Implementing Cisco Secure Access Solutions (SISAS)

  COURSE CONTENT

Implementing Cisco Secure Access Solutions (SISAS) is a recommended course for the Cisco Certified Network Professional Security (CCNP© Security) certification. Additionally, it prepares you with the necessary knowledge and hands-on experience to deploy Cisco’s Identity Services Engine (ISE) and 802.1X secure network access. You will gain the foundational knowledge and capabilities to implement and manage network access security using Cisco ISE appliance product solution. You will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing devices connecting to the network.

  WHO SHOULD ATTEND

The primary audience for this course is as follows:

  • Network Security Engineers

  PREREQUISITES

   COURSE OBJECTIVES

Upon completing this course, you will be able to:

  • Describe ISE architecture and access control capabilities
  • Explain the 802.1X architecture, implementation and operation
  • Describe the commonly implemented Extensible Authentication Protocols (EAP)
  • Implement Public-Key Infrastructure with ISE
  • Explain the implement Internal and External authentication databases
  • Implement MAC Authentication Bypass
  • Implement identity based authorization policies
  • Describe Cisco TrustSec features
  • Implement Web Authentication and Guest Access
  • Implement ISE Posture service
  • Implement ISE Profiling
  • Explain Bring Your Own Device (BYOD) with ISE
  • Troubleshoot ISE

  FOLLOW ON COURSES  

  OUTLINE: Implementing Cisco Secure Access Solutions (SISAS)

Module 1: Threat Mitigation through Identity Services

  • Identity Services
  • 802.1X and EAP
  • 802.1X Components

Module 2: ISE Fundamentals

  • Cisco ISE
    • Technologies
    • Operational Components
    • Policy Platform
    • Deployment Options
  • Cisco ISE with PKI
  • PKI Enrollment Procedure
  • Cisco ISE Authentication
  • Authentication Conditions
  • Cisco ISE with External Authentication
  • ISE Identity Source Sequence

Module 3: Advance Access Control

  • Certificate Based User Authentication
  • Authorization Policy and Configuration
  • Cisco TrustSec
  • MAC Security
  • MACsec Cryptography

Module 4: Web Authentication and Guest Access

  • Web Authentication
  • WebAuth Process and Scenarios
  • Guest Access Services
  • Guest Policies

Module 5: Endpoint Access Control Enhancements

  • Posture Service
  • Profiler Policies and Conditions
  • BYOD Solution elements

Module 6: Access Control Troubleshooting

  • Troubleshooting Procedure
  • Tools
  • ISE
  • 802.1X
  • RADIUS Peering
  • Authentication Protocol
  • WebAuth
  • Posture

Labs:

  • Bootstrapping Identity System
  • Enrolling Cisco ISE in PKI
  • Implementing MAB and Internal Authentication
  • Implementing External Authentication
  • Implementing EAP-TLS
  • Implementing Authorization
  • Implementing Cisco TrustSec and MACsec
  • Implementing WebAuth for Employees
  • Implementing Guest Service
  • Implementing Posture Service
  • Implementing Profiler Service
  • (Optional) Troubleshooting Prep
  • (Optional) Troubleshooting Network Access Controls