Practical Deployment of Cisco Identity Services Engine (ISE) Real-World Examples of AAA Deployments Andy Richter Jeremy Wood Table of Contents Cover Title page Copyright Acknowledgments Chapter 1: Introduction Abstract Chapter 2: ISE Clustering and Basic Setup Abstract Introduction Sizing and preparation Server/node deployment Certificates Cluster configuration Replication optimization Licensing Patching Backups Active directory Chapter 3: Authentication Methods Abstract Chapter 4: Policy Elements Abstract Breakdown of compound condition Chapter 5: Authentication Abstract Chapter 6: Authorization Abstract Chapter 7: Network Access Device Configuration Abstract Wired Wireless Chapter 8: ISE Profiling Abstract Introduction Setting up profiling Profiling basics Profiling custom devices Example AuthZ Device example—iPhone Chapter 9: ISE Portals and Guest Access Abstract Introduction Portal overview Guest portal types Guest types Sponsor setup Device portals Global guest settings Making portal modifications Scenarios Chapter 10: Deployment Strategies Abstract Wireless Chapter 11: ISE Policy Design Practices Abstract Chapter 12: Corporate Authentication Designs Abstract PEAP machine-only authentication Chapter 13: BYOD Designs Abstract User PEAP BYOD EAP-TLS Web authentication for BYOD access Chapter 14: ISE Posture Assessment Abstract Introduction Posture basics Required AuthZ components Client provisioning Posture rules Conditions Remediation Requirements Posture policy Examples Chapter 15: VPN Integrations Abstract Posture Chapter 16: ISE Reporting and Logging Abstract Introduction Reporting Logging Monitoring Examples Chapter 17: ISE CLI Abstract Introduction ADE-OS—what is it? Manipulating output Show commands Logging Changing time zones Application commands Other tools Examples Chapter 18: ISE Administration Abstract Authenticating to ISE RBAC API Monitoring REST API External RESTful API pxGrid Subject Index Copyright Acquiring Editor: Chris Katsaropoulos Editorial Project Manager: Anna Valutkevich Project Manager: Punithavathy Govindaradjane Designer: Mark Rogers Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA Copyright © 2016 Elsevier Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. ISBN: 978-0-12804457-5 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging-in- Publication Data A catalog record for this book is available from the Library of CFoorn ignrfeosrsmation on all Syngress publications visit our website at http://store.elsevier.com/Syngress Acknowledgments I have to first thank my wife Jenn for being incredibly supportive through this. To my daughter Grace for keeping everything important in perspective. My colleagues at Presidio have been so helpful to me over the years through many projects. Thanks to especially Jonathan, Ron, Colum, Gareth, and Tom. The AAA TAC team out of RTP incredibly still takes my calls and they have always been polite while fixing any of my mistakes. Thanks guys. http://bit.ly/1JYMtma Andy Richter The support of family and friends while writing this book is what made it possible for me; thank you to all of you. The IT group at Norwich University as well deserves a special mention because without them I wouldn’t have most of the experience needed for this. Finally my coauthor Andy, it was his drive to do this book that really got it off the ground. Jeremy Wood
Description: