Implementing Cisco Secure Access Solutions (SISAS)
COURSE CONTENT
Implementing Cisco Secure Access Solutions (SISAS) is a recommended course for the Cisco Certified Network Professional Security (CCNP© Security) certification. Additionally, it prepares you with the necessary knowledge and hands-on experience to deploy Cisco’s Identity Services Engine (ISE) and 802.1X secure network access. You will gain the foundational knowledge and capabilities to implement and manage network access security using Cisco ISE appliance product solution. You will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing devices connecting to the network.
WHO SHOULD ATTEND
The primary audience for this course is as follows:
- Network Security Engineers
PREREQUISITES
- Implementing Cisco Network Security v3.0 (IINS)
- Cisco Certified Network Associate (CCNA®) certification
- Cisco Certified Network Associate (CCNA®) Security certification
- Knowledge of Microsoft Windows operating system
COURSE OBJECTIVES
Upon completing this course, you will be able to:
- Describe ISE architecture and access control capabilities
- Explain the 802.1X architecture, implementation and operation
- Describe the commonly implemented Extensible Authentication Protocols (EAP)
- Implement Public-Key Infrastructure with ISE
- Explain the implement Internal and External authentication databases
- Implement MAC Authentication Bypass
- Implement identity based authorization policies
- Describe Cisco TrustSec features
- Implement Web Authentication and Guest Access
- Implement ISE Posture service
- Implement ISE Profiling
- Explain Bring Your Own Device (BYOD) with ISE
- Troubleshoot ISE
FOLLOW ON COURSES
OUTLINE: Implementing Cisco Secure Access Solutions (SISAS)
Module 1: Threat Mitigation through Identity Services
- Identity Services
- 802.1X and EAP
- 802.1X Components
Module 2: ISE Fundamentals
- Cisco ISE
- Technologies
- Operational Components
- Policy Platform
- Deployment Options
- Cisco ISE with PKI
- PKI Enrollment Procedure
- Cisco ISE Authentication
- Authentication Conditions
- Cisco ISE with External Authentication
- ISE Identity Source Sequence
Module 3: Advance Access Control
- Certificate Based User Authentication
- Authorization Policy and Configuration
- Cisco TrustSec
- MAC Security
- MACsec Cryptography
Module 4: Web Authentication and Guest Access
- Web Authentication
- WebAuth Process and Scenarios
- Guest Access Services
- Guest Policies
Module 5: Endpoint Access Control Enhancements
- Posture Service
- Profiler Policies and Conditions
- BYOD Solution elements
Module 6: Access Control Troubleshooting
- Troubleshooting Procedure
- Tools
- ISE
- 802.1X
- RADIUS Peering
- Authentication Protocol
- WebAuth
- Posture
Labs:
- Bootstrapping Identity System
- Enrolling Cisco ISE in PKI
- Implementing MAB and Internal Authentication
- Implementing External Authentication
- Implementing EAP-TLS
- Implementing Authorization
- Implementing Cisco TrustSec and MACsec
- Implementing WebAuth for Employees
- Implementing Guest Service
- Implementing Posture Service
- Implementing Profiler Service
- (Optional) Troubleshooting Prep
- (Optional) Troubleshooting Network Access Controls