Implementing Cisco Secure Access Solutions (SISAS)

Implementing Cisco Secure Access Solutions (SISAS) v1.0 is a newly created five-day instructor-led training (vILT) course is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP© Security) certification. Additionally, it is designed to prepare security engineers with the knowledge and hands-on experience so that they can deploy Cisco’s Identity Services Engine and 802.1X secure network access.

The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed network access security by utilizing Cisco ISE appliance product solution.

The student will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing devices connecting to the network. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco’s ISE appliance feature and provide operational support identity and network access control.
Upon completing this course, the learner will be able to meet these overall objectives:


  • Understand Cisco Identity Services Engine architecture and access control capabilities

  • Understand 802.1X architecture, implementation and operation

  • Understand commonly implemented Extensible Authentication Protocols (EAP)

  • Implement Public-Key Infrastructure with ISE

  • Understand the implement Internal and External authentication databases

  • Implement MAC Authentication Bypass

  • Implement identity based authorization policies

  • Understand Cisco TrustSec features

  • Implement Web Authentication and Guest Access

  • Implement ISE Posture service

  • Implement ISE Profiling

  • Understand Bring Your Own Device (BYOD) with ISE

  • Troubleshoot ISE


 

Course Outline

Module 1: Threat Mitigation Through Identity Services


  • Lesson 1: Identity Services

  • Lesson 2: 802.1X and EAP

  • Lesson 3: Identity System Quick Start


Module 2: Cisco Identity Services Engine (ISE) Fundamentals


  • Lesson 1: Cisco ISE Overview

  • Lesson 2: Cisco ISE with PKI

  • Lesson 3: Cisco ISE Authentication

  • Lesson 4: Configuring Cisco ISE for External Authentication


Module 3: Advanced Access Control


  • Lesson 1: Certificate-based User Authentication

  • Lesson 2: Authorization

  • Lesson 3: Security Group Access (SGA) and MACsec Implementation


Module 4: Web Authentication and Guest Access


  • Lesson 1: Describe the Cisco Email Security Solutions

  • Lesson 2: Guest Access Services


Module 5: Endpoint Access Control Enhancements


  • Lesson 1: Posture

  • Lesson 2: Profiler

  • Lesson 3: BYOD


Module 6: Troubleshooting Network Access Control


  • Lesson 1: Troubleshooting Network Access Control



Labs:


  • Lab 1-1: Bootstrap Identity System

  • Lab 2-1: Enroll Cisco ISE in PKI

  • Lab 2-2: Implement MAC Authentication Bypass (MAB) and Internal ISE Authentication

  • Lab 2-3: Implement External Authentication

  • Lab 3-1: Implementing EAP-TLS with Identity Services Engine (ISE)

  • Lab 3-2: Implementing Authorization

  • Lab 4-1: Configuring Cisco ASA Access Policy

  • Lab 4-2: Implement Guest Access

  • Lab 5-1: Implement Posture

  • Lab 5-2: Profiler

  • Lab 6-1: Troubleshooting Network Access Control (Optional)

Audience

The primary audience for this course is as follows:


  • Network Security Engineers