Cisco ISE for BYOD and Secure Unified Access (Paperback)

Plan and deploy identity-based secure access for BYOD and borderless networks

Using Cisco Secure Unified Access Architecture and Cisco Identity Services Engine, you can secure and regain control of borderless networks in a Bring Your Own Device (BYOD) world. This book covers the complete lifecycle of protecting a modern borderless network using these advanced solutions, from planning an architecture through deployment, management, and troubleshooting.

Cisco ISE for BYOD and Secure Unified Access begins by reviewing the business case for an identity solution. Next, you’ll walk through identifying users, devices, and security posture; gain a deep understanding of Cisco’s Secure Unified Access solution; and master powerful techniques for securing borderless networks, from device isolation to protocol-independent network segmentation.

You’ll find in-depth coverage of all relevant technologies and techniques, including 802.1X, profiling, device onboarding, guest lifecycle management, network admission control, RADIUS, and Security Group Access.

Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors present detailed sample configurations to help you plan your own integrated identity solution. Whether you’re a technical professional or an IT manager, this guide will help you provide reliable secure access for BYOD, CYOD (Choose Your Own Device), or any IT model you choose.

• Review the new security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT
• Understand the building blocks of an Identity Services Engine (ISE) solution
• Design an ISE-Enabled network, plan/distribute ISE functions, and prepare for rollout
• Build context-aware security policies
• Configure device profiling, endpoint posture assessments, and guest services
• Implement secure guest lifecycle management, from WebAuth to sponsored guest access
• Configure ISE, network access devices, and supplicants, step-by-step
• Walk through a phased deployment that ensures zero downtime
• Apply best practices to avoid the pitfalls of BYOD secure access
• Simplify administration with self-service onboarding and registration
• Deploy Security Group Access, Cisco’s tagging enforcement solution
• Add Layer 2 encryption to secure traffic flows
• Use Network Edge Access Topology to extend secure access beyond the wiring closet
• Monitor, maintain, and troubleshoot ISE and your entire Secure Unified Access system

規劃並部署基於身份的安全存取，以應對BYOD和無邊界網絡

使用Cisco安全統一存取架構和Cisco身份服務引擎，您可以在BYOD世界中保護和重新掌控無邊界網絡。本書涵蓋了使用這些先進解決方案保護現代無邊界網絡的完整生命周期，從架構規劃到部署、管理和故障排除。

Cisco ISE用於BYOD和安全統一存取首先回顧了身份解決方案的商業案例。接下來，您將深入了解Cisco安全統一存取解決方案，並掌握保護無邊界網絡的強大技術，從設備隔離到協議獨立的網絡分割。

您將找到所有相關技術和技巧的深入介紹，包括802.1X、配置文件、設備上線、訪客生命周期管理、網絡准入控制、RADIUS和安全組存取。

作者們根據他們支持Cisco企業客戶的尖端經驗，提供了詳細的示例配置，以幫助您規劃自己的集成身份解決方案。無論您是技術專業人員還是IT經理，本指南都將幫助您為BYOD、CYOD（選擇您自己的設備）或您選擇的任何IT模型提供可靠的安全存取。

- 檢視與無邊界網絡、無所不在的移動性和消費者化IT相關的新安全挑戰
- 了解身份服務引擎（ISE）解決方案的構建模塊
- 設計一個啟用ISE的網絡，規劃/分發ISE功能，並準備部署
- 建立上下文感知的安全策略
- 配置設備配置文件、端點狀態評估和訪客服務
- 實施安全的訪客生命周期管理，從WebAuth到贊助訪客存取
- 逐步配置ISE、網絡存取設備和請求者
- 進行分階段部署，確保零停機時間
- 運用最佳實踐，避免BYOD安全存取的陷阱
- 通過自助上線和註冊簡化管理
- 部署安全組存取，Cisco的標記執行解決方案
- 添加第2層加密以保護流量流動
- 使用網絡邊緣存取拓撲擴展安全存取至布線櫃之外
- 監控、維護和故障排除ISE和整個安全統一存取系統