Cisco Training Courses

Cisco Training Courses

Insoft has been serving IT industry with authorized Cisco courses training, since 2010. Find all the relevant information on Cisco training on this page.

View More

Cisco Certifications

Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

View More

Cisco Learning Credits

Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

Have CLCs and want to redeem them?

Cisco Continuing Education

The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

View More

Cisco U

Cisco U. is customized to achieve your learning needs as this provides learning paths that includes wide range of topics, including CCNA, Cloud and Network Automation Essentials.

Browse Catalogue

Cisco Business Enablement

The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

View More

Fortinet Technical Certifications

Insoft Services´ training capabilities rely on the excellence of our exclusive Fortinet Certified Trainers (FCT). We are dedicated to providing high-quality training to Fortinet Customers and Partners.

View More

Fortinet Technical Courses

Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

View More

ATC Status

Check our ATC Status across selected countries in Europe.

View More

Fortinet Services Packages

Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

Browse Packages

Prepforce Bootcamp

The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

View More

Microsoft Training

Insoft Services provides Microsoft training in EMEAR. We provide Microsoft technical training and certification courses that are led by world-class instructors.

View More

Technical Training

The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

View More

ATP Accreditation

As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

View More

What we do

Through our global presence and partner ecosystem, we provide strategic IT consulting services to align IT services with customers' business goals.

View More

 

We are pleased to launch pre-scoped Enterprise Networking Consulting Packages, our ready-made solutions, tailored to ensure efficiency and cost containment.

 

View More

 

We specialize in the deployment of vendor-specific automation tools as well as open-source and vendor-independent solutions, that can be tuned in accordance with the business needs of a specific organization.

 

View More

 

We provide comprehensive IoT consultancy, deployment and support solutions for businesses that want to launch or improve their use of connected technologies.

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

 

View More

 

In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

 

View More
Cisco Training Courses

 

We provide the highest level of expertise on Cisco consultancy services, that target audits of your current network and implementing updates for improved operational performance, secure data and compliant systems.

View More

 

We provide the highest level of expertise on Fortinet consultancy services that target audits of your current network and implementing updates for improved operational performance, secure data and compliant systems.

View More

 

Our team can help enterprises, get the most value from Extreme products and services following our predefined value-added packages or custom ones that fits business needs.

 

View More

 

TXOne Networks provides cybersecurity solutions that ensure the reliability and safety of ICS and OT environments through the OT zero trust methodology protecting assets for their entire life cycle.

 

View More

About Us

Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

View More

Software-Defined Network Access Control Requirements Part 2

Software Defined Network Access Control

Software-Defined Network Access Control Requirements Part 2

12 March 2024

The NAC solution should provide the ability to Secure IoT network device access. It should support Advanced Asset visibility which provides the visibility into IoT-type of devices.

The solution should provide real time inventory of all connected endpoints. NAC should provide support to build contextual data about endpoints in terms of its device type, location, time of access, posture, user(s) associated to that asset and much more. Endpoints can be tagged with tags based on these attributes. This rich contextual insight can be used to enforce effective network access control policies and can also be shared with eco-system partners to enrich their services. This is all done in real time.

The solution should provide full fingerprint details such as time of connectivity, type of device, OS used, authentication method, group assigned, policy assigned, where connected in the network, etc. NAC should provide support to build contextual data about endpoints in terms of its device type, location, time of access, posture, user(s) associated to that asset and much more. Endpoints can be tagged with Scalable Group Tags (SGTs) based on these attributes. This rich contextual insight can be used to enforce effective network access control policies and can also be shared with eco-system partners to enrich their services. This is all done in real time.

The solution should integrate with third party solutions such NGFW, SIEM, and MDM to provide additional layers of security. Integration will allow the NAC and the security solutions to exchange information and take proper actions based on that information (such as deleting disconnected user sessions from the firewalls at real time, quarantining a device when it violates a specific Firewall rule, etc. The NAC solution should provide support to build contextual data about endpoints in terms of its device type, location, time of access, posture, user(s) associated to that asset and much more. Endpoints can be tagged with Scalable Group Tags (SGTs) based on these attributes.

This rich contextual insight can be used to enforce effective network access control policies and can also be shared with eco-system partners to enrich their services. For example, in the Next Generation Firewall (NGFW), policies can be written based on the identity context such as device-type, location, user groups and others, received from NAC. Inversely, specific context from 3rd party systems can be fed into the NAC to enrich its sensing and profiling capabilities, and for Threat Containment.

The solution should have the ability to provide passive scanning to check on any vulnerable ports opened on end systems and IOT devices. The NAC solution should provide Threat Centric Network Access Control (TC-NAC) feature that enables creation of authorization policies based on the threat and vulnerability attributes received from the threat and vulnerability adapters. Threat severity levels and vulnerability assessment results can be used to dynamically control the access level of an endpoint or a user. The vulnerability and threat adapters should be configurable to send high fidelity Indications of Compromise (IoC), Threat Detected events, and CVSS scores to NAC, so that threat-centric access policies can be created to change the privilege and context of an endpoint accordingly.

The solution should support Guest Access and BYOD captive portals with multiple login options such as social media, email, SMS integration, pre-registration passwords, sponsorship. The NAC solution should provide three ways in which NAC can provide Guest access: Hotspot (immediate non-credentialed access), Self-Registration and Sponsored Guest access. NAC should also provide a rich set of APIs to integrate with other systems such as vendor management systems to create, edit and delete Guest accounts.

Further, the various portals that the end user sees can be completely customized with the right font, color, themes, etc. to match the look and feel of the enterprise’s brand. NAC should create local accounts for Guests. These accounts can be created by an employee hosting the Guest (the Sponsor) using a built-in portal or created by the Guest themselves by providing some basic info. The Guest can receive credentials via email/SMS and use that to authenticate themselves to the network and thereby get network access.

The admin can define what level of access to provide to such users. NAC should provide multiple elements that help automate the entire onboarding aspect for BYOD. This includes a built- in Certificate Authority (CA) to create and help distribute certificates to different types of devices. The built-in CA provides a complete certificate lifecycle management. NAC should also provide a My Devices Portal, an end user facing portal, that allows the end user to register their BYOD endpoint as well as mark it as being lost to blacklist it from the network.

BYOD on boarding can be accomplished either through a single SSID or through a dual SSID approach. In a single SSID approach, the same SSID is used to onboard and connect the end user’s device while in a Dual SSID approach a different open SSID is used to on board the devices but the device connects to a different more secure SSID after the onboarding process. For enterprises that want to provide a more complete management policy, BYOD can be used to connect the end user to the MDM onboarding page as well.

Sources:

https://www.grandmetric.com/store/product/cisco-security/cisco-ise-identity-service-engine

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_threat_centric_nac.html

https://community.cisco.com/t5/security-knowledge-base/general-information-on-cisco-tc-nac-with-ise/ta-p/4505157

https://studylib.net/doc/26265013/cisco-ise-ordering-guide-june-2020

https://community.cisco.com/t5/network-access-control/ise-licenses-query/td-p/4427158

https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/discussions-network-accesscontrol/562265/1/Cisco%20ISE%20Ordering%20Guide%20June%202020.pdf/

Insoft Services

  • Recent Blogs

  • Relevant Blogs

  • No Comments

    Comments are closed.