LitArk » Books » Romance novel

Andy Richter - Practical Deployment of Cisco Identity Services Engine

Here you can read online Andy Richter - Practical Deployment of Cisco Identity Services Engine full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2015, publisher: Syngress, genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Book:
Practical Deployment of Cisco Identity Services Engine
Author:
Andy Richter / Jeremy Wood
Publisher:
Syngress
Genre:
Books / Romance novel
Year:
2015
Rating:
5 / 5
Favourites:
Add to favourites
Your mark:
- 100
- 1
- 2
- 3
- 4
- 5

Description
Author's other books
Similar books

Practical Deployment of Cisco Identity Services Engine: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Practical Deployment of Cisco Identity Services Engine" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

With the proliferation of mobile devices and bring-your-own-devices (BYOD) within enterprise networks, the boundaries of where the network begins and ends have been blurred. Cisco Identity Services Engine (ISE) is the leading security policy management platform that unifies and automates access control to proactively enforce role-based access to enterprise networks. In Practical Deployment of Cisco Identity Services Engine (ISE), Andy Richter and Jeremy Wood share their expertise from dozens of real-world implementations of ISE and the methods they have used for optimizing ISE in a wide range of environments.

ISE can be difficult, requiring a team of security and network professionals, with the knowledge of many different specialties. Practical Deployment of Cisco Identity Services Engine (ISE) shows you how to deploy ISE with the necessary integration across multiple different technologies required to make ISE work like a system. Andy Richter and Jeremy Wood explain end-to-end how to make the system work in the real world, giving you the benefit of their ISE expertise, as well as all the required ancillary technologies and configurations to make ISE work.

Andy Richter: author's other books

Who wrote Practical Deployment of Cisco Identity Services Engine? Find out the surname, the name of the author of the book and a list of all author's works by series.

Practical Deployment of Cisco Identity Services Engine — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Practical Deployment of Cisco Identity Services Engine" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

↓

↑

Reset

Interval:

↓

↑

Bookmark:

Make

Practical Deployment of Cisco Identity Services Engine (ISE)

Real-World Examples of AAA Deployments

Andy Richter

Jeremy Wood

Table of Contents

Acquiring Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Project Manager: Punithavathy Govindaradjane

Designer: Mark Rogers

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

ISBN: 978-0-12-804457-5

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

For information on all Syngress publications visit our website at http://store.elsevier.com/Syngress

Acknowledgments I have to first thank my wife Jenn for being incredibly - photo 2

Acknowledgments

I have to first thank my wife Jenn for being incredibly supportive through this. To my daughter Grace for keeping everything important in perspective.

My colleagues at Presidio have been so helpful to me over the years through many projects. Thanks to especially Jonathan, Ron, Colum, Gareth, and Tom.

The AAA TAC team out of RTP incredibly still takes my calls and they have always been polite while fixing any of my mistakes. Thanks guys.

http://bit.ly/1JYMtma

Andy Richter

The support of family and friends while writing this book is what made it possible for me; thank you to all of you. The IT group at Norwich University as well deserves a special mention because without them I wouldnt have most of the experience needed for this. Finally my coauthor Andy, it was his drive to do this book that really got it off the ground.

Jeremy Wood

Chapter 1

Introduction

Abstract

This chapter introduces some history of the product field Identity Services Engine (ISE) fits into and has a very high-level overview of topics that will be covered. We talk about some of the more common scenarios that companies face that will drive them to implement ISE as well as some problems that can be solved with it. Core concepts such as what AAA is and how it is used in ISE will be discussed before talking about going into general ISE features and how they could be utilized.

Keywords

introduction

history

AAA

Thank you for opening to the first page, as this is a step many people dont take in a technical manual. I have a few technical books on my shelf that I use exclusively to flip through to specific chapters and have never read the introduction. In that spirit, lets keep the intro short so we can get into the meat of what youre here for.

In this book we hope to bring a practical perspective to deploying the Cisco Identity Services Engine (ISE) system that may otherwise be elusive to the uninitiated in the arts of edge authentication or those who dont have lots of time to spend in the lab playing.

A little history: Before ISE was a product, if you were a Cisco customer and you wanted to deploy edge authentication that used 802.1x, enforce policy based on the posture of a personal computer (PC), deploy robust guest provisioning/web authentication, and profile what connected devices physically, youd need to buy four separate products. These included:

Cisco Access Control Server (ACS)

Cisco Clean Access

Network Admission Control (NAC) Guest

NAC Profiler

Someone at Cisco (whose hand wed really like to shake) decided that having so many products in a design was a really poor idea and Cisco went about creating a product that brought each of those together.

ISE provides edge authentication services for networks in a variety of ways:

IEEE 802.1x authentication

Media access control (MAC) Authentication Bypass (MAB)

Web authentication

Posture assessment

Device profiling

External mobile device management (MDM) integration

Authentication via application program interface (API)

To accomplish these functions, ISE integrates into network access devices (switches, wireless controllers, virtual private network (VPN) concentrators) with Remote Authentication Dial-In User Service (RADIUS). Not only is it simply RADIUS integration, but also the great majority of what ISE provides is standards-compliant RADIUS. Being that Cisco is a large manufacturer (lets point out the obvious), there are some proprietary features ISE provides; well address some of those individually later.

Because ISE is a RADIUS server at its core, when you configure it, you have to remember the three As (aka AAA or triple A):

Authentication

Authorization

Accounting

Each of these not only need to be configured on your network access devices but are also the process that ISE goes through in processing devices that are connecting to the network.

When a RADIUS authentication request first comes in, it goes to authentication policy. This is where ISE determines if the identity of the user or device is who they say they are. This process could involve 802.1x authentication, MAB, or a web authentication.

For the authentication to be successful, a few possible things could be validated, which depends on what is happening for the specific device. If a password is used in the authentication, the password is validated against the Active Directory (AD) and/or Lightweight Directory Access Protocol (LDAP) database. If a certificate is used, it is validated against the certification authority (CA) certificate chain; perhaps its validity is also checked for revocation status. If the MAC address is presented for an authentication bypass, MAB authentication is processed, meaning the MAC address is checked against the MAC addresses in a database of known MAC addresses.

Light

Font size:

↓

↑

Reset

Interval:

↓

↑

Bookmark:

Make

Similar books «Practical Deployment of Cisco Identity Services Engine»

Look at similar books to Practical Deployment of Cisco Identity Services Engine. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.

Eddie Vi

CCNA (640-802) Exam Questions Cisco

Avinash Shukla

Cisco Cloud Infrastructure

Simone Arena

Understanding and Troubleshooting Cisco Catalyst 9800 Series Wireless Controllers

Pramod Nair

Securing 5g and Evolving Architectures

Yogesh Ramdoss

Containers in Cisco Ios-xe, Ios-xr, and Nx-os: Orchestration and Operation

Todd Lammle

Understanding Cisco Networking Technologies, Volume 1: Exam 200-301 (CCNA Certification)

Arvind Durai

Virtual Routing in the Cloud

Omar Santos

Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP

Toby Velte

Cisco A Beginners Guide Fifth Edition

Qiang Huang

SSL Remote Access VPNs

Jim Durkin

Building Multiservice Transport Networks

Kartik Bhatnagar

Cisco Security (One Off)

Reviews about «Practical Deployment of Cisco Identity Services Engine»

Discussion, reviews of the book Practical Deployment of Cisco Identity Services Engine and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.