Cisco ISE for BYOD and Secure Unified Access

Author: Aaron Woland,Jamey Heary

Publisher: Cisco Press

ISBN: 0134586697

Category: Computers

Page: 912

View: 3892

DOWNLOAD NOW »

Fully updated: The complete guide to Cisco Identity Services Engine solutions Using Cisco Secure Access Architecture and Cisco Identity Services Engine, you can secure and gain control of access to your networks in a Bring Your Own Device (BYOD) world. This second edition of Cisco ISE for BYOD and Secure Unified Accesscontains more than eight brand-new chapters as well as extensively updated coverage of all the previous topics in the first edition book to reflect the latest technologies, features, and best practices of the ISE solution. It begins by reviewing today’s business case for identity solutions. Next, you walk through ISE foundational topics and ISE design. Then you explore how to build an access security policy using the building blocks of ISE. Next are the in-depth and advanced ISE configuration sections, followed by the troubleshooting and monitoring chapters. Finally, we go in depth on the new TACACS+ device administration solution that is new to ISE and to this second edition. With this book, you will gain an understanding of ISE configuration, such as identifying users, devices, and security posture; learn about Cisco Secure Access solutions; and master advanced techniques for securing access to networks, from dynamic segmentation to guest access and everything in between. Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors offer in-depth coverage of the complete lifecycle for all relevant ISE solutions, making this book a cornerstone resource whether you’re an architect, engineer, operator, or IT manager. · Review evolving security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT · Understand Cisco Secure Access, the Identity Services Engine (ISE), and the building blocks of complete solutions · Design an ISE-enabled network, plan/distribute ISE functions, and prepare for rollout · Build context-aware security policies for network access, devices, accounting, and audit · Configure device profiles, visibility, endpoint posture assessments, and guest services · Implement secure guest lifecycle management, from WebAuth to sponsored guest access · Configure ISE, network access devices, and supplicants, step by step · Apply best practices to avoid the pitfalls of BYOD secure access · Set up efficient distributed ISE deployments · Provide remote access VPNs with ASA and Cisco ISE · Simplify administration with self-service onboarding and registration · Deploy security group access with Cisco TrustSec · Prepare for high availability and disaster scenarios · Implement passive identities via ISE-PIC and EZ Connect · Implement TACACS+ using ISE · Monitor, maintain, and troubleshoot ISE and your entire Secure Access system · Administer device AAA with Cisco IOS, WLC, and Nexus

Cisco ISE for BYOD and Secure Unified Access

Author: Jamey Heary,Aaron Woland

Publisher: Cisco Press

ISBN: 0133103633

Category: Computers

Page: 752

View: 1422

DOWNLOAD NOW »

Plan and deploy identity-based secure access for BYOD and borderless networks Using Cisco Secure Unified Access Architecture and Cisco Identity Services Engine, you can secure and regain control of borderless networks in a Bring Your Own Device (BYOD) world. This book covers the complete lifecycle of protecting a modern borderless network using these advanced solutions, from planning an architecture through deployment, management, and troubleshooting. Cisco ISE for BYOD and Secure Unified Access begins by reviewing the business case for an identity solution. Next, you’ll walk through identifying users, devices, and security posture; gain a deep understanding of Cisco’s Secure Unified Access solution; and master powerful techniques for securing borderless networks, from device isolation to protocol-independent network segmentation. You’ll find in-depth coverage of all relevant technologies and techniques, including 802.1X, profiling, device onboarding, guest lifecycle management, network admission control, RADIUS, and Security Group Access. Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors present detailed sample configurations to help you plan your own integrated identity solution. Whether you’re a technical professional or an IT manager, this guide will help you provide reliable secure access for BYOD, CYOD (Choose Your Own Device), or any IT model you choose. Review the new security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT Understand the building blocks of an Identity Services Engine (ISE) solution Design an ISE-Enabled network, plan/distribute ISE functions, and prepare for rollout Build context-aware security policies Configure device profiling, endpoint posture assessments, and guest services Implement secure guest lifecycle management, from WebAuth to sponsored guest access Configure ISE, network access devices, and supplicants, step-by-step Walk through a phased deployment that ensures zero downtime Apply best practices to avoid the pitfalls of BYOD secure access Simplify administration with self-service onboarding and registration Deploy Security Group Access, Cisco’s tagging enforcement solution Add Layer 2 encryption to secure traffic flows Use Network Edge Access Topology to extend secure access beyond the wiring closet Monitor, maintain, and troubleshoot ISE and your entire Secure Unified Access system

Cisco ISE for BYOD and Secure Unified Access

Author: Aaron T. Woland,Jamey Heary

Publisher: Pearson Education

ISBN: 1587143259

Category: Computers

Page: 719

View: 8065

DOWNLOAD NOW »

Plan and deploy identity-based secure access for BYOD and borderless networks Using Cisco Secure Unified Access Architecture and Cisco Identity Services Engine, you can secure and regain control of borderless networks in a Bring Your Own Device (BYOD) world. This book covers the complete lifecycle of protecting a modern borderless network using these advanced solutions, from planning an architecture through deployment, management, and troubleshooting. Cisco ISE for BYOD and Secure Unified Access begins by reviewing the business case for an identity solution. Next, you'll walk through identifying users, devices, and security posture; gain a deep understanding of Cisco's Secure Unified Access solution; and master powerful techniques for securing borderless networks, from device isolation to protocol-independent network segmentation. You'll find in-depth coverage of all relevant technologies and techniques, including 802.1X, profiling, device onboarding, guest lifecycle management, network admission control, RADIUS, and Security Group Access. Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors present detailed sample configurations to help you plan your own integrated identity solution. Whether you're a technical professional or an IT manager, this guide will help you provide reliable secure access for BYOD, CYOD (Choose Your Own Device), or any IT model you choose. Review the new security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT Understand the building blocks of an Identity Services Engine (ISE) solution Design an ISE-Enabled network, plan/distribute ISE functions, and prepare for rollout Build context-aware security policies Configure device profiling, endpoint posture assessments, and guest services Implement secure guest lifecycle management, from WebAuth to sponsored guest access Configure ISE, network access devices, and supplicants, step-by-step Walk through a phased deployment that ensures zero downtime Apply best practices to avoid the pitfalls of BYOD secure access Simplify administration with self-service onboarding and registration Deploy Security Group Access, Cisco's tagging enforcement solution Add Layer 2 encryption to secure traffic flows Use Network Edge Access Topology to extend secure access beyond the wiring closet Monitor, maintain, and troubleshoot ISE and your entire Secure Unified Access system

CCNP Security SISAS 300-208 Official Cert Guide

Author: Aaron T. Woland,Christoffer Heffner,Kevin Redmon

Publisher: Pearson Education

ISBN: 1587144263

Category: Computers

Page: 928

View: 6934

DOWNLOAD NOW »

CCNP Security SISAS 300-208 Official Cert Guide is a comprehensive self-study tool for preparing for the latest CCNP Security SISAS exam. Complete coverage of all exam topics as posted on the exam topic blueprint ensures readers will arrive at a thorough understanding of what they need to master to succeed on the exam. The book follows a logical organization of the CCNP Security exam objectives. Material is presented in a concise manner, focusing on increasing readers' retention and recall of exam topics. Readers will organize their exam preparation through the use of the consistent features in these chapters, including: Pre-chapter quiz - These quizzes allow readers to assess their knowledge of the chapter content and decide how much time to spend on any given section. Foundation Topics - These sections make up the majority of the page count, explaining concepts, configurations, with emphasis on the theory and concepts, and with linking the theory to the meaning of the configuration commands. Key Topics - Inside the Foundation Topics sections, every figure, table, or list that should absolutely be understood and remembered for the exam is noted with the words Key Topic in the margin. This tool allows the reader to quickly review the most important details in each chapter. Exam Preparation - This ending section of each chapter includes three additional features for review and study, all designed to help the reader remember the details as well as to get more depth. Readers will be instructed to review key topics from the chapter, complete tables and lists from memory, and define key terms. Final Preparation Chapter - This final chapter details a set of tools and a study plan to help readers complete their preparation for the exams. CD-ROM Practice Test - The companion CD-ROM contains a set of customizable practice tests.

Cisco Next-Generation Security Solutions

All-in-one Cisco ASA Firepower Services, NGIPS, and AMP

Author: Omar Santos,Panos Kampanakis,Aaron Woland

Publisher: Cisco Press

ISBN: 0134213041

Category: Computers

Page: 368

View: 7888

DOWNLOAD NOW »

Network threats are emerging and changing faster than ever before. Cisco Next-Generation Network Security technologies give you all the visibility and control you need to anticipate and meet tomorrow’s threats, wherever they appear. Now, three Cisco network security experts introduce these products and solutions, and offer expert guidance for planning, deploying, and operating them. The authors present authoritative coverage of Cisco ASA with FirePOWER Services; Cisco Firepower Threat Defense (FTD); Cisco Next-Generation IPS appliances; the Cisco Web Security Appliance (WSA) with integrated Advanced Malware Protection (AMP); Cisco Email Security Appliance (ESA) with integrated Advanced Malware Protection (AMP); Cisco AMP ThreatGrid Malware Analysis and Threat Intelligence, and the Cisco Firepower Management Center (FMC). You’ll find everything you need to succeed: easy-to-follow configurations, application case studies, practical triage and troubleshooting methodologies, and much more. Effectively respond to changing threat landscapes and attack continuums Design Cisco ASA with FirePOWER Services and Cisco Firepower Threat Defense (FTD) solutions Set up, configure, and troubleshoot the Cisco ASA FirePOWER Services module and Cisco Firepower Threat Defense Walk through installing AMP Private Clouds Deploy Cisco AMP for Networks, and configure malware and file policies Implement AMP for Content Security, and configure File Reputation and File Analysis Services Master Cisco AMP for Endpoints, including custom detection, application control, and policy management Make the most of the AMP ThreatGrid dynamic malware analysis engine Manage Next-Generation Security Devices with the Firepower Management Center (FMC) Plan, implement, and configure Cisco Next-Generation IPS—including performance and redundancy Create Cisco Next-Generation IPS custom reports and analyses Quickly identify the root causes of security problems

Practical Deployment of Cisco Identity Services Engine (ISE)

Real-World Examples of AAA Deployments

Author: Andy Richter,Jeremy Wood

Publisher: Syngress

ISBN: 0128045043

Category: Computers

Page: 298

View: 4052

DOWNLOAD NOW »

With the proliferation of mobile devices and bring-your-own-devices (BYOD) within enterprise networks, the boundaries of where the network begins and ends have been blurred. Cisco Identity Services Engine (ISE) is the leading security policy management platform that unifies and automates access control to proactively enforce role-based access to enterprise networks. In Practical Deployment of Cisco Identity Services Engine (ISE), Andy Richter and Jeremy Wood share their expertise from dozens of real-world implementations of ISE and the methods they have used for optimizing ISE in a wide range of environments. ISE can be difficult, requiring a team of security and network professionals, with the knowledge of many different specialties. Practical Deployment of Cisco Identity Services Engine (ISE) shows you how to deploy ISE with the necessary integration across multiple different technologies required to make ISE work like a system. Andy Richter and Jeremy Wood explain end-to-end how to make the system work in the real world, giving you the benefit of their ISE expertise, as well as all the required ancillary technologies and configurations to make ISE work.

Email Security with Cisco IronPort

Author: Chris Porter

Publisher: Cisco Press

ISBN: 0132730715

Category: Computers

Page: 576

View: 691

DOWNLOAD NOW »

Email Security with Cisco IronPort thoroughly illuminates the security and performance challenges associated with today’s messaging environments and shows you how to systematically anticipate and respond to them using Cisco’s IronPort Email Security Appliance (ESA). Going far beyond any IronPort user guide, leading Cisco expert Chris Porter shows you how to use IronPort to construct a robust, secure, high-performance email architecture that can resist future attacks. Email Security with Cisco IronPortpresents specific, proven architecture recommendations for deploying IronPort ESAs in diverse environments to optimize reliability and automatically handle failure. The author offers specific recipes for solving a wide range of messaging security problems, and he demonstrates how to use both basic and advanced features-–including several hidden and undocumented commands. The author addresses issues ranging from directory integration to performance monitoring and optimization, and he offers powerful insights into often-ignored email security issues, such as preventing “bounce blowback.” Throughout, he illustrates his solutions with detailed examples demonstrating how to control ESA configuration through each available interface. Chris Porter,Technical Solutions Architect at Cisco, focuses on the technical aspects of Cisco IronPort customer engagements. He has more than 12 years of experience in applications, computing, and security in finance, government, Fortune® 1000, entertainment, and higher education markets. ·Understand how the Cisco IronPort ESA addresses the key challenges of email security ·Select the best network deployment model for your environment, and walk through successful installation and configuration ·Configure and optimize Cisco IronPort ESA’s powerful security, message, and content filtering ·Understand the email pipeline so you can take full advantage of it–and troubleshoot problems if they occur ·Efficiently control Cisco IronPort ESA through its Web User Interface (WUI) and command-line interface (CLI) ·Implement reporting, monitoring, logging, and file management ·Integrate Cisco IronPort ESA and your mail policies with LDAP directories such as Microsoft Active Directory ·Automate and simplify email security administration ·Deploy multiple Cisco IronPort ESAs and advanced network configurations ·Prepare for emerging shifts in enterprise email usage and new security challenges This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Deploying and Troubleshooting Cisco Wireless LAN Controllers

Author: Mark L. Gress,Lee Johnson

Publisher: Pearson Education

ISBN: 9781587140501

Category: Computers

Page: 600

View: 4646

DOWNLOAD NOW »

This is the only complete, all-in-one guide to deploying, running, and troubleshooting wireless networks with Cisco® Wireless LAN Controllers (WLCs) and Lightweight Access Point Protocol (LWAPP)/Control and Provisioning of Wireless Access Points (CAPWAP). Authored by two of the most experienced Cisco wireless support professionals, the book presents start-to-finish coverage of implementing WLCs in existing wired and wireless network environments, troubleshooting design-related issues, and using LWAPP/CAPWAP solutions to achieve your specific business and technical goals. One step at a time, you’ll walk through designing, configuring, maintaining, and scaling wireless networks using Cisco Unified Wireless technologies. The authors show how to use LWAPP/CAPWAP to control multiple Wi-Fi wireless access points at once, streamlining network administration and monitoring and maximizing scalability. Drawing on their extensive problem-resolution experience, the authors also provide expert guidelines for troubleshooting, including an end-to-end problem-solving model available in no other book. Although not specifically designed to help you pass the CCIE® Wireless written and lab exams, this book does provide you with real-world configuration and troubleshooting examples. Understanding the basic configuration practices, how the products are designed to function, the feature sets, and what to look for while troubleshooting these features will be invaluable to anyone wanting to pass the CCIE Wireless exams. Efficiently install, configure, and troubleshoot Cisco Wireless LAN Controllers Move autonomous wireless network solutions to LWAPP/CAPWAP Integrate LWAPP/CAPWAP solutions into existing wired networks Understand the next-generation WLC architecture Use Hybrid REAP and Home AP solutions to centrally configure and control branch/remote access points without deploying controllers in every location Use Mobility Groups to provide system-wide mobility easily and cost-effectively Use Cisco WLC troubleshooting tools, and resolve client-related problems Maximize quality in wireless voice applications Build efficient wireless mesh networks Use RRM to manage RF in real-time, optimizing efficiency and performance Reference the comprehensive WLC and AP debugging guide Part of the CCIE Professional Development Series, this is the first book to offer authoritative training for the new CCIE Wireless Exam. It will also serve as excellent preparation for Cisco’s new CCNP® Wireless exam.

Cisco ASA

All-in-one Next-generation Firewall, IPS, and VPN Services

Author: Jazib Frahim,Omar Santos,Andrew Ossipov

Publisher: Pearson Education

ISBN: 1587143070

Category: Computers

Page: 1209

View: 3150

DOWNLOAD NOW »

Cisco® ASA All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition Identify, mitigate, and respond to today''s highly-sophisticated network attacks. Today, network attackers are far more sophisticated, relentless, and dangerous. In response, Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services has been fully updated to cover the newest techniques and Cisco technologies for maximizing end-to-end security in your environment. Three leading Cisco security experts guide you through every step of creating a complete security plan with Cisco ASA, and then deploying, configuring, operating, and troubleshooting your solution. Fully updated for today''s newest ASA releases, this edition adds new coverage of ASA 5500-X, ASA 5585-X, ASA Services Module, ASA next-generation firewall services, EtherChannel, Global ACLs, clustering, IPv6 improvements, IKEv2, AnyConnect Secure Mobility VPN clients, and more. The authors explain significant recent licensing changes; introduce enhancements to ASA IPS; and walk you through configuring IPsec, SSL VPN, and NAT/PAT. You''ll learn how to apply Cisco ASA adaptive identification and mitigation services to systematically strengthen security in network environments of all sizes and types. The authors present up-to-date sample configurations, proven design scenarios, and actual debugs- all designed to help you make the most of Cisco ASA in your rapidly evolving network. Jazib Frahim, CCIE® No. 5459 (Routing and Switching; Security), Principal Engineer in the Global Security Solutions team, guides top-tier Cisco customers in security-focused network design and implementation. He architects, develops, and launches new security services concepts. His books include Cisco SSL VPN Solutions and Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting. Omar Santos, CISSP No. 463598, Cisco Product Security Incident Response Team (PSIRT) technical leader, leads and mentors engineers and incident managers in investigating and resolving vulnerabilities in Cisco products and protecting Cisco customers. Through 18 years in IT and cybersecurity, he has designed, implemented, and supported numerous secure networks for Fortune® 500 companies and the U.S. government. He is also the author of several other books and numerous whitepapers and articles. Andrew Ossipov, CCIE® No. 18483 and CISSP No. 344324, is a Cisco Technical Marketing Engineer focused on firewalls, intrusion prevention, and data center security. Drawing on more than 16 years in networking, he works to solve complex customer technical problems, architect new features and products, and define future directions for Cisco''s product portfolio. He holds several pending patents. Understand, install, configure, license, maintain, and troubleshoot the newest ASA devices Efficiently implement Authentication, Authorization, and Accounting (AAA) services Control and provision network access with packet filtering, context-aware Cisco ASA next-generation firewall services, and new NAT/PAT concepts Configure IP routing, application inspection, and QoS Create firewall contexts with unique configurations, interfaces, policies, routing tables, and administration Enable integrated protection against many types of malware and advanced persistent threats (APTs) via Cisco Cloud Web Security and Cisco Security Intelligence Operations (SIO) Implement high availability with failover and elastic scalability with clustering Deploy, troubleshoot, monitor, tune, and manage Intrusion Prevention System (IPS) features Implement site-to-site IPsec VPNs and all forms of remote-access VPNs (IPsec, clientless SSL, and client-based SSL) Configure and troubleshoot Public Key Infrastructure (PKI) Use IKEv2 to more effectively resist attacks against VPNs Leverage IPv6 support for IPS, packet inspection, transparent firewalls, and site-to-site IPsec VPNs

AAA Identity Management Security

Author: Vivek Santuka,Premdeep Banga,Brandon James Carroll

Publisher: Pearson Education

ISBN: 9781587141522

Category: Computers

Page: 600

View: 6674

DOWNLOAD NOW »

Cisco's complete, authoritative guide to Authentication, Authorization, and Accounting (AAA) solutions with CiscoSecure ACS AAA solutions are very frequently used by customers to provide secure access to devices and networks AAA solutions are difficult and confusing to implement even though they are almost mandatory Helps IT Pros choose the best identity management protocols and designs for their environments Covers AAA on Cisco routers, switches, access points, and firewalls This is the first complete, authoritative, single-source guide to implementing, configuring, and managing Authentication, Authorization and Accounting (AAA) identity management with CiscoSecure Access Control Server (ACS) 4 and 5. Written by three of Cisco's most experienced CiscoSecure product support experts, it covers all AAA solutions (except NAC) on Cisco routers, switches, access points, firewalls, and concentrators. It also thoroughly addresses both ACS configuration and troubleshooting, including the use of external databases supported by ACS. Each of this book's six sections focuses on specific Cisco devices and their AAA configuration with ACS. Each chapter covers configuration syntax and examples, debug outputs with explanations, and ACS screenshots. Drawing on the authors' experience with several thousand support cases in organizations of all kinds, AAA Identity Management Security presents pitfalls, warnings, and tips throughout. Each major topic concludes with a practical, hands-on lab scenario corresponding to a real-life solution that has been widely implemented by Cisco customers. This book brings together crucial information that was previously scattered across multiple sources. It will be indispensable to every professional running CiscoSecure ACS 4 or 5, as well as all candidates for CCSP and CCIE (Security or R and S) certification.

Cisco Unified Computing System (UCS) (Data Center)

A Complete Reference Guide to the Cisco Data Center Virtualization Server Architecture

Author: Silvano Gai,Tommi Salli,Roger Andersson

Publisher: Pearson Education

ISBN: 9781587141959

Category: Computers

Page: 400

View: 7388

DOWNLOAD NOW »

The definitive guide to UCS and the Cisco® Data Center Server: planning, architecture, components, deployment, and benefits With its new Unified Computing System (UCS) family of products, Cisco has introduced a fundamentally new vision for data center computing: one that reduces ownership cost, improves agility, and radically simplifies management. In this book, three Cisco insiders thoroughly explain UCS, and offer practical insights for IT professionals and decision-makers who are evaluating or implementing it. The authors establish the context for UCS by discussing the implications of virtualization, unified I/O, large memories and other key technologies, and showing how trends like cloud computing and green IT will drive the next-generation data center. Next, they take a closer look at the evolution of server CPU, memory, and I/O subsystems, covering advances such as the Intel® XEON® 5500, 5600, 7500, DDR3 memory, and unified I/O over 10 Gbps Ethernet. Building on these fundamentals, the authors then discuss UCS in detail, showing how it systematically overcomes key limitations of current data center environments. They review UCS features, components, and architecture, and demonstrate how it can improve data center performance, reliability, simplicity, flexibility, and energy efficiency. Along the way, they offer realistic planning, installation, and migration guidance: everything decision-makers and technical implementers need to gain maximum value from UCS–now, and for years to come. Silvano Gai has spent 11 years as Cisco Fellow, architecting Catalyst®, MDS, and Nexus switches. He has written several books on networking, written multiple Internet Drafts and RFCs, and is responsible for 80 patents and applications. He teaches a course on this book’s topics at Stanford University. Tommi Salli, Cisco Technical Marketing Engineer, has nearly 20 years of experience with servers and applications at Cisco, Sun, VERITAS, and Nuova Systems. Roger Andersson, Cisco Manager, Technical Marketing, spent more than 12 years in the CLARiiON® Engineering Division at EMC, and 5 years as Technical Product Manager at VERITAS/Symantec. He is now focused on Cisco UCS system management. Streamline data centers with UCS to systematically reduce cost of ownership Eliminate unnecessary server components–and their setup, management, power, cooling, and cabling Use UCS to scale service delivery, simplify service movement, and improve agility Review the latest advances in processor, memory, I/O, and virtualization architectures for data center servers Understand the specific technical advantages of UCS Integrate UCS 6100 Fabric Interconnect, Cisco UCS 2100 Series Fabric Extenders, UCS 5100 Series Blade Server Enclosures, UCS B-Series Blade Servers, UCS C-Series Rack Servers, and UCS Adapters Use Cisco UCS Manager to manage all Cisco UCS components as a single, seamless entity Integrate third-party management tools from companies like BMC®, CA®, EMC®, IBM®, Microsoft®, and VMware® Practice all this with a copy of Cisco Unified Computing System™ Platform Emulator Lite (UCSPE Lite) on the DVD in the back of the book This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Designing and Deploying 802.11 Wireless Networks

A Practical Guide to Implementing 802.11n and 802.11ac Wireless Networks For Enterprise-Based Applications

Author: Jim Geier

Publisher: Cisco Press

ISBN: 0133891399

Category: Computers

Page: 600

View: 6802

DOWNLOAD NOW »

Designing and Deploying 802.11 Wireless Networks Second Edition A Practical Guide to Implementing 802.11n and 802.11ac Wireless Networks For Enterprise-Based Applications Plan, deploy, and operate high-performance 802.11ac and 802.11n wireless networks The new 802.11ac standard enables WLANs to deliver significantly higher performance. Network equipment manufacturers have refocused on 802.11ac- and 802.11n-compliant solutions, rapidly moving older versions of 802.11 toward “legacy” status. Now, there’s a complete guide to planning, designing, installing, testing, and supporting 802.11ac and 802.11n wireless networks in any environment, for virtually any application. Jim Geier offers practical methods, tips, and recommendations that draw on his decades of experience deploying wireless solutions and shaping wireless standards. He carefully introduces 802.11ac’s fundamentally different design, site survey, implementation, and network configuration techniques, helping you maximize performance and avoid pitfalls. Geier organizes each phase of WLAN deployment into clearly defined steps, making the entire planning and deployment process easy to understand and execute. He illuminates key concepts and methods through realistic case studies based on current Cisco products, while offering tips and techniques you can use with any vendor’s equipment. To build your skills with key tasks, you’ll find several hands-on exercises relying on free or inexpensive tools. Whether you’re deploying an entirely new wireless network or migrating from older equipment, this guide contains all the expert knowledge you’ll need to succeed. Jim Geier has 30 years of experience planning, designing, analyzing and implementing communications, wireless, and mobile systems. Geier is founder and Principal Consultant of Wireless-Nets, Ltd., providing wireless analysis and design services to product manufacturers. He is also president, CEO, and co-founder of Health Grade Networks, providing wireless network solutions to hospitals, airports, and manufacturing facilities. His books include the first edition of Designing and Deploying 802.11n Wireless Networks (Cisco Press); as well as Implementing 802.1X Security Solutions and Wireless Networking Handbook. Geier has been active in the IEEE 802.11 Working Group and Wi-Fi Alliance; has chaired the IEEE Computer Society (Dayton Section) and various conferences; and served as expert witness in patent litigation related to wireless and cellular technologies. Review key 802.11 concepts, applications, markets, and technologies Compare ad hoc, mesh, and infrastructure WLANs and their components Consider the impact of radio signal interference, security vulnerabilities, multipath propagation, roaming, and battery limitations Thoroughly understand today’s 802.11 standards in the context of actual network deployment and support Plan your deployment: scoping, staffing, schedules, budgets, risks, feasibility analysis, and requirements Architect access networks and distribution system for maximum reliability, manageability, and performance Make the right tradeoffs and decisions to optimize range, performance, and roaming Secure WLANs via encryption, authentication, rogue AP detection, RF shielding, and policies Master design and site survey tools and methods for planning 802.11ac networks and migrations Efficiently install and test any 802.11ac or 802.11n wireless network Establish specialized support for wireless networks, including help desk operations Systematically troubleshoot connectivity, performance, and roaming issues Design efficient mesh networks and city-wide deployments

Cisco Ise for Byod and Secure Unified Access

Author: Roderick Brock

Publisher: Createspace Independent Publishing Platform

ISBN: 9781548601140

Category:

Page: 404

View: 3483

DOWNLOAD NOW »

This second edition of Cisco ISE for BYOD and Secure Unified Accesscontains more than eight brand-new chapters as well as extensively updated coverage of all the previous topics in the first edition book to reflect the latest technologies, features, and best practices of the ISE solution. It begins by reviewing today's business case for identity solutions. Next, you walk through ISE foundational topics and ISE design. Then you explore how to build an access security policy using the building blocks of ISE. Next are the in-depth and advanced ISE configuration sections, followed by the troubleshooting and monitoring chapters. Finally, we go in depth on the new TACACS+ device administration solution that is new to ISE and to this second edition.

Application Acceleration and WAN Optimization Fundamentals

Author: Ted Grevers Jr.,Joel Christner CCIE No. 15311

Publisher: Cisco Press

ISBN: 0133034755

Category: Computers

Page: 384

View: 9859

DOWNLOAD NOW »

IT organizations face pressure to increase productivity, improve application performance, support global collaboration, improve data protection, and minimize costs. In today’s WAN-centered environments, traditional LAN-oriented infrastructure approaches are insufficient to meet these goals. Application Acceleration and WAN Optimization Fundamentals introduces a better solution: integrating today’s new generation of accelerator solutions to efficiently and effectively scale networks beyond traditional capabilities while improving performance and minimizing costs through consolidation. Ted Grevers and Joel Christner begin by reviewing the challenges network professionals face in delivering applications to globally distributed workforces. You learn how accelerators are transforming application business models, enabling IT departments to centralize and consolidate resources while also delivering consistently superior performance. Grevers and Christner show how to identify network consumers, prioritize traffic, and guarantee appropriate throughput and response times to business-critical applications. You learn how to use quality of service techniques such as packet classification and marking and traffic policing, queuing, scheduling, and shaping. Next, you compare options for integrating accelerators and optimization services into your network and for optimizing content delivery. The authors show how to address application protocol-related performance problems that cannot be resolved through compression or flow optimization alone. In the final chapter, the authors walk you through several real-world scenarios for utilizing accelerator technology. Ted Grevers, Jr., is the solution manager for the Cisco® Video IPTV Systems Test and Architecture (C-VISTA) team. He has extensive experience in the content delivery network (CDN) market, focusing on enterprise and service provider content delivery and application optimization needs. Joel Christner, CCIE® No. 15311, is the manager of technical marketing for the Cisco Application Delivery Business Unit (ADBU). He has extensive experience with application protocols, acceleration technologies, LAN/WAN infrastructure, and storage networking. Grevers and Christner are key contributors to the design and architecture of Cisco application delivery and application acceleration solutions. Provide high-performance access to remote data, content, video, rich media, and applications Understand how accelerators can improve network performance and minimize bandwidth consumption Use NetFlow to baseline application requirements and network utilization Ensure network resources are allocated based on business priorities Identify performance barriers arising from networks, protocols, operating systems, hardware, file systems, and applications Employ application-specific acceleration components to mitigate the negative impact of latency and bandwidth consumption Integrate content delivery networks (CDN) to centrally manage the acquisition, security, and distribution of content to remote locations Leverage WAN optimization technologies to improve application throughput, mitigate the impact of latency and loss, and minimize bandwidth consumption Optimize the performance of WANs and business-critical WAN applications This book is part of the Cisco Press® Fundamentals Series. Books in this series introduce networking professionals to new networking technologies, covering network topologies, sample deployment concepts, protocols, and management techniques. Category: Cisco Press/Networking Covers: Network Optimization

Cisco Digital Network Architecture

Author: Tim Szigeti,Simone Arena,David Zacks,Matthias Falkner

Publisher: Networking Technology

ISBN: 9781587147050

Category: Computers

Page: 600

View: 5839

DOWNLOAD NOW »

This guide systematically introduces Cisco's Digital Network Architecture (DNA), the enterprise network architecture for the next decade. Combining indispensable new insider information with content previously scattered through multiple technical documents, Cisco Digital Network Architecture combines technical depth, coherence, and comprehensiveness. This "living book" will be supported with regular online updates at a Cisco Press DNA website, offering a single authoritative source for everyone involved with DNA planning, implementation, and operation. Authored by insiders responsible for helping Cisco's largest customers succeed with DNA, it: Addresses emerging trends now driving business transformation Explains why networks must become radically more intelligent, flexible, and adaptable Shows how DNA empowers businesses by coherently integrating virtualization, automation, analytics, and cloud services. Authoritative and fully up-to-date, Cisco Digital Network Architecture will help technical professionals, decision-makers, and consultants prepare to drive maximum value from next-generation networking.

Security Operations Center

Building, Operating, and Maintaining your SOC

Author: Joseph Muniz,Gary McIntyre,Nadhem AlFardan

Publisher: Cisco Press

ISBN: 013405203X

Category: Computers

Page: 448

View: 7014

DOWNLOAD NOW »

Security Operations Center Building, Operating, and Maintaining Your SOC The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC) Security Operations Center is the complete guide to building, operating, and managing Security Operations Centers in any environment. Drawing on experience with hundreds of customers ranging from Fortune 500 enterprises to large military organizations, three leading experts thoroughly review each SOC model, including virtual SOCs. You’ll learn how to select the right strategic option for your organization, and then plan and execute the strategy you’ve chosen. Security Operations Center walks you through every phase required to establish and run an effective SOC, including all significant people, process, and technology capabilities. The authors assess SOC technologies, strategy, infrastructure, governance, planning, implementation, and more. They take a holistic approach considering various commercial and open-source tools found in modern SOCs. This best-practice guide is written for anybody interested in learning how to develop, manage, or improve a SOC. A background in network security, management, and operations will be helpful but is not required. It is also an indispensable resource for anyone preparing for the Cisco SCYBER exam. · Review high-level issues, such as vulnerability and risk management, threat intelligence, digital investigation, and data collection/analysis · Understand the technical components of a modern SOC · Assess the current state of your SOC and identify areas of improvement · Plan SOC strategy, mission, functions, and services · Design and build out SOC infrastructure, from facilities and networks to systems, storage, and physical security · Collect and successfully analyze security data · Establish an effective vulnerability management practice · Organize incident response teams and measure their performance · Define an optimal governance and staffing model · Develop a practical SOC handbook that people can actually use · Prepare SOC to go live, with comprehensive transition plans · React quickly and collaboratively to security incidents · Implement best practice security operations, including continuous enhancement and improvement

SSFIPS Securing Cisco Networks with Sourcefire Intrusion Prevention System Study Guide

Exam 500-285

Author: Todd Lammle,Alex Tatistcheff,John Gay

Publisher: John Wiley & Sons

ISBN: 1119155045

Category: Computers

Page: 432

View: 5728

DOWNLOAD NOW »

Up the ante on your FirePOWER with Advanced FireSIGHT Administration exam prep Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285, provides 100% coverage of the FirePOWER with Advanced FireSIGHT Administration exam objectives. With clear and concise information regarding crucial next-generation network security topics, this comprehensive guide includes practical examples and insights drawn from real-world experience, exam highlights, and end of chapter reviews. Learn key exam topics and powerful features of the Cisco FirePOWER Services, including FireSIGHT Management Center, in-depth event analysis, IPS tuning and configuration, and snort rules language. Gain access to Sybex's superior online learning environment that includes practice questions, flashcards, and interactive glossary of terms. Use and configure next-generation Cisco FirePOWER services, including application control, firewall, and routing and switching capabilities Understand how to accurately tune your systems to improve performance and network intelligence while leveraging powerful tools for more efficient event analysis Complete hands-on labs to reinforce key concepts and prepare you for the practical applications portion of the examination Access Sybex's online interactive learning environment and test bank, which includes an assessment test, chapter tests, bonus practice exam questions, electronic flashcards, and a searchable glossary Securing Cisco Networks with Sourcefire IPS Study Guide, Exam 500-285 provides you with the information you need to prepare for the FirePOWER with Advanced FireSIGHT Administration examination.

Securing Cisco IP Telephony Networks

Author: Akhil Behl

Publisher: Cisco Press

ISBN: 0132731061

Category: Computers

Page: 696

View: 2490

DOWNLOAD NOW »

The real-world guide to securing Cisco-based IP telephony applications, devices, and networks Cisco IP telephony leverages converged networks to dramatically reduce TCO and improve ROI. However, its critical importance to business communications and deep integration with enterprise IP networks make it susceptible to attacks that legacy telecom systems did not face. Now, there’s a comprehensive guide to securing the IP telephony components that ride atop data network infrastructures–and thereby providing IP telephony services that are safer, more resilient, more stable, and more scalable. Securing Cisco IP Telephony Networks provides comprehensive, up-to-date details for securing Cisco IP telephony equipment, underlying infrastructure, and telephony applications. Drawing on ten years of experience, senior network consultant Akhil Behl offers a complete security framework for use in any Cisco IP telephony environment. You’ll find best practices and detailed configuration examples for securing Cisco Unified Communications Manager (CUCM), Cisco Unity/Unity Connection, Cisco Unified Presence, Cisco Voice Gateways, Cisco IP Telephony Endpoints, and many other Cisco IP Telephony applications. The book showcases easy-to-follow Cisco IP Telephony applications and network security-centric examples in every chapter. This guide is invaluable to every technical professional and IT decision-maker concerned with securing Cisco IP telephony networks, including network engineers, administrators, architects, managers, security analysts, IT directors, and consultants. Recognize vulnerabilities caused by IP network integration, as well as VoIP’s unique security requirements Discover how hackers target IP telephony networks and proactively protect against each facet of their attacks Implement a flexible, proven methodology for end-to-end Cisco IP Telephony security Use a layered (defense-in-depth) approach that builds on underlying network security design Secure CUCM, Cisco Unity/Unity Connection, CUPS, CUCM Express, and Cisco Unity Express platforms against internal and external threats Establish physical security, Layer 2 and Layer 3 security, and Cisco ASA-based perimeter security Complete coverage of Cisco IP Telephony encryption and authentication fundamentals Configure Cisco IOS Voice Gateways to help prevent toll fraud and deter attacks Secure Cisco Voice Gatekeepers and Cisco Unified Border Element (CUBE) against rogue endpoints and other attack vectors Secure Cisco IP telephony endpoints–Cisco Unified IP Phones (wired, wireless, and soft phone) from malicious insiders and external threats This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity.

PKI Uncovered

Certificate-Based Security Solutions for Next-Generation Networks

Author: Andre Karamanian,Francois Dessart,Srinivas Tenneti

Publisher: Pearson Education

ISBN: 9781587059308

Category: Computers

Page: 500

View: 6424

DOWNLOAD NOW »

The only complete guide to designing, implementing, and supporting state-of-the-art certificate-based identity solutions with PKI Layered approach is designed to help readers with widely diverse backgrounds quickly learn what they need to know Covers the entire PKI project lifecycle, making complex PKI architectures simple to understand and deploy Brings together theory and practice, including on-the-ground implementers' knowledge, insights, best practices, design choices, and troubleshooting details PKI Uncovered brings together all the techniques IT and security professionals need to apply PKI in any environment, no matter how complex or sophisticated. At the same time, it will help them gain a deep understanding of the foundations of certificate-based identity management. Its layered and modular approach helps readers quickly get the information they need to efficiently plan, design, deploy, manage, or troubleshoot any PKI environment. The authors begin by presenting the foundations of PKI, giving readers the theoretical background they need to understand its mechanisms. Next, they move to high-level design considerations, guiding readers in making the choices most suitable for their own environments. The authors share best practices and experiences drawn from production customer deployments of all types. They organize a series of design "modules" into hierarchical models which are then applied to comprehensive solutions. Readers will be introduced to the use of PKI in multiple environments, including Cisco router-based DMVPN, ASA, and 802.1X. The authors also cover recent innovations such as Cisco GET VPN. Throughout, troubleshooting sections help ensure smooth deployments and give readers an even deeper "under-the-hood" understanding of their implementations.

Cisco Intelligent WAN (IWAN)

Author: Brad Edgeworth,David Prall,Jean Marc Barozet,Anthony Lockhart,Nir Ben-Dvora

Publisher: Cisco Press

ISBN: 0134423739

Category: Computers

Page: 740

View: 9228

DOWNLOAD NOW »

The complete guide to Cisco® IWAN: features, benefits, planning, and deployment Using Cisco Intelligent WAN (IWAN), businesses can deliver an uncompromised experience, security, and reliability to branch offices over any connection. Cisco IWAN simplifies WAN design, improves network responsiveness, and accelerates deployment of new services. Now, there’s an authoritative single-source guide to Cisco IWAN: all you need to understand it, design it, and deploy it for maximum value. In Cisco Intelligent WAN (IWAN), leading Cisco experts cover all key IWAN technologies and components, addressing issues ranging from visibility and provisioning to troubleshooting and optimization. They offer extensive practical guidance on migrating to IWAN from your existing WAN infrastructure. This guide will be indispensable for all experienced network professionals who support WANs, are deploying Cisco IWAN solutions, or use related technologies such as DMVPN or PfR. Deploy Hybrid WAN connectivity to increase WAN capacity and improve application performance Overlay DMVPN on WAN transport to simplify operations, gain transport independence, and improve VPN scalability Secure DMVPN tunnels and IWAN routers Use Application Recognition to support QoS, Performance Routing (PfR), and application visibility Improve application delivery and WAN efficiency via PfR Monitor hub, transit, and branch sites, traffic classes, and channels Add application-level visibility and per-application monitoring to IWAN routers Overcome latency and bandwidth inefficiencies that limit application performance Use Cisco WAAS to customize each location’s optimizations, application accelerations, and virtualization Smoothly integrate Cisco WAAS into branch office network infrastructure Ensure appropriate WAN application responsiveness and experience Improve SaaS application performance with Direct Internet Access (DIA) Perform pre-migration tasks, and prepare your current WAN for IWAN Migrate current point-to-point and multipoint technologies to IWAN