credentials
Describe and configure identity sources that are internal to Cisco ISE
How using Local User Database, AD Microsoft, LDAP and Others
Describe external identity sources: AD, LDAP, RSA servers, multi-AD capabilities
Describe tools for diagnosing and troubleshooting AD issues, and more
Describe and configure Identity Source Sequences (ISS) to accommodate multiple identity sources
Configuring Certificate Services
Integrating ISE with CA Corporate Certificate Authority
Describe CA services, and how ISE uses them for secure communications
Describe key features provided by Cisco ISE Certificate Authority (CA) services.
Describe using server and client certificates
Describe how configuring certificate authentication profiles
Describe how Integrate Cisco ISE with Active Directory
Describe how populate the Cisco ISE dictionary with Active Directory attributes
Implementing Third-Party Network Access Device Support
Describes third-party Network Access Device (NAD) Support on Cisco ISE
Describe the key configurations steps for third-party NAD Support
Introducing Cisco TrustSec Model
Describe the functions and advantages of TrustSec, to create a very scalable security solution
Describe TrustSec components and capabilities
Cisco ISE TrustSec Configuration
Describe how to configure TrustSec on Cisco ISE, and on the NADs
Cisco ISE Easy Connect
Explain the purpose of Easy Connect Access, its key characteristics, and caveats related to its use.
Describe the two modes of Easy Connect: Visibility and Enforcement 
Practical Usage: Integrate Cisco ISE with Active Directory
Practical Usage: Configure Cisco ISE Basic Policy-Sets
Practical Usage: Configure Access Policy for Easy Connect

Web Auth and Guest Services
Introducing Web Access with Cisco ISE
Describe Web Authentications Process
Describe the components involved in web access, as well as the various Cisco ISE Web Access Portals.
Describe the Guest Access use, like BYOD, and WebAuth
Describe the high-level configuration steps for web access
Web Guest Authentication & Authorization Options
Describe guest access services, and the access flow for various use cases.
Describe hotspot access, self-registered access, self-registered access with approval, and sponsored access
Describe how Cisco ISE supports multiple Guest Portals
Using for BYOD, Sponsored and Self-Registration
Introducing Guest Access Components
Configuring Guest Access Settings
Understand sponsor groups work and how to configure sponsor settings and customize sponsor portals
Describe how Sponsor user creating guest accounts via both the desktop and mobile sponsor portals
Describe how sponsor groups work, configure sponsor settings, and customize sponsor portals
Describes Cisco ISE sponsor components and configuration
Describe how Sponsor user to manage their guest accounts
Practical Use: Configure Sponsor and Guest Portals
Practical Use: Configure Guest Access Operations
Practical Use: Create Guest Reports

Cisco ISE Profiler
Describe and configure Cisco ISE profiling services, and to monitor these services
Describe the Profiler services, sources, processes, and probes
Describe various best practices for deploying this profiler service in your specific environment
Describe Change of Authorization, and also describe the Cisco ISE Profiler work center and dashboards
Describe Profiling Deployment and Best Practices
Describe each probe based on their difficulty to deploy, impact , and value in gathering the information
Practical Use: Configure Profiling
Practical Use: Customize the Cisco ISE Profiling Configuration
Practical Use: Create Cisco ISE Profiling Reports

Cisco ISE BYOD
Introducing the Cisco ISE BYOD Process
Describe the challenges that corporations have
Describe how Cisco ISE BYOD solution speaks directly to these challenges
Describe the BYOD solution, and specific BYOD services
Describe the employee self-registration of personal devices, and provisioning these devices with certificates
Describe the ability uses of Blacklists for stolen devices and reinstate when recovered
Describe BYOD design aspects related to single SSID and Dual SSID BYOD deployments
Describe various BYOD use cases
Describe BYOD Access Models
Describing BYOD Flow
Describe the relationship between various BYOD processes and their related Cisco ISE configuration
Describe processes and configurations involved in BYOD policies and native supplicant provisioning
Configuring the My Devices Portal
Describe and configure the My Devices portals to facilitate BYOD solutions
Describe two portals relevant to BYOD
Describe BYOD portal used for employee self-registration of their personal devices
Describe My Devices portal configuration
Configuring Certificates in BYOD Scenarios
Describe the use of certificates with BYOD access.
Describe how to use and configure the local ISE CA Server and Local Certificates
Describe how to use Certificate Templates and Certificate Operations
Practical Use: Configure BYOD

Cisco ISE Endpoint Compliance Services
Introducing Endpoint Compliance Services
Describe endpoint compliance and network access
Describe the components of endpoint compliance, including posture agents, posture services and conditions
Describe the flow of the posture process, operational modes, and licensing requirements
Describe Endpoint Compliance Configuration Steps
Describe how Cisco ISE collects various data from the client via a posture agent
Describe how this collected data is evaluated against posture policies to ensure endpoint compliance
Configure Policy for Endpoint Compliance
Configure Cisco Client Anyconnect Provisioning
Configure Cisco ISE policy to provision Cisco posture agents
Configuring Client Posture Services and Provisioning
Practical Use: Configure Cisco ISE Compliance Services
Practical Use: Configure Client Provisioning
Practical use: Configure Posture Policies
Practical Use: Test and Monitor Compliance Based Access
Practical Use: Test Compliance Policy

Working with Network Access Devices
Review AAA Model
Describe TACACS+ and its role within the AAA framework
Describe AAA, compare AAA protocols, and TACACS+ functions in network device administration
Describes configuring Cisco ISE for TACACS+ network device administration services
Describes the necessary configuration steps taken on Cisco ISE to enable device administration
Describes how to configure TACACS+ settings, command sets, profiles, and policy sets
Describes the TACACS logging capabilities in Cisco ISE
TACACS+ Device Administration Guidelines and Best Practices
Describe TACACS+ device administration best practices and guidelines when deploying TACACS+
Describe methods of deployment, configuration best practices, and policy set guidelines
Migrating from Cisco ACS to Cisco ISE
Describes migrating TACACS+ configurations from a Cisco Secure ACS to Cisco ISE
Describe the major differences between platforms
Describe the use of the ACS migration tool, and features that are migrated from Cisco ACS to Cisco ISE
Practical Use: Configure Cisco ISE for Basic Device Administration
Practical Use: Configure TACACS+ Command Authorization

Labs Outline
Lab 1: Access the SISE Lab and Install ISE 2.4
Lab 2: Configure Initial Cisco ISE Setup, GUI Familiarization, and System Certificate Usage
Lab 3: Integrate Cisco ISE with Active Directory
Lab 4: Configure Cisco Basic ISE Policy
Lab 5: Configure Access Policy for Easy Connect
Lab 6: Configure Guest Access
Lab 7: Configure Guest Access Operations
Lab 8: Create Guest Reports
Lab 9: Configure Profiling
Lab 10: Customize the Cisco ISE Profiling Configuration
Lab 11: Create Cisco ISE Profiling Reports
Lab 12: Configure BYOD
Lab 13: Blacklisting a Device
Lab 14: Configure Cisco ISE Compliance Services
Lab 15: Configure Client Provisioning
Lab 16: Configure Posture Policies
Lab 17: Test and Monitor Compliance Based Access
Lab 18: Test Compliance Policy
Lab 19: Configure Cisco ISE for Basic Device Administration
Lab 20: Configure TACACS+ Command Authorization