Practical Deployment of Cisco Identity Services Engine (ISE)

Practical Deployment of Cisco Identity Services Engine (ISE)

by Andy Richter, Jeremy Wood
Released November 2015
Publisher(s): Syngress
ISBN: 9780128045046

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

With the proliferation of mobile devices and bring-your-own-devices (BYOD) within enterprise networks, the boundaries of where the network begins and ends have been blurred. Cisco Identity Services Engine (ISE) is the leading security policy management platform that unifies and automates access control to proactively enforce role-based access to enterprise networks. In Practical Deployment of Cisco Identity Services Engine (ISE), Andy Richter and Jeremy Wood share their expertise from dozens of real-world implementations of ISE and the methods they have used for optimizing ISE in a wide range of environments.

ISE can be difficult, requiring a team of security and network professionals, with the knowledge of many different specialties. Practical Deployment of Cisco Identity Services Engine (ISE) shows you how to deploy ISE with the necessary integration across multiple different technologies required to make ISE work like a system. Andy Richter and Jeremy Wood explain end-to-end how to make the system work in the real world, giving you the benefit of their ISE expertise, as well as all the required ancillary technologies and configurations to make ISE work.

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Contents
  5. Acknowledgments
  6. Chapter 1 - Introduction (1/2)
  7. Chapter 1 - Introduction (2/2)
  8. Chapter 2 - ISE Clustering and Basic Setup
    1. Introduction
    2. Sizing and preparation
    3. Server/node deployment
    4. Certificates (1/2)
    5. Certificates (2/2)
    6. Cluster configuration
    7. Replication optimization
    8. Licensing
    9. Patching
    10. Backups
    11. Active directory (1/2)
    12. Active directory (2/2)
  9. Chapter 3 - Authentication Methods (1/2)
  10. Chapter 3 - Authentication Methods (2/2)
  11. Chapter 4 - Policy Elements
    1. Breakdown of compound condition
  12. Chapter 5 - Authentication (1/2)
  13. Chapter 5 - Authentication (2/2)
  14. Chapter 6 - Authorization (1/6)
  15. Chapter 6 - Authorization (2/6)
  16. Chapter 6 - Authorization (3/6)
  17. Chapter 6 - Authorization (4/6)
  18. Chapter 6 - Authorization (5/6)
  19. Chapter 6 - Authorization (6/6)
  20. Chapter 7 - Network Access Device Configuration
    1. Wired (1/2)
    2. Wired (2/2)
    3. Wireless (1/4)
    4. Wireless (2/4)
    5. Wireless (3/4)
    6. Wireless (4/4)
  21. Chapter 8 - ISE Profiling
    1. Introduction
    2. Setting Up Profiling
    3. Profiling basics
    4. Profiling custom devices
    5. Example AuthZ
    6. Device example—iPhone
  22. Chapter 9 - ISE Portals and Guest Access
    1. Introduction
    2. Portal overview
    3. Guest portal types
      1. Hotspot Portal
      2. Self-Registered Portal
      3. Sponsored Guest Portal
    4. Guest types
    5. Sponsor setup
      1. Sponsor Groups
    6. Device portals
    7. Global guest settings
    8. Making portal modifications
    9. Scenarios
      1. Hotspot Portal
      2. Guest Portal AuthZ Rules
      3. Configuring Sponsors
  23. Chapter 10 - Deployment Strategies (1/2)
  24. Chapter 10 - Deployment Strategies (2/2)
    1. Wireless
  25. Chapter 11 - ISE Policy Design Practices
  26. Chapter 12 - Corporate Authentication Designs
    1. PEAP machine-only authentication
      1. X509 Authentication (1/4)
      2. X509 Authentication (2/4)
      3. X509 Authentication (3/4)
      4. X509 Authentication (4/4)
  27. Chapter 13 - BYOD Designs
    1. User PEAP
    2. BYOD EAP-TLS (1/3)
    3. BYOD EAP-TLS (2/3)
    4. BYOD EAP-TLS (3/3)
    5. Web authentication for BYOD access
  28. Chapter 14 - ISE Posture Assessment
    1. Introduction
    2. Posture basics
    3. Required AuthZ components
    4. Client provisioning
    5. Posture rules
    6. Conditions
    7. Remediation
    8. Requirements
    9. Posture policy
    10. Examples
      1. Basic Company Posture
      2. Patch Checking
  29. Chapter 15 - VPN Integrations (1/3)
  30. Chapter 15 - VPN Integrations (2/3)
  31. Chapter 15 - VPN Integrations (3/3)
    1. Posture
  32. Chapter 16 - ISE Reporting and Logging
    1. Introduction
    2. Reporting
    3. Logging
    4. Monitoring
    5. Examples
      1. Send Events to Remote Servers
      2. Identity Firewall with Context Directory Agent
      3. Set Up a Remote Syslog Server
        1. Configuring Rsyslog
        2. Configuring Elasticsearch
        3. Configuring Kibana
  33. Chapter 17 - ISE CLI
    1. Introduction
    2. ADE-OS—what is it?
    3. Manipulating output
    4. Show commands
    5. Logging
    6. Changing time zones
    7. Application commands
    8. Other tools
    9. Examples
      1. Getting Tech Support Info
      2. Create Another Admin
  34. Chapter 18 - ISE Administration
    1. Authenticating to ISE
    2. RBAC
    3. API
    4. Monitoring REST API
    5. External restful API
    6. pxGRID
  35. Subject Index (1/2)
  36. Subject Index (2/2)
  37. Back Cover

Product information

  • Title: Practical Deployment of Cisco Identity Services Engine (ISE)
  • Author(s): Andy Richter, Jeremy Wood
  • Release date: November 2015
  • Publisher(s): Syngress
  • ISBN: 9780128045046