Implementing Cisco Security Access Solutions (SISAS) is a 5-day training program that describes an access control solution that centers on the Cisco Identity Services Engine (ISE). The learners build the solution by implementing basic authentication and then extending the system with the authorization, guest services, Cisco TrustSec, posture, and profiling components.
The most fundamental concepts include the authentication methods, such as 802.1X, MAC Authentication Bypass (MAB), and Web authentication (WebAuth). The learners implement various types of the Extensible Authentication Protocol (EAP) using two different 802.1X supplicants: the native Windows OS supplicant and the Cisco AnyConnect supplicant. The Cisco AnyConnect supplicant is used for a range of scenarios, including EAP chaining.
Although the Web Authentication and the guest services are often deployed together, the learners first implement the WebAuth feature for employee access and then enable the guest feature to allow guest access. The posture service on the ISE is used to determine the security posture status of the endpoints. The learners use the built-in posture elements pre-configured in the ISE, and also implement a custom remediation to automatically install antivirus software. The ISE offers a wide range of profiling capabilities. The learners test the default functionality with the common probes enabled, and extend the profiling granularity by defining custom policies.
The course ends with a troubleshooting lesson and an optional troubleshooting lab exercise.
Upon completing this course, you will be able to meet these objectives:
Network security engineers
Lab 1: Bootstrap Identity System
Lab 2: Enroll Cisco ISE in PKI
Lab 3: Implement MAB and Internal Authentication
Lab 4: Implement External Authentication
Lab 5: Implement EAP-TLS
Lab 6: Implement Authorization
Lab 7: Implement Central WebAuth and Guest Services
Lab 8: Implement Posture Service
Lab 9: Implement the Profile Service
Lab 10: Troubleshooting Network Access Control