WISECURE – Securing Cisco Wireless Enterprise Networks

  COURSE CONTENT

In Securing Cisco Wireless Enterprise Networks (WISECURE) you will learn how to secure Cisco wireless networks and gain a firm command of the critical guidelines for implementing Wi-Fi security architectures though proper configuration of Cisco wireless components. Via multiple hands-on labs, you will be able to practice key concepts and topics in deploying Cisco AireOS 8.0, Cisco Prime Infrastructure Release 2.2 and Cisco Identity Services Engine Release 1.3.

  WHO SHOULD ATTEND

  • Network engineers and technicians
  • Test Engineers
  • Network Designers, Administrators and Managers
  • Mid-level Wireless Support Engineers
  • Project Managers

Certifications: This course is part of the following certification track:

  • Cisco Certified Network Professional Wireless (CCNP Wireless)

  CERTIFICATIONS

This course is part of the following Certifications:

  PREREQUISITES

CCNA Route & Switch certification and/or CCNA Wireless certification or completion of at least one of the following courses:

In addition, It is recommended that you have a basic knowledge of the following:

  • Cisco Prime Infrastructure
  • Cisco ISE
  • Metageek Channelizer Software
  • Voice Signaling protocols
  • Basic QoS
  • Cisco Application Visibility Control
  • LAN Switching

  COURSE OBJECTIVES

Upon successful completion of this course, you will be able to:

  • Identify and design security strategies in a Wi-Fi design
  • Design and deploy Cisco ISE and management platforms
  • Secure a Wi-Fi infrastructure
  • Design and deploy End Point and Client security
  • Design and deploy Wi-Fi access control
  • Design and deploy advanced monitoring capabilities

  FOLLOW ON COURSES

  OUTLINE: Securing Cisco Wireless Enterprise Networks (WISECURE)

Module 1 Define Security Approaches in a Wi Fi Design

  • Security Areas in a Wi-Fi Design
  • Security Challenges for IT Organizations
  • Security Approaches in Wi-Fi Designs
  • Policy Enforcement
  • Cisco Prime Infrastructure
  • Cisco ISE/ISE as a Policy Platform
  • Network Access Challenges and Secure Access Control
  • Network Monitoring
  • Prime Infrastructure Converged Approach and Security Dashboard
  • Cisco ISE Dashboard and ISE Alarms

Module 2 Design and Deploy Endpoint and Client Security

  • Defining Endpoint, Client Standards and Features
  • X.509 v3
  • PKI
  • IEEE 802.1X
  • EAP, EAP-TLS and PKI with EAP-TLS
  • PEAP and PEAP Deployment
  • EAP-FAST
  • RADIUS
  • Configure WPA and WPA2 in a Wi-Fi Environment
  • Security Mobility and Roaming

Module 3 Design and Deploy Cisco ISE and Management Platforms

  • Cisco Network Security Architecture
  • User Access Trends
  • Cisco ISE Architecture, Components and Licensing
  • End Device Analysis with Cisco ISE Profiling
  • Create Policies in Cisco ISE
  • Configure Guest Access
  • Cisco CMX Visitor Connect
  • Secure BYOD/BYOD Management and Monitoring
  • Cisco ISE and ISE GUI

Module 4 Secure Wi Fi Infrastructure

  • Current Standards and Features
  • Client and Infrastructure Mode and MFP
  • MFP vs IEEE802.11w
  • VLANs vs ACLs
  • MFP Configuration
  • IEEE 802.11w PMF
  • Identity-Based Networking
  • SMNPv3 in Wi-Fi environment

Module 5 Design and Deploy Wi Fi Access Control

  • Wi-Fi access control standards and features
  • ACLs and Firewall Functionality
  • Configure ACLs in Wi-Fi environment

Module 6 Design and Deploy Monitoring Capabilities

  • Threat and Interference Mitigation Approaches in Wi-Fi
  • Primary Security Concerns
  • Rogue Detection and Mitigation in Wi-Fi Environment
  • Management, Monitoring and Configuring Parameters
  • Cisco CleanAir
  • Cisco Prime Infrastructure Air Quality Monitoring and Reporting
  • Monitoring RRM

Labs:

  • Configuring WPA2 Access
  • Configuring 802.1X Access
  • Configuring RADIUS Integration
  • Configuring a Basic Access Policy
  • Configuring Hotspot Guest Access
  • CWA and Self-Registered Guest Operations
  • Configuring Secure Administrative Access
  • Configuring a Basic Authentication Policy for an AP
  • Implementing Profiling
  • Profiling and Device Onboarding
  • Cisco ISE Profiling Reports
  • Guest Reports
  • Live Logs and Client 360 View
  • Security Report Operations
  • Using System Security Verification Tools