0 artiklar | 0,00
Go

Startsida | Kurser & Certifieringar


Implementing Cisco NAC Appliance 4.8 Plus Profiler

Kurskod: NAC PLUS
Längd: 5
Pris: 28 900,00kr (exkl moms)

Addera till dina favoriter | Skriv ut
Sammanfattning 

Gain the real-world skills and knowledge you need to deploy and successfully maintain Cisco NAC Appliances in this course. You won't find another NAC course with this level of exclusive and enhanced content. We took Cisco's standard course material, built on the version 4.0 software, and completely re-wrote and re-organized it. We updated it to use version 4.8 software, and we added coverage of Cisco Profiler. We expanded our exclusive labs, adding more content and taking the standard course from just three days to a content-packed five days. You'll train for four days on the NAC Appliance, followed by a full day on the Cisco Profiler.


Enhancements you'll find only in our course include:


Updated Student Guide material, with NAC version 4.8 screen shots and content


Feature-enhancement discussions, including out-of-band (OOB) logoff, Passive Re-Assessment, and external authentication for management sessions


Log data and configuration file locations on CLI


Real-world ASA SSL VPN scenarios


Detailed certificate discussions surrounding HA and using a Microsoft CA


NAC Appliance Agent (NAA) version 4.8


Client configuration file using XML without the older registry settings


NAC Profiler discussion providing an overview and covering setup and HA


Förkunskaper


Kursdatum

augusti
13 aug - 17 aug, 2012StockholmLägg till korg





    Mer information

    Cisco Systems offers two solutions for Network Admissions Control: NAC Appliance and NAC Framework. NAC PLUS is right for you if your NAC solution includes the following elements:


    NAC Appliance Manager (NAM)


    NAC Appliance Server (NAS)


    Cisco Catalyst Switches using OOB access


    Cisco ASA/PIX Firewalls (without configuring NAC commands)


    Profiler Deployments

    • Given client network security requirements, how a NAC Appliance deployment scenario will meet or exceed those expectations
    • Configure the common elements of a NAC Appliance solution
    • Configure Active Directory Single Sign-On (AD SSO)
    • Configure VPN Single Sign-On using an ASA with the standard IPSec client and the AnyConnect 3.0 client (SSL)
    • Configure the NAC Appliance in-band and OOB implementation options
    • Implement the NAM and NAS High Availability to protect against downtime
    • Configure Network Scanning to audit clients and clientless hosts
    • Configure compliance checking using manual and automated settings in version 4.8 of code
    • Learn the elements of code signing applications needed for remediation
    • Create custom web page portals based on the location of clients
    • Allow Active Directory (AD) LDAP Authorization to map AD groups to NAC Appliance Roles
    • Walk through and configure three different network topologies: in-band, VPN in-band, and OOB
    • See for yourself the privilege rights needed for installing the Cisco NAA customizing client XML settings
    • Learn to monitor, maintain, and troubleshoot a NAC solution
    • NAC Profiler overview, design, and deployment

    Cisco NAC Appliance Solution (NAS)

    1. Cisco Self-Defending Networks

    • Changing Security Landscape
    • Cisco Host-Protection Strategy
    • Cisco SDN Initiative
    • Trust and Identity
    • Cisco NAC Products

    2. Cisco NAC Appliance

    • Cisco NAC Appliance Solution
    • Features and Components
    • Compliance Scenarios
    • Deployment Options
    • Configuration Overview
    • User Interface

    3. Cisco NAC Appliance Deployment Options

    • Out-of-Band (OOB) Deployment
    • In-Band Deployment
    • Deployment Options Comparison
    • NAS Operating Modes
    • Virtual vs. Real-IP Gateways
    • Layer 2 vs. Layer 3

    NAC Appliance Implementation

    4. Configure User Roles

    • What a User Role Is
    • Create User Roles
    • Define and Configure Traffic Policies for User Roles• Create Local User Accounts
    • 5. Implement Cisco NAC Appliance In-Band Deployment
    • In-Band Process Flow
    • In-Band Deployment Configurations
    • Configure the Cisco NAS for In-Band Deployment
    • Add the Cisco NAS to the Managed Domain
    • Configure Cisco NAS Interfaces
    • Add Managed Subnets
    • Configure Cisco NAS VLAN Settings

    6. Configure NAM High Availability (HA)

    • HA for Cisco NAMs
    • Establish a Serial Connection Between Managers
    • Digital Certificate Requirements
    • Configure the Primary and Standby Cisco NAMs

    7. Configure Cisco NAS HA

    • HA for NAS
    • Implementation Considerations
    • Digital Certificate Requirements
    • Configure the Primary and Standby NAS
    • Complete the Standby NAS HA Configuration
    • Test the NAS HA Configuration
    • Configure DHCP Failover

    8. Configure External Authentication

    • Configure External Authentication Providers
    • Authenticate Cisco NAC Appliance Users
      • Kerberos
      • RADIUS
      • LDAP
      • NT Domain
    • Map Users to User Roles
    • Test User Authentication
    • Configure RADIUS Accounting for Users
    • Add Custom RADIUS Attributes

    9. Implement Windows AD SSO

    • Kerberos Ticket Exchange
    • Confirming a NAS Ticket
    • Communications Between the NAS and Active Directory
    • AD SSO Configuration Checklist
    • TCP and UDP Ports Required for AD SSO
    • Configure the NAS for AD SSO
    • Install Support Tools for Windows 2000 or 2003 Server
    • Configure the Domain Controller with ktpass.exe

    10. Implement Virtual Private Network Single Sign-On (VPN SSO)

    • Configuration Checklist
    • Configure a Traffic Filter
    • Add VPN Authentication Server to NAM
    • Map VPN Users to Roles on NAM
    • Enable VPN SSO on the NAS
    • Adding a VPN Device to the NAS
    • Configure RADIUS Accounting
    • Configure the VPN Gateway as a Floating Device
    • Test VPN SSO

    11. Implement Cisco NAC Appliance OOB Deployment

    • OOB Process Flow
    • OOB Deployment Considerations
    • Layer 2 Central and Edge Deployment
    • Layer 3 Virtual Gateway and Real-IP Gateway
    • Layer 2 and 3 Clientless Host Options
    • Cisco NAC Appliance OOB vs. In-Band Setup
    • Implement Cisco NAS OOB Operating Modes

    12. Manage Switches

    • Implement Switch Management
    • Configure the Network for OOB Deployment
    • Configure Group, Switch, and Port Profiles
    • Configure Port Profiles Adding Switches to the Managed Domain
    • • Configuring SNMP Advanced Settings
    • • Configure Switch Ports to Use Port Profiles
    • • Manage Switch Configuration Settings

    NAC Appliance Implementation Options

    13. Implement Cisco NAC Appliance on a Network

    • General Setup Tab
    • User Pages
    • Configure Cisco NAA Support
    • Manage Certified Devices
    • Device Exemption
    • Viewing User Reports

    14. Implement Network Scanning

    • Configure the Quarantine Role
    • Implement Nessus Plug-Ins
    • Test a Scanning Configuration
    • Customize the User Agreement Page
    • View Scan Reports

    15. Configure the NAM to Implement Cisco NAA on User Devices

    • Retrieve Updates
    • Require the Use of the Cisco NAA
    • Configure the Cisco NAA Temporary Role
    • Introduce and Create Checks, Rules, and Requirements
    • Map Requirements to Rules and Roles

    16. Configure DHCP

    • Cisco NAS DHCP Modes
    • Enable the DHCP Module
    • Configure IP Ranges (IP Address Pools)
    • Work with Subnets
    • Reserve IP Addresses
    • Configure User-Specified DHCP Options

    NAC Appliance Monitoring and Administration

    17. Monitor a Cisco NAC Appliance Deployment

    • Cisco NAC Appliance Monitoring
    • Monitor Online Users
    • Monitor NAS Health Event Logs
    • Configure Basic SNMP Support
    • Configure Syslog Support

    18. Administer Cisco NAM

    • Define the Cisco NAM Administration Module
    • Set Network and Failover Parameters
    • Manage Administration Groups and Users
    • Manage User Passwords
    • Administer the System Time
    • Manage SSL Certificates
    • Manage the Cisco NAC Appliance Software
    • Protect Your NAM Configuration

    NAC Profiler

    19. NAC Profiler Fundamentals

    • Cisco Profiler Solution
    • Components
    • Use Cases
    • Management Interface
    • Features and Profiling Options

    20. Deploying NAC Profiler

    • Deployment Options
    • Active Collections
    • Endpoint Discovery Fundamentals
    • NAC and LDAP Integration
    • Profiler Events
    • High Availability

    Labs

    Lab 1: Remote Lab Familiarization

    • Log in to the remote lab environment
    • Launch and log in to the remote lab virtual PCs
    • Set time zone on remote lab virtual PCs
    • Log in to and manage remote lab equipment

    Lab 2: Bootstrap Primary NAM and NAS

    • Run setup scripts on NAM and NAS
    • Log in to the web administration environment
    • View a common routing issue for the hosts on the same subnet as the NAS
    • See newer password enhancements in 4.5 software code

    Lab 3: Configuring User Roles and Traffic Policies

    • Configure default user web pages based upon where they are coming from
    • Create user roles on the NAM
    • Create traffic policies that map to each user role
    • Configure new users in the local database

    Lab 4: Configure NAS In-Band Virtual Gateway

    • Connect an in-band NAS to the NAM
    • Configure NAS as virtual gateway
    • Configure VLAN mapping
    • Install the NAA for the first time and determine the rights needed
    • Install the stub installed
    • Use the web agent to scan an outside user's PC that does not have local admin rights

    Lab 5: Create a High Availability NAM Cluster

    • Configure the secondary NAM
    • Confirm connectivity between primary and secondary NAM
    • Export the private key and SSL certificate of the primary NAM
    • Import the private key and SSL certificate into the secondary NAM
    • Configure network and failover settings on primary and secondary NAM
    • Verify NAM database synchronization
    • Test failover

    Lab 6: Configuring Active Directory Single Sign-On (AD SSO)

    • Add AD SSO authentication server
    • Configure traffic policies for the unauthenticated role
    • Enable the NAS to use AD SSO
    • Use ktpass.exe to prepare the domain controller
    • Enable and test agent-based AD SSO
    • Lab 7: Enhanced SSO with LDAP Group Authorization
    • Configure an LDAP lookup server
    • Configure authorized groups in Active Directory (AD)
    • Associate the lookup server with an authentication provider
    • Test the solution

    Lab 8: Configuring VPN Remote Access

    • Configure the ASA as a filter device
    • Configure NAC Appliance to use an ASA 5520 as a floating device
    • Add VPN authentication server to the NAM
    • Map VPN users to roles for SSO
    • Add a RADIUS accounting server to the NAS
    • Map the ASA 5520 to the accounting server
    • • Configure VLAN mappings to allow internet access through the NAS
    • • Modify IP filters to allow returning internet traffic back through
    • • Test VPN SSO
    • Lab 9: Configuring NAC VPN SSO
    • Configure the ASA to communicate with the RADIUS and accounting server
    • Adjust traffic filters for additional VPN address pools
    • Use framed IP-address fields in the accounting packet to map VPN users to NAC appliance roles
    • Use Kiwi CatTools to load ASA version 8.x Code and the AnyConnect client config
    • Test VPN SSO

    Lab 10: Configure Switch for Out-of-Band (OOB)Operation

    • Delete the In-Band NAS from the NAM
    • Reconfigure the NAS as OOB virtual gateway
    • Configure VLAN mapping
    • Verify switch SNMP configuration
    • Configure group and switch profiles
    • Configure the NAM as an SNMP trap receiver
    • Add switches and configure ports on the NAM
    • Passive Re-Assessment
    • Examine reporting

    Lab 11: Configuring the NAC Appliance Agent (NAA) for Specific Threats

    • Configure the general setup for NAA
    • Allow DNS packets to your network in the temporary role
    • Create checks and rules
    • Create a new requirement for users
    • Associate the requirement to a role
    • Remediation types and appropriate rights for each
      • AV check and file distribution
      • Local application launch
      • Code signing requirements
    • Compare manual and automatic remediation
    • Verify the configuration

    Lab 12: Bootstrapping Profiler

    • Configure Profiler with basic settings
    • Configure NAC integration
    • Collector setup
    • Network device collection

    Lab 13: Profiling the Network

    • Active profiling
    • Profile reporting

    Lab 14: Profiler HA

    • Set up HA using a pair of profiler managers


    Recommend this page  

    Copyright © 2012 Global Knowledge Network Sweden AB. Registrerat i Sverige med org.nr. 556526-6458. Momsreg.nr: SE556526645801.
    Webbkarta, Tillgänglighetspolicy, Privacy Policy, Allmänna villkor, Juridisk Information.
    RSS. (Srv: 220)