• 100 Queen St W, Brampton, ON L6X 1A4, Canada
  • +1-800-961-0337
START DATE END DATE CLASS TIMINGS MODE LOCATION ACTION
11/12/2018 11/16/2018
  • VLT
Live Online

Securing Cisco Wireless Enterprise Networks (WISECURE v1.1)

Course Overview

To take part in the hands-on labs in this class, you have to carry a PC phone the accompanying:

  • Windows 7 or 8.1 or 10 is suggested. Macintosh OSX 10.6 or more noteworthy is bolstered also.
  • Intel Celeron or better processors are favored.
  • 1 GB or a greater amount of RAM
  • Program Requirements: Internet Explorer 10 or more prominent or Mozilla Firefox. (Safari and Mozilla Firefox for Mac OSX)
  • All understudies are required to have manager rights to their PCs and can't be signed in to an area utilizing any Group Policies that will constrain their machine's abilities.
  • On the off chance that you don't have chairman rights to your PC, you in any event require consents to download, introduce, and run Cisco Any Connect Client.
  • In the event that you are taking part in a WebEx occasion, it is very prescribed to take this class at an area that has data transfer capacity speeds at least 1 Mbps transmission capacity speeds.

Securing Cisco Wireless Enterprise Networks (WISECURE v1.1)

Course Outline

Module 1: Define Security Approaches in a Wi-Fi Design

  • Objective: Define security approaches in a Wi-Fi plan

Lesson 1: Defianing Security Areas in the Wi-Fi Design

  • Objective: Identify normal security issues affecting present day Wi-Fi plans
  • This lesson incorporates these subjects:
  • Security Challenges for IT Organizations
  • Objective: Summarize the basic security issues affecting current Wi-Fi outlines
  • Gadget Support
  • Security and Usage Policy
  • Gadget Visibility
  • Ensuring Corporate Data
  • Repudiate Access
  • IT Management Problems in a Post-PC Era
  • Present day Wi-Fi Security Concerns
  • Points of interest of a Comprehensive BYOD Approach
  • Move to BYOD: Device Diversity Is a Big IT Challenge
  • System Access: The Problem
  • How Might IT Control Access to the Network?
  • AAA Solution
  • Consistence Regulations
  • Patterns in Regulatory Compliance
  • Consistence Regulations
  • Information Breach Notification Goes Global
  • Requirement for a Security Policy
  • Security Policy Users
  • Segments of a Comprehensive Security Policy
  • Representing Policy
  • Specialized and End-User Policies
  • Norms, Guidelines, and Procedures
  • Security Policy Responsibilities
  • Security Awareness

Lesson 2: Describing Security Approaches in Wi-Fi Designs

  • Objective: Explore the numerous parts of characterizing a security engineering inside a Wi-Fi plan
  • This lesson incorporates these points:
  • Wi-Fi Network Security Objectives
  • Objective: Define the objectives of a security outline inside both wired and Wi-Fi conditions
  • Essential Security Assumptions
  • Essential Security Requirements
  • Hazard: Motivation Meets Opportunity
  • Advancement of Intent
  • Data Security Realities: Trends
  • Correspondence Security Challenges: Mobility, Emerging Threats, and Compliance
  • Approach Enforcement for Users and Devices
  • Objective: Explore the parts required to build up a run of the mill corporate client and gadget strategy
  • Cisco Lightweight Access Points
  • Remote Controller
  • Cisco ISE
  • Cisco Prime Infrastructure
  • Cisco ISE
  • Cisco ISE Technologies
  • Cisco ISE as a Policy Platform
  • Disentangled Onboarding for BYOD
  • Visitor Access Needs
  • Portray Network Access Challenges
  • Objective: Discuss run of the mill security challenges at the entrance point
  • Classifying Wireless Vulnerabilities
  • Maverick APs and Clients
  • Maverick APs (Malicious)
  • Foreswearing of Service
  • Over-the-Air Attacks
  • Web of Things
  • IoT Addressable Market Estimate: $26.9 Billion by 2016
  • Portray Security Architecture Design Principles
  • Objective: Explore normal security engineering outline standards and their effect on the Wi-Fi plan
  • What Is Defense in Depth?
  • 802.1X and EAP
  • Assurance of Management Frames
  • Visitor Access by means of Anchor Controller
  • Segment Functions in a wIPS Deployment
  • Executing AAA
  • Depict Secure Access Control
  • Objective: Provide a diagram of ideas and frameworks required to secure access control inside the Wi-Fi outline
  • Secure Access Solution Portfolio
  • Confirmation
  • Approval
  • Bookkeeping
  • Change of Authorization
  • Character Sources
  • Range
  • TACACS+
  • Depict Network Monitoring
  • Objective: Introduce the administration frameworks accessible inside the Cisco Wi-Fi condition that can be utilized amid outline, organization and activity
  • Cisco Prime Infrastructure Converged Approach
  • Cisco UWN Hierarchy
  • Cisco Prime Infrastructure Security Dashboard
  • Security Index
  • Rebel Monitoring
  • Alert Summary
  • Rebel Details
  • Cisco ISE Dashboard
  • Cisco ISE Dashboard Navigation
  • Cisco ISE Alarms
  • Cisco ISE Alarms: Misconfigured Network Device Detected

Module 2: Design and Deploy End Point and Client Security

  • Objective: Describe how to outline and convey end point and customer security

Lesson 1: Defining Endpoint and Client Standards and Features

  • Objective: Describe industry models and highlights related with secure portability and meandering
  • This lesson incorporates these subjects:
  • Portray Standards and Features
  • Objective: Describe the benchmarks and highlights
  • Confirmation
  • Confirming Devices versus Clients
  • Open Authentication
  • Encryption
  • Symmetric and Asymmetric Encryption
  • Individual Keys
  • Normal Keys
  • Lopsided Encryption Algorithms
  • Lopsided Confidentiality Process
  • Lopsided Authentication Process
  • Rivest, Shamir, and Adleman
  • Advanced Signature
  • RSA Digital Signatures
  • Put stock in Third Party
  • Put stock in Third-Party Protocols
  • Put stock in Third-Party Example
  • Testaments
  • X.509 Version 3
  • Open Key Infrastructure
  • PKI Terminology and Components
  • Confirmation Using Certificates
  • PKI in the WLAN
  • Utilizing PKI in the WLAN
  • Remote Threats
  • Remote IDS
  • IEEE 802.1X
  • IEEE 802.1X over Wireless
  • 802.1X, EAP, and the AAA Relationship
  • One of a kind Encryption Keys
  • EAP Process
  • EAP Frame Format
  • EAP-TLS Authentication Overview
  • EAP-TLS Trust Model
  • PKI with EAP-TLS
  • PEAP Authentication Overview
  • PEAP Session Key: Phase 1
  • PEAP Session Key: Phase 2
  • PEAP Deployment
  • EAP-FAST Authentication Overview
  • EAP-FAST PAC Creation
  • EAP-FAST Session Key
  • EAP Comparison
  • Range
  • Nearby EAP Authentication
  • Secure Access Control
  • Security Policy Management and Control Platform
  • Audit of Wi-Fi Security Methods
  • WPA2 and IEEE 802.11i
  • IEEE 802.11i and AES Encryption
  • WPA, WPA2, and 802.11i Comparison
  • WPA2 Authentication Modes
  • Audit WPA 2 Authentication Process
  • Audit WPA2 Key Management
  • WPA2 Authentication Modes
  • WPA2 Strengths and History
  • WPA2 and CCMP Issues
  • WPA2 GCMP Advantages
  • 802.11i WPA2 Key Hierarchy
  • Validation on Native Client Devices
  • Design WPA2 and EAP
  • Objective: Configure WPA2 and EAP in a Wi-Fi condition
  • WPA2 Personal Implementation on Cisco AireOS WLC
  • WPA and WPA2 Personal Authentication Implementation in Cisco IOS XE WLC GUI
  • WPA and WPA2 Personal Authentication Implementation: Autonomous AP
  • WPA and WPA2 Enterprise Authentication Implementation: Cisco AireOS WLC
  • WPA and WPA2 Enterprise Authentication Implementation: Cisco IOS XE WLC
  • WPA and WPA2 Enterprise Authentication Implementation: Autonomous AP
  • Executing Local EAP Authentication on Cisco WLC
  • EAP-FAST Parameters
  • Executing Local EAP Authentication on FlexConnect AP
  • Neighborhood EAP Authentication on Autonomous AP
  • Outer RADIUS Server on Cisco AireOS WLC
  • Outer RADIUS Server on Cisco IOS-XE WLC
  • Outer RADIUS Server on FlexConnect
  • Outer RADIUS Server on Autonomous AP
  • Depict Security Mobility and Roaming
  • Objective: Describe security versatility and meandering
  • Regular Scanning Behavior
  • Cisco Compatible Extensions Client Roam Triggers
  • Cisco Compatible Extensions Channel Scanning: AP-Assisted Roaming
  • Cisco Compatible Extensions Channel Scanning: Enhanced Neighbor List
  • Cisco Compatible Extensions Channel Scanning: Enhanced Neighbor List Request
  • Cisco Compatible Extensions Channel Scanning: Directed Roam Request
  • IEEE 802.11k: Radio Resource Management
  • IEEE 802.11v: Wireless Network Management
  • Assessing the AP List
  • Verification Choreography
  • Quick Secure Roaming: History
  • EAP Types Supported by Cisco CKM
  • IEEE 802.11r: Fast BSS Transition
  • Quick BSS Transition Initial Mobility Domain Association
  • Over-the-Air Fast BSS Transition
  • Arrange a Mobility Environment with WPA2 and EAP
  • Objective: Configure WPA2 and EAP for portability in a Wi-Fi condition
  • Arrange 802.11r Cisco on AireOS WLC
  • Actualizing 802.11r on Cisco IOS XE WLC
  • IEEE 802.11r Mixed-Mode Support
  • Blended Mode Configuration
  • Actualizing IEEE 802.11k

Guided Lab 1: Configure WPA2 Access

  • Objective: Configure WPA2 access on the controller to help endpoints
  • Movement Objective
  • Topology
  • Errand 1: Verify Client Setup for Testing Client Access (Optional)
  • Errand 2: Configure Required Interfaces
  • Errand 3: Configure WLANs
  • Errand 4: Configure a Local Network User on the WLAN Controller
  • Errand 5: Configure Local EAP on the Controller
  • Errand 6: Configure the Employee WLAN for Local EAP on Both Controllers
  • Errand 7: Configure the Windows Supplicant

Guided Lab 2: Configure 802.1X Access

  • Objective: Configure NADs for 802.1X and for correspondence with Cisco ISE
  • Movement Objective
  • Topology

Errand 1: Configure NADs for Cisco ISE

Module 3: Design and Deploy Cisco ISE and Management Platforms

  • Objective: Describe how to outline and convey Cisco Identity Services Engine (ISE) in Wi-Fi organize

Lesson 1: Cisco Network Security Architecture

  • Objective: Describe suggested security models in Wi-Fi arrange
  • This lesson incorporates these points:
  • Portray User Access Trends
  • Objective: Describe client get to patterns
  • How Do I Control Access to the Network?
  • Security Challenges for IT Organizations
  • Cisco ISE Architecture, Components, and Licensing
  • Objective: Describe Cisco ISE design, segments, and authorizing
  • Security Policy Management and Control Platform
  • Cisco ISE Nodes and Personas
  • Cisco ISE Nodes, Personas, and Roles
  • System Access Device
  • Cisco ISE Licensing
  • Cisco ISE Appliances
  • VM Requirements
  • Introducing Cisco ISE

Lesson 2: Profiles and Policies

  • Objective: Explain end gadget examination with Cisco ISE profiling and make strategies in Cisco ISE
  • This lesson incorporates these subjects:
  • Portray End Device Analysis with Cisco ISE Profiling
  • Objective: Explain end gadget examination with Cisco ISE profiling
  • Cisco ISE Profiler
  • Profiling Policies
  • Profiling Flow
  • Cisco ISE Probes
  • Gadget Sensor
  • Make Policies in Cisco ISE
  • Objective: Create approaches in Cisco ISE
  • Contemplations for Defining Policy Elements
  • Cisco ISE Workflow
  • Verification in Cisco ISE
  • Govern Based Authentication Policies
  • Valuable Authentication Attributes
  • Validation Policy Example
  • Approval in Cisco ISE
  • Approval Policy Rules
  • Character Groups
  • Other Authorization Conditions
  • Approval Profiles
  • Approval Policy Example
  • Change of Authorization
  • Strategy Sets

Lesson 3: Guest Access

  • Objective: Configure visitor get to and depict Cisco CMX Visitor Connect
  • This lesson incorporates these themes:
  • Design Guest Access
  • Objective: Configure visitor get to
  • Remote Guest DMZ Networks
  • Cisco Unified and Converged Access Wireless Guest Networks
  • Characterizing the Guest User
  • Visitor User Role-Based Policies
  • Visitor User Databases
  • Character Stores and Attribute Sources
  • Visitor User Database:

Lesson 4: Secure BYOD

  • Objective: Describe the protected BYOD arrangement
  • This lesson incorporates these points:
  • Arrange BYOD
  • Objective: Configure BYOD
  • Points of interest of Cisco BYOD Solution
  • Cisco Solution Components
  • Onboarding
  • Gadget Authentication for BYOD
  • Cisco ISE: Authentication and Authorization Policies Supporting BYOD
  • Single or Dual SSID in BYOD
  • Onboarding and Provisioning
  • Onboarding: Supplicant Provisioning
  • Customer Provisioning
  • BYOD Configuration
  • BYOD Authentication: CWA and IEEE 802.1X Use Cases
  • My Devices Portal
  • Cisco ISE: Device Profiling
  • BYOD Profiling with CoA
  • Portray BYOD Management and Monitoring
  • Objective: Design and Deploy Cisco ISE and Management Platforms
  • Cisco ISE and Cisco Prime Infrastructure Integration
  • Cisco ISE and Cisco Prime Infrastructure Reporting
  • Gadget 360? View Wireless Controller
  • Cisco Prime Infrastructure: Alarms and Events
  • Cisco Prime Infrastructure: Client Monitoring Dashboard
  • Cisco Prime Infrastructure: Clients and Users
  • Cisco Prime Infrastructure: Client Properties
  • Visitor Verification and Live Log in Cisco Prime Infrastructure
  • Cisco ISE Live Authentication
  • Cisco ISE Live Authentication: Details
  • Cisco ISE Live Authentication: Live Session View
  • Cisco ISE Live Authentication: Authorization
  • Cisco WLC: Authorization Diagnosis
  • Session Trace
  • Creating Reports from Prime Infrastructure
  • Revelation 1: Overview of Cisco ISE
  • Objective: Describe how to explore the Cisco ISE GUI
  • Action Objective
  • Visual Objective
  • Errand 1: Explore the Home Page
  • Errand 2: Explore the Operations Tab
  • Errand 3: Explore the Policy Tab
  • Errand 4: Explore Administration
  • Guided Lab 3: Configure RADIUS Integration
  • Objective: Configure Cisco ISE to utilize the NAD
  • Action Objective
  • Topology
  • Errand 1: Initial Login and Initial Message Management
  • Errand 2: Configure NADs on Cisco ISE
  • Errand 3: Verify or Create Airespace ACLs for Various User Groups
  • Guided Lab 4: Configure a Basic Access Policy
  • Objective: Configure an essential access arrangement for representatives
  • Action Objective
  • Topology
  • Assignment 1: Configure a Policy for Active Directory Employees and Contractors
  • Assignment 2: Wireless Client Access
  • Guided Lab 5: Configure a Contractor2 Authentication Policy
  • Objective: Etablish verification for an extra gathering of clients
  • Action Objective
  • Topology
  • Assignment 1: Policy Configuration for Contractor2
  • Guided Lab 6: Configure Hotspot Guest Access
  • Objective: Explore Cisco visitor get to arrangements and tasks
  • Action Objective
  • Topology
  • Assignment 1: Guest Settings
  • Assignment 2: Guest Locations
  • Assignment 3: Verify Airespace ACLs for Hotspot Portal Operations
  • Assignment 4: Hotspot Portal Operations
  • Guided Lab 7: CWA and Self-Registered Guest Operations
  • Objective: Explore various Cisco ISE visitor get to designs and activities
  • Action Objective
  • Topology
  • Assignment 1: Self-Registration and Employee BYOD Portal Operations

Module 4: Secure Wi-Fi Infrastructure

  • Objective: Explain how to secure the Wi-Fi framework
  • Lesson 1: Defining Endpoint and Client Standards and Features
  • Objective: Describe the present principles and highlights and how to arrange them.
  • This lesson incorporates these themes:
  • Depict the Current Standards and Features
  • Objective: Describe the present norms and highlights
  • Framework MFP
  • Framework Mode
  • Customer MFP
  • Customer and Infrastructure Mode
  • Institutionalized MFP
  • IEEE 802.11w Protection
  • MFP versus IEEE 802.11w
  • Personality Based Services
  • Utilizing Identity-Based Networking
  • Personality Based Networking Example
  • Approval Options for Users and Devices
  • VLANs and ACLs
  • Downloadable ACL versus Airspace ACL
  • Preauthentication and Postauthentication ACLs
  • Arrange MFP
  • Objective: Configure MFP
  • Arrange MFP Globally
  • MFP Settings
  • Arrange the WLAN for MFP: Security
  • Arrange the WLAN for MFP: Advanced
  • Confirm MFP
  • Arrange IEEE 802.11w PMF
  • Objective: Configure IEEE 802.11w PMF
  • Arrange Identity-Based Networking
  • Objective: Configure Identity-Based Networking
  • Cisco IOS XE TACACS+ Configuration
  • Part Based Access Control
  • Administrator User Configuration Procedure
  • Stages 1?3: Examine a Built-In, Edit, or Create an Admin Group
  • Stage 4: Configure Administrator User
  • Stages 5?6: Edit or Delete Administrator Account
  • Client Management
  • Nearby User Authentication
  • Include a Local User
  • Client Authorization
  • Outside Authentication Server
  • Verification Mode
  • Arrange SMNPv3 in the Wi-Fi Environment
  • Objective: Configure RADIUS and TACACS
  • Arrange SNMP: Autonomous AP GUI and CLI
  • Cisco WLC: Remove Default SNMP Community Names
  • Cisco WLC: Add SNMP Community Names
  • Cisco WLC: Remove SNMPv3 User Default Values
  • Cisco WLC: Add a SNMPv3 User
  • Cisco WLC: Add a SNMP Trap Receiver
  • Overseeing SNMP Trap Controls
  • SNMPv3 on Cisco IOS XE
  • SNMPv3 on Cisco ISE
  • Cisco Prime Infrastructure: Configure Controllers
  • Cisco Prime Infrastructure: Add a Controller
  • Revelation 2: Implementing SNMP v3
  • Objective: Configure the controller to actualize SNMP v3
  • Action Objective
  • Visual Objective
  • Errand 1: Use the GUI to Change the SNMP v3 User Default Values
  • Errand 2: Use the CLI to Change the SNMP v3 User Default Values
  • Revelation 3: Configure and Verify Cisco MFP
  • Objective: Configure and confirm Cisco MFP
  • Action Objective
  • Required Resources
  • Visual Objective
  • Errand 1: Enable MFP on the Cisco WLC
  • Errand 2: Create a New Local EAP Profile for EAP-FAST
  • Errand 3: Enable Local EAP on the CCNP-Demo SSID
  • Errand 4: Configure ap2 as a Workgroup Bridge for EAP-FAST Authentication to the Demo WLAN
  • Errand 5: Verify that MFP Is Active on the Connection to CCNPW-Demo

Revelation 4: Rogue AP Monitoring and Rules

  • Objective: Monitor maverick APs in Cisco WLCs and Cisco Prime Infrastructure
  • Action Objective
  • Required Resources
  • Visual Objective
  • Assignment 1: Monitor Rogue APs from the Cisco WLC
  • Assignment 2: Rogue Policies
  • Undertaking 3: Monitor Rogues in Cisco Prime Infrastructure
  • Guided Lab 8: Configure Secure Administrative Access
  • Objective: Configure secure authoritative access
  • Movement Objective
  • Topology
  • Undertaking 1: Enable RADIUS Administration on the Cisco WLC
  • Undertaking 2: Configure Local Identity Groups in Cisco ISE
  • Undertaking 3: Configure Local Users in Cisco ISE
  • Undertaking 4: Configure Authorization Profiles for Cisco WLC Admin Access in Cisco ISE
  • Undertaking 5: Configure Authorization Policies for Cisco WLC Admin Access in Cisco ISE
  • Undertaking 6: Test Cisco WLC Admin Access through RADIUS
  • Guided Lab 9: Configure a Basic Authentication Policy for an AP
  • Objective: Configure fundamental verification arrangement for an AP
  • Movement Objective
  • Topology

Undertaking 1: Policy Configuration for Network APs

Module 5: Design and Deploy Wi-Fi Access Control

  • Objective: Design and convey Wi-Fi get to control

Lesson 1: Defining Wi-FI Access Control Standards and Features

  • Objective: Explain ACLs, firewall functionalities, and how to design ACLs in the Wi-Fi condition
  • This lesson incorporates these themes:
  • Depict ACLs and Firewall Functionality
  • Objective: Describe ACLs and firewall usefulness
  • ACL Functionality and Limits
  • Firewalls
  • Firewall Ports
  • VPN Firewall: Remote Office
  • FlexConnect ACLs
  • Design ACLs in the Wi-Fi Environment
  • Objective: Configure ACLs in the Wi-Fi condition
  • Independent AP: Add an IP ACL
  • Independent AP: Configure an IP ACL
  • Independent AP: Add a MAC ACL
  • Independent AP: Apply an ACL
  • Cisco WLC: Configure a New ACL
  • Cisco WLC: Configure ACL Rules
  • Cisco WLC: Deny Counters
  • ACL Types

Guided Lab 10: Implement Profiling

  • Objective: Configure the Cisco ISE Profiler administration and administration settings
  • Action Objective
  • Topology
  • Errand 1: Configure Profiling in Cisco ISE
  • Errand 2: Configure the Feed Service (Optional)
  • Errand 3: Configure Profiling in Cisco ISE
  • Errand 4: NAD Configuration for Profiling

Guided Lab 11: Profiling and Device Onboarding

  • Objective: Configure Cisco ISE for BYOD onboarding
  • Action Objective
  • Topology
  • Errand 1: Portal Provisioning
  • Errand 2: Provisioning Configuration
  • Errand 3: Policy Configuration
  • Errand 4: Employee Laptop PC Registration

Prerequisites

The information, aptitudes, and dispositions that a student is required to have before going to this course are as per the following:

  • CCNA? R&S confirmation
  • CCNA? Wireless confirmation

It is likewise suggested that students considered for this preparation have a fundamental information of the accompanying:

  • Cisco Prime Infrastructure
  • Cisco ISE
  • Metageek Channelizer Software
  • Voice Signaling Protocols
  • Fundamental QoS
  • Cisco Application Visibility Control
  • LAN exchanging

Awards