SISAS v1.0 - Implementing Cisco Secure Access Solutions

Networking/Server/Operating Systems
Schedules
Optional
  LearnITAnytime Online Subscription (1 Year Subscription - $195.00)
  IT Online Library (1 Year Subscription - $1595.00)
  Private Mentoring 3 Hours ($225)
Quantity
If quantity is more than 1, Please add all Attendees' Names /Voucher #/ Learning Credit below separated with a comma. If not specified, we will contact you prior to the class start date. Special Instructions

Description

Implementing Cisco Secure Access Solutions (SISAS) v1.0 is a newly created five-day instructor-led training (ILT) course that is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP© Security) certification. Additionally, it is designed to prepare security engineers with the knowledge and hands-on experience so that they can deploy Cisco€s Identity Services Engine and 802.1X secure network access.

The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed network access security by utilizing Cisco ISE appliance product solution.

The student will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing devices connecting to the network. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco€s ISE appliance feature and provide operational support identity and network access control.

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

  • Windows 7 or 8.1 or 10 is recommended. Mac OSX 10.6 or greater is supported as well.
  • Intel Celeron or better processors are preferred.
  • 1 GB or more of RAM
  • Browser Requirements: Internet Explorer 10 or greater or Mozilla Firefox. (Safari and Mozilla Firefox for Mac OSX)
  • All students are required to have administrator rights to their PCs and cannot be logged in to a domain using any Group Policies that will limit their machine's capabilities.
  • If you do not have administrator rights to your PC, you at least need permissions to download, install, and run Cisco Any Connect Client.
  • If you are participating in a WebEx event, it is highly recommended to take this class at a location that has bandwidth speeds at a minimum of 1 Mbps bandwidth speeds.

Objectives

Upon completing this course, you will be able to:

  • Understand Cisco Identity Services Engine architecture and access control capabilities
  • Understand 802.1X architecture, implementation and operation
  • Understand commonly implemented Extensible Authentication Protocols (EAP)
  • Implement Public-Key Infrastructure with ISE
  • Understand the implement Internal and External authentication databases
  • Implement MAC Authentication Bypass
  • Implement identity based authorization policies
  • Understand Cisco TrustSec features
  • Implement Web Authentication and Guest Access
  • Implement ISE Posture service
  • Implement ISE Profiling
  • Understand Bring Your Own Device (BYOD) with ISE
  • Troubleshoot ISE

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • Cisco Certified Network Associate (CCNA) certification
  • Cisco Certified Network Associate (CCNA) Security certification
  • Knowledge of Microsoft Windows operating system

Who Should Attend

The primary audience for this course is as follows:

  • Network Security Engineers

Outline

Module 1: Threat Mitigation Through Identity Services

    Lesson 1: Identity Services
    Lesson 2: 802.1X and EAP
    Lesson 3: Identity System Quick Start
    Lesson 4: Module Summary

Module 2: Cisco Identity Services Engine (ISE) Fundamentals

    Lesson 1: Cisco ISE Overview
    Lesson 2: Cisco ISE with PKI
    Lesson 3: Cisco ISE Authentication
    Lesson 4: Configuring Cisco ISE for External Authentication
    Lesson 5: Module Summary

Module 3: Advanced Access Control

    Lesson 1: Certificate-based User Authentication
    Lesson 2: Authorization
    Lesson 3: Security Group Access (SGA) and MACsec Implementation
    Lesson 4: Module Summary

Module 4: Web Authentication and Guest Access

    Lesson 1: Describe the Cisco Email Security Solutions
    Lesson 2: Guest Access Services
    Lesson 3: Summary

Module 5: Endpoint Access Control Enhancements

    Lesson 1: Posture
    Lesson 2: Profiler
    Lesson 3: BYOD
    Lesson 4: Summary

Module 6: Troubleshooting Network Access Control

    Lesson 1: Troubleshooting Network Access Control
    Lesson 2: Summary

Lab Outline

Lab 1-1: Bootstrap Identity System
Lab 2-1: Enroll Cisco ISE in PKI
Lab 2-2: Implement MAB and Internal Authentication
Lab 2-3: Implement External Authentication
Lab 3-1: Implement EAP-TLS
Lab 3-2: Implement Authorization
Lab 4-1: Implement Central WebAuth and Guest Services
Lab 5-1: Implement Posture Service
Lab 5-2: Implement the Profile Service
Lab 6-1: Troubleshooting Network Access Control