Request full copy

Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Segmentation, Context Sharing, Secure Connectivity and Virtualization, 1st edition

Published by Cisco Press (April 6, 2019) © 2019

  • Aaron Woland
  • Vivek Santuka
  • Jamie Sanbower
  • Chad Mitchell

eTextbook

from$76.99

  • Available for purchase from all major ebook resellers, including InformIT.com.
  • To request a review copy, click on the "Request a Review Copy" button.
$63.99

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

Integrated Security Technologies and Solutions — Volume II brings together more expert-level instruction in security design, deployment, integration, and support. It will help students prepare for their CCIE Security written and lab exams.


Volume II focuses on the Cisco Identity Services Engine, Context Sharing, TrustSec, Application Programming Interfaces (APIs), Secure Connectivity with VPNs, and the virtualization and automation sections of the CCIE v5 blueprint. Like Volume I, its strong focus on interproduct integration will help students combine formerly disparate systems into seamless, coherent, next-generation security solutions.

Part of the Cisco CCIE Professional Development Series from Cisco Press, it is authored by a team of CCIEs who are world-class experts in their Cisco security disciplines, including co-creators of the CCIE Security v5 blueprint. Each chapter starts with relevant theory, presents configuration examples and applications, and concludes with practical troubleshooting.

  • Second of two volumes: Volume 2 focuses on identity, context sharing, encryption, secure connectivity and virtualization security
  • Discover how ACS, ISE, pxGrid, WSA, FMC, WLC, ASA/FTD, ACI, APIC-EM, VSG, and related technologies integrate, and help you safeguard your network
  • Includes verification and troubleshooting sections for each topic, designed specifically to help you prepare for the CCIE Security lab exam

What is a VitalSource eTextbook?

The full text downloaded to your computer.

With VitalSource eTextbooks you can:

  • search for key concepts, words and phrases
  • make highlights and notes as you study
  • share your notes with friends

eTextbooks are downloaded to your computer and accessible either offline through the Bookshelf (available as a free download), available online and also via the iPad and Android apps.

Upon purchase, you'll gain instant access.

    Introduction xix
Part I Knock, Knock! Who’s There? 1
Chapter 1 Who and What: AAA Basics 3
    Fundamentals of AAA 3
    Understanding the Concept of Triple-A in the Real World 4
    Compare and Select AAA Options 4
    TACACS+ 7
    RADIUS 12
    Comparing RADIUS and TACACS+ 15
    Summary 16
Chapter 2 Basic Network Access Control 17
    What Is Cisco ISE? 17
    ISE Architecture for Network Access AAA 18
    Configuring ISE for Single/Standalone and Multinode Deployments 23
    ISE Configuration for Network Access 32
    802.1X and Beyond 54
    Configuring Wired Network Access with ISE 71
    Configuring Wireless Network Access with ISE 115
    Verifying Dot1X and MAB 140
    Summary 148
Chapter 3 Beyond Basic Network Access Control 149
    Profiling with ISE 149
    ISE Profiler and CoA 175
    Profiles in Authorization Policies 178
    Passive Identities and EasyConnect 180
    Summary 191
Chapter 4 Extending Network Access with ISE 193
    Get Ready, Get Set, Prerequisites 194
    BYOD Onboarding with ISE 197
    MDM Onboarding and Enforcement with ISE 236
    Posture Assessment and Remediation with ISE 244
    Guest Access with ISE 265
    TrustSec with ISE 287
    Summary 306
Chapter 5 Device Administration Control with ISE 307
    The Case for Centralized AAA 307
    RADIUS Versus TACACS+ for Device Administration 308
    Using TACACS+ for Device Administration 309
    Using RADIUS for Device Administration 343
    Summary 352
Part II Spread the Love! 353
Chapter 6 Sharing the Context 355
    The Many Integration Types of the Ecosystem 356
    pxGrid in Depth 361
    Summary 406
Chapter 7 APIs in Cisco Security 407
    APIs 101 407
    Firepower Management Center APIs 413
    Identity Services Engine APIs 424
    Advanced Malware Protection APIs 428
    Threat Grid APIs 433
    Umbrella APIs 435
    Summary 437
    References 437
Part III c2889775343d1ed91b 439
Chapter 8 Security Connectivity 441
    Hashing, Ciphers, Cryptography, and PKI 441
    Virtual Private Networks 461
    Layer 2 Encryption: IEEE 802.1AE/MACsec 470
    Summary 474
    References 474
Chapter 9 Infrastructure VPN 477
    IPsec with IKEv1 478
    IPsec with IKEv2 484
    EzVPN 492
    DMVPN 500
    FlexVPN 514
    GETVPN 532
    Summary 541
    References 541
Chapter 10 Remote Access VPN 543
    Remote Access VPN Overview 543
    Cisco AnyConnect Secure Mobility Client 546
    Client-Based Remote Access VPN 554
    Clientless Remote Access VPN 586
    Summary 595
    References 595
Part IV The Red Pill 597
Chapter 11 Security Virtualization and Automation 599
    Cisco Virtual Solutions and Server Virtualization 599
    Virtualization and Automation Solutions 602
    Summary 613
    References 614
97815877147074, TOC, 2/28/19

Aaron Woland, CCIE® No. 20113, is a principal engineer in Cisco’s Advanced Threat Security group and works with Cisco’s largest customers all over the world. His primary job responsibilities include security design, solution enhancements, standards development, advanced threat solution design, endpoint security, and futures.


Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards and standards body working groups. Prior to joining Cisco, Aaron spent 12 years as a consultant and technical trainer.

Aaron’s other publications include Integrated Security Technologies and Solutions - Volume I; both editions of Cisco ISE for BYOD and Secure Unified Access; Cisco Next- Generation Security Solutions: All-in-one Cisco ASA FirePOWER Services, NGIPS and AMP; CCNP Security SISAS 300-208 Official Cert Guide; the CCNA Security 210-260 Complete Video Course; and many published white papers and design guides.


Aaron is one of only five inaugural members of the Hall of Fame Elite for Distinguished Speakers at Cisco Live, and he is a security columnist for Network World, where he blogs on all things related to security. His other certifications include GHIC, GCFE, GSEC, CEH, MCSE, VCP, CCSP, CCNP, and CCDP, among others.

You can follow Aaron on Twitter: @aaronwoland.


Vivek Santuka, CCIE® No. 17621, is a consulting systems engineer at Cisco and is a security consultant to some of Cisco’s largest customers. He has over 13 years of experience in security, focusing on identity management and access control. Vivek is a member of multiple technical advisory groups.

Vivek holds two CCIE certifications: Security and Routing and Switching. In addition, he holds RHCE and CISSP certifications and is a Distinguished Speaker at Cisco Live.


Vivek is also the coauthor of the Cisco Press books AAA Identity Management Security and Integrated Security Technologies and Solutions – Volume I.

You can follow Vivek on Twitter: @vsantuka.


Jamie Sanbower, CCIE® No. 13637 (Routing and Switching, Security, and Wireless), is a principal systems engineer for Cisco’s Global Security Architecture Team. Jamie has been with Cisco since 2010 and is currently a technical leader and member of numerous advisory and working groups.

With over 15 years of technical experience in the networking and security industry, Jamie has developed, designed, implemented, and operated enterprise network and security solutions for a wide variety of large clients. He is coauthor of the Cisco Press book Integrated Security Technologies and Solutions - Volume I.


Jamie is a dynamic presenter and is a Cisco Live Distinguished Speaker. Prior to Cisco, Jamie had various roles, including director of a cyber security practice, senior security consultant, and senior network engineer.

Chad Mitchell, CCIE® No. 44090, is a technical solutions architect at Cisco supporting the Department of Defense and supporting agencies. In his daily role, he supports the sales teams as a technical resource for all Cisco security products and serves as the Identity Services Engine subject matter expert for Cisco’s US Public Sector team.


Chad has been with Cisco since 2013 supporting the DoD and other customers and is a contributing member to the Policy & Access Technical Advisors Group. Prior to joining Cisco, Chad spent 7 years as a deployment engineer and systems administrator implementing Cisco security products for customers.

While his primary area of expertise is enterprise network access control with ISE, Chad is well versed on all Cisco security solutions such as ASA firewalls, Firepower NGFW/IPS/IDS, and Stealthwatch, to name a few; he also has first-hand experience deploying these solutions in customer production environments.


Chad’s other certifications include CCDA, CCNP, Network+, Security+, and many other industry certifications.

Need help? Get in touch

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable upon changing cookie preferences. Disabling cookies may affect video functionality. More info...

Video transcript (PDF | 16KB) 

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle. 

Digital Learning NOW

Extend your professional development and meet your students where they are with free weekly Digital Learning NOW webinars. Attend live, watch on-demand, or listen at your leisure to expand your teaching strategies. Earn digital professional development badges for attending a live session.

Explore webinars