Integrated Security Technologies and Solutions - Volume II: Cisco Security Solutions for Network Access Control, Segmentation, Context Sharing, Secure

The essential reference for security pros and CCIE Security candidates: identity, context sharing, encryption, secure connectivity and virtualization

Integrated Security Technologies and Solutions - Volume II brings together more expert-level instruction in security design, deployment, integration, and support. It will help experienced security and network professionals manage complex solutions, succeed in their day-to-day jobs, and prepare for their CCIE Security written and lab exams.

Volume II focuses on the Cisco Identity Services Engine, Context Sharing, TrustSec, Application Programming Interfaces (APIs), Secure Connectivity with VPNs, and the virtualization and automation sections of the CCIE v5 blueprint. Like Volume I, its strong focus on interproduct integration will help you combine formerly disparate systems into seamless, coherent, next-generation security solutions.

Part of the Cisco CCIE Professional Development Series from Cisco Press, it is authored by a team of CCIEs who are world-class experts in their Cisco security disciplines, including co-creators of the CCIE Security v5 blueprint. Each chapter starts with relevant theory, presents configuration examples and applications, and concludes with practical troubleshooting.

• Review the essentials of Authentication, Authorization, and Accounting (AAA)
• Explore the RADIUS and TACACS+ AAA protocols, and administer devices with them
• Enforce basic network access control with the Cisco Identity Services Engine (ISE)
• Implement sophisticated ISE profiling, EzConnect, and Passive Identity features
• Extend network access with BYOD support, MDM integration, Posture Validation, and Guest Services
• Safely share context with ISE, and implement pxGrid and Rapid Threat Containment
• Integrate ISE with Cisco FMC, WSA, and other devices
• Leverage Cisco Security APIs to increase control and flexibility
• Review Virtual Private Network (VPN) concepts and types
• Understand and deploy Infrastructure VPNs and Remote Access VPNs
• Virtualize leading Cisco Security products
• Make the most of Virtual Security Gateway (VSG), Network Function Virtualization (NFV), and microsegmentation
  

Aaron Woland, CCIE(R) No. 20113, is a principal engineer in Cisco’s Advanced Threat Security group and works with Cisco’s largest customers all over the world. His primary job responsibilities include security design, solution enhancements, standards development, advanced threat solution design, endpoint security, and futures.

Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards and standards body working groups. Prior to joining Cisco, Aaron spent 12 years as a consultant and technical trainer.

Aaron’s other publications include Integrated Security Technologies and Solutions - Volume I; both editions of Cisco ISE for BYOD and Secure Unified Access; Cisco Next- Generation Security Solutions: All-in-one Cisco ASA FirePOWER Services, NGIPS and AMP; CCNP Security SISAS 300-208 Official Cert Guide; the CCNA Security 210-260 Complete Video Course; and many published white papers and design guides.

Aaron is one of only five inaugural members of the Hall of Fame Elite for Distinguished Speakers at Cisco Live, and he is a security columnist for Network World, where he blogs on all things related to security. His other certifications include GHIC, GCFE, GSEC, CEH, MCSE, VCP, CCSP, CCNP, and CCDP, among others.

You can follow Aaron on Twitter: @aaronwoland.

Vivek Santuka, CCIE(R) No. 17621, is a consulting systems engineer at Cisco and is a security consultant to some of Cisco’s largest customers. He has over 13 years of experience in security, focusing on identity management and access control. Vivek is a member of multiple technical advisory groups.

Vivek holds two CCIE certifications: Security and Routing and Switching. In addition, he holds RHCE and CISSP certifications and is a Distinguished Speaker at Cisco Live.

Vivek is also the coauthor of the Cisco Press books AAA Identity Management Security and Integrated Security Technologies and Solutions - Volume I.

You can follow Vivek on Twitter: @vsantuka.

Jamie Sanbower, CCIE(R) No. 13637 (Routing and Switching, Security, and Wireless), is a principal systems engineer for Cisco’s Global Security Architecture Team. Jamie has been with Cisco since 2010 and is currently a technical leader and member of numerous advisory and working groups.

With over 15 years of technical experience in the networking and security industry, Jamie has developed, designed, implemented, and operated enterprise network and security solutions for a wide variety of large clients. He is coauthor of the Cisco Press book Integrated Security Technologies and Solutions - Volume I.

Jamie is a dynamic presenter and is a Cisco Live Distinguished Speaker. Prior to Cisco, Jamie had various roles, including director of a cyber security practice, senior security consultant, and senior network engineer.

Chad Mitchell, CCIE(R) No. 44090, is a technical solutions architect at Cisco supporting the Department of Defense and supporting agencies. In his daily role, he supports the sales teams as a technical resource for all Cisco security products and serves as the Identity Services Engine subject matter expert for Cisco’s US Public Sector team.

Chad has been with Cisco since 2013 supporting the DoD and other customers and is a contributing member to the Policy & Access Technical Advisors Group. Prior to joining Cisco, Chad spent 7 years as a deployment engineer and systems administrator implementing Cisco security products for customers.

While his primary area of expertise is enterprise network access control with ISE, Chad is well versed on all Cisco security solutions such as ASA firewalls, Firepower NGFW/IPS/IDS, and Stealthwatch, to name a few; he also has first-hand experience deploying these solutions in customer production environments.

Chad’s other certifications include CCDA, CCNP, Network+, Security+, and many other industry certifications.