Changing financial environments: an assessment framework for ...

Changing financial environments: an assessment framework for ...

Welcome to Global Knowledge 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 1 Housekeeping Adjust the volume on your computer speakers or headset Submit questions via the Chat Panel through WebEx Slides and recording distributed via email in a f ew days 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 2 Our presenters Graham Graham Tuthill

Tuthill Cisco CiscoLead LeadSecurity SecurityInstructor Instructor Global GlobalKnowledge Knowledge IIjoined joinedGlobal GlobalKnowledge Knowledgeas asaaCisco Ciscotrainer trainerin inFebruary February1999. 1999.IIhave havesince sinceprogressed progressedon ontt oobecome

becomeaaLead Leadtechnologist technologistfor foraasmall smallteam teamof ofCisco Ciscotrainers. trainers. IIhave havebeen beenin inthe thenetworking networkingindustry industryfor forover over15 15years yearsmainly mainly involved involvedwith withtraining, training,course course

development developmentand andconsultancy. consultancy. IIam amaacertified certifiedCisco, Cisco,Juniper Juniperand andNortel Nortelcertified certifiedinstructor. instructor. My Myrelevant relevantnetworking networkingqualifications qualificationsare:are:Certified CertifiedCisco CiscoInstructor Instructor(CCSI) (CCSI) Certified CertifiedJuniper JuniperInstructor Instructor

Cisco CiscoCDA CDA Cisco CiscoCCNA CCNA Cisco CiscoCCNP CCNP Cisco CiscoCCVP CCVP Cisco CiscoCCSP CCSP Nortel NortelCertified CertifiedInstructor InstructorATM ATMCentillion CentillionSwitching Switching Nortel NortelCertified CertifiedInstructor

InstructorAccelerated AcceleratedRouting Routing 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 3 Cisco ISE and BYOD Graham Tuthill 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 4 Agenda Reasons for adopting BYOD Reasons for adopting BYOD Cisco ISE Cisco ISE

An overview of BYOD operation, configuration and user experience An overview of BYOD operation, configuration and user experience The challenges BYOD presents The challenges BYOD presents 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 5 Agenda 45 45 minute minute presentation presentation and and aa 15 15 minute minute Q&A Q&A session

session 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 6 Reasons for adopting BYOD (1-2) Many Needs and Many Devices Voice, Video and Apps PCs, Tablets and Smartphones Work and Personal boundaries overlap Felibility, one device without switching Anywhere, Anytime Mobility 3G/4G Public WIFI access Bandwidth demand 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 7

Reasons for adopting BYOD (2-3 ) Video, Collaboration & Rich Media Apps Who is watching this Webinar on Bus, Train, Plane with Iphon e, Smartphone, Tablet, or PC owned by company or not. 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 8 Reasons for adopting BYOD (3-3) % of devices chart etc OVUM Bookmarked 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 9 Cisco ISE Overview (1-4)

MnT Policy Administration Node (PAN) Multi Function Node Monitoring Node (MnT) IPN Inline Posture Node (IPN) PSN Policy Service Node (PSN) Can scale to 100,000 Endpoints with 40xPSN 2xAdmin 2xMonitoring ISE Identity Service Engine

Comprising different personas Admin/Monitoring/Policy 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 10 Cisco ISE Overview (2-4) PSN Policy Service Node (PSN) Policy Service Node (Radius Server) Policies created on the Administration node, centrally Policies synced from Admin node to all participating PSNs 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 11 Cisco ISE Overview (3-4)

Communication flow endpoint to PSN NAD NADNetwork NetworkAccess AccessDevice Device PSN Endpoint Endpoint Wired Wired Wireless Wireless VPN VPN Si Si EAPOL EAPOL(802.1x) (802.1x) EAP

EAPOver OverRadius Radius EAP-TLS EAP-TLS 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 12 Cisco ISE Overview (4-4) Authentication Authorization Profiling Posturing BYOD EPS 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020

Page 13 Cisco ISE an overview of BYOD operation, configuration and user experience. BYOD Components Cisco ISE Database support, including Active Directory Wireless Controllers and access points Switches, Wired VPN Endpoint devices: Apple iOS Anroid Windows Mac OS X 2013 Global Knowledge Training LLC. All rights reserved. ISE 01/21/2020 Page 14

Cisco ISE Device Onboarding Authentication Authentication Provision Provision Native Native Supplicants Supplicants Provision Provision Certificates Certificates Self Self Registration Registration Blacklisting Blacklisting

2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 15 Cisco ISE DUAL SSID Design Seperate network for Access and Provisioning Open SSID for Provisioning Can be applied to Guests and Employees 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 16 Cisco ISE BYOD Flow for DUAL SSID Connect to open SSID Redirected to a WebAuth Portal Enter either Guest/Employee credentials 2013 Global Knowledge Training LLC. All rights reserved.

01/21/2020 Page 17 Cisco ISE Guest Access Guest agrees to Acceptable Use Policy (AUP) and gets Gue st access 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 18 Cisco ISE Employee Access and Device Registration Employee registers Device Requests and Downloads all appropriate certificates Downloads supplicant provisiong details Employee reconnects using EAP-TLS

2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 19 Cisco ISE Authorisation Policy Rules Rule Name Conditions Permissions All Rule IF Wireless_MAB Then WEB_Auth Guest Rule

IF GUEST Then GUEST Employee Rule IF Employee Then Supp_Provis Provis Rule IF Then

Employee Deny Rule IF Employee/EAP-TLS Station ID = Certificate SAN No_Matches Then Deny 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 20 Cisco ISE Connecting to the Network PSN

Radius Access-Request Guest connect to network via Open SSID Employees connect to network via Open SSID until their Endpoints provisioned 2013 Global Knowledge Training LLC. All rights reserved. Radius Access-Accept Radius AV Pair=url Redirect URL: https://ise-1.com:8443/guestportal/gateway/sessionid../cwa 01/21/2020 Page 21 Cisco ISE Guest Access Guest endpoints are not provisioned controlled through configuration Guest access is restricted Multi-Portal

Multi-PortalConfig Config Enable Self Provisioning Flow controlled through configuration PSN Radius Access-Request Radius AV Pair=mac 00.0c.00.a3.34.69 Radius Access-Accept 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 22 Cisco ISE Employee Access before provisioning Multi-Portal Multi-Portal Config Config

Enable Self Provisioning Flow PSN Radius Access-Request Radius Access-Accept Radius AV Pair=url Redirect URL: https://ise-1.com:8443/guestportal/gateway/sessionid../nsp Employee redirected to Native Supplicant Provisioning Certificate obtained via SCEP Native supplicant provisioned with certificate WIFI Profile NSP =Native Supplicant Provisioning 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 23 Cisco ISE Device Registration

CA CA PSN https to PSN PSN sends CA Cert to endpoint User registers CA ISE Endpoint ID group 00.0c.00.a3.34.69 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 24 Cisco ISE Device Enrollment

CA CA PSN PSN sends Profile Service to endpoint CSR is generated On endpoint CSR sent to PSN SCEP to CA Certificate sent to PSN Device PSN sends Device Certificate to endpoint 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 25 Device Provisioning

CA CA PSN CSR sent to PSN SCEP to CA Certificate sent to PSN User PSN sends User Certificate to endpoint SSID SSID == Corp Corp Eap-TLS Eap-TLS 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 26 WIFI Profile Policy>Policy

Policy>Policy Elements>Results>Client Elements>Results>Client Provisioning>Resources Provisioning>Resources 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 27 Client Provisiong Rules Rules based on 1. Identity group 2. Operating sytem 3. Other consitions Rule Name ID Groups OS Conditions Results

IOS IF Any & IOS All & AD:ExtGroups Equals Emplyees Then WIFI_Profile Android IF Any

& Android & AD:ExtGroups Equals Emplyees Then WIFI_Profile Windows IF Any & Windows &

AD:ExtGroups Equals Emplyees Then Win_Wizard Mac OS X IF Any & MAC OS X & AD:ExtGroups Equals Emplyees Then MAC_Wizard

2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 28 Employee Access after Endpoint Provisioning Rule Name Conditions Permissions Employee Rule IF Employee Then Supp_Provis

Provis Rule IF Employee/EAP-TLS Station ID = Certificate SAN Then Employee PSN SSID SSID == Corp Corp Eap-TLS Eap-TLS Device CA User 2013 Global Knowledge Training LLC. All rights reserved.

01/21/2020 Page 29 Cisco ISE User Experience, Guest Portal Redirect URL: https://ise-1.com:8443/guestportal/gateway/sessionid../cwa CWA =Central Web Auth 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 30 Cisco ISE User Experience, Device Registration CA Certificate is installed, user enters a description for the r egistered device. MAC Address can be Profiled and WIFI Profile Installed

2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 31 Cisco ISE User Experience, Client Provisioning Supplicant Profile is downloaded 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 32 Cisco ISE User Experience, Connect to SSID Mobile profile includes WI-FI configuration 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020

Page 33 Cisco ISE Summary Flow Chart Start Athuc Guest Employee BYOD Provisioning Web Portal Result Unknown Unknown/Guest/Employee/BYOD Web Portal Athuz Guest Limited

Access Stop BYOD Employee DENY BYOD Full Access Stop Stop 2013 Global Knowledge Training LLC. All rights reserved. Guest 01/21/2020 Page 34 The Challenges BYOD presents (1-3)

Wide range of Devices and a Challenge to support Selective device support Approved list Maintaining Secure Access to the Corporate Network. Device identification (mac address) Bringing a new device into the Network, On-Boarding Self-Service access Guest access 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 35 The Challenges BYOD presents (2-3) Company Usage policies and Enforcement Work and Personal data on the same device BYOD Network Visibility Device location Wired, Wireless and VPN 3G/4G and WIFI

Protecting Corporate Data Biggest Challenge Regulaturity requirements. 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 36 The Challenges BYOD presents (3-3 ) Remote Wipe and or Blacklist Device lost or stolen Employee changing role Wide range of Devices and apps, Wide range of threat vecto rs ad-hoc hotspots Malware SMS threats 2013 Global Knowledge Training LLC. All rights reserved.

01/21/2020 Page 37 Summary Reasons for adopting BYOD Cisco ISE, an overview of BYOD operation, co nfiguration and user experience. The challenges BYOD presents 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 38 Questions Graham Tuthill Cisco Lead Security Instructor Global Knowledge

2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 39 Find out more... Default Gateway Site http://defaultgateway.co.uk/sise BYOD Webinar Site http://byod.weebly.com Visit Our Community Courses Certifications Solutions News Events Webinars Blog Sign up to our Newsletters Twitter LinkedIn Google+

Videos 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 40 Thank you for attending For more information visit www.globalknowledge.co.uk Call us on 0118 912 3456 2013 Global Knowledge Training LLC. All rights reserved. 01/21/2020 Page 41

Recently Viewed Presentations

  • EMERGENCY RESPONSE AND TREATMENT VIA THE MENTAL HEALTH

    EMERGENCY RESPONSE AND TREATMENT VIA THE MENTAL HEALTH

    PA BULLETIN: OMHSAS - 06-02. Issued Februay 1, 2006. Identifies Pennsylvania as having the third largest population over age 60, and anticipates the fastest growing age range in next 2 decades will be in the 85 + age group.
  • The Enriched Opportunities Programme for people with dementia

    The Enriched Opportunities Programme for people with dementia

    Dawn Brooker, Association for Dementia Studies University of Worcester Elaine Argyle, David Clancy, Andy Scally, University of Bradford. Guy Page ExtraCare Charitable Trust Hazel May Gloucester 2gether NHS Foundation Trust
  • The Imperiled Presidency - HCC Learning Web

    The Imperiled Presidency - HCC Learning Web

    Bush was conservative on other issues (a Christian evangelical, opposed to gay marriage, opposed to stem cell research (using embryos for medical research), appointed pro-life judges to the federal courts, signed a series of tax cuts into law, and aggressively...
  • UCAS/Progression/Quay

    UCAS/Progression/Quay

    UCAS 2018 Priestley College. Key dates. College Process. Timeline for 2017-18 applications. Personal/Progress tutor early applications internal deadline 21st September 2017. External deadline 15th October 2017. Internal deadline 1 (Normal applications) 13thOctober 2017. ...
  • Molecular Models and Potential Energy Surfaces

    Molecular Models and Potential Energy Surfaces

    CNDOL Hamiltonians and extended configuration interaction to approach nanoscopic systems Luis A. Montero Cabrera Ana L. Montero Alejo Universidad de La Habana
  • Title of talk

    Title of talk

    IAOS conference Shanghai October 2008 The role of national statistical societies Professor Denise Lievesley ISI and King's College London
  • www.mcvts.net

    www.mcvts.net

    wear an ID badge. ID badge allows students to use the Lunch Point of Sale card system. First ID card is No Cost to parents. If card is lost, there is a $5.00 fee. Failure to wear/display ID card will...
  • Case Photos - Office of Science Education (OSE)

    Case Photos - Office of Science Education (OSE)

    Arial Lucida Sans Book Antiqua Wingdings 2 Wingdings Wingdings 3 Calibri Apex Apex Apex Case Photos Alba the Rabbit Disease-Model Mice Dyed Feathers Ear Mice Giant Panda Breeding Immunoglobulin Cows Mad-Cow-Disease Cows Malaria Mosquitoes Purebred Dogs Sheared Wooly Sheep Spider-Silk...