SØG - mellem flere end 8 millioner bøger:
Viser: Securing Enterprise Networks with Cisco Meraki
Securing Enterprise Networks with Cisco Meraki
Ryan Chaney og Simerjit Singh
(2024)
Sprog: Engelsk
Cisco Press
441,00 kr.
ikke på lager, Bestil nu og få den leveret
om ca. 15 hverdage
om ca. 15 hverdage
Detaljer om varen
- Paperback: 800 sider
- Udgiver: Cisco Press (November 2024)
- Forfattere: Ryan Chaney og Simerjit Singh
- ISBN: 9780138298180
Securing Enterprise Networks with Cisco Meraki
Discover the Power of Cisco Meraki
Unlock the full potential of Cisco Meraki with this in-depth guide, designed to help you build and secure modern, cloud-managed networks. Cisco Meraki offers a unique, cloud-managed IT platform that integrates seamlessly with Cisco's traditional products and other third-party tools. Whether you're a new Meraki customer, an experienced network engineer, or an IT manager looking to streamline operations, this book provides you with the knowledge and practical steps needed to secure enterprise networks effectively.
In a world where cybercrime is an ever-present threat, Meraki's cloud-managed solutions offer a robust alternative to traditional wired and wireless networks. This book not only introduces you to the fundamentals of Meraki but also dives deep into advanced security configurations, industry best practices, and real-world use cases. By the end of this book, you'll be equipped to implement Meraki solutions that meet stringent IT security standards and frameworks, ensuring your network is not just operational but resilient and secure.
With this book as your guide, you will gain the skills to deploy secure, cloud-managed networks using Cisco Meraki. You will learn
- Meraki's History: Understand the evolution of Meraki from a research project at MIT to a key player in Cisco's portfolio.
- Security Frameworks and Industry Best Practices: Learn about the essential IT security standards and frameworks and how Meraki can help you meet these requirements.
- Meraki Dashboard and Trust: Get familiar with the Meraki management portal and understand the considerations for adopting cloud-managed infrastructure.
- Role-Based Access Control (RBAC): Discover how to implement RBAC to enforce the principle of least privilege within your network.
- Securing Administrator Access to Meraki Dashboard: Master the configuration of strong authentication methods, including multifactor authentication (MFA) and SAML single sign-on (SSO).
- Security Operations: Explore the native Meraki tools and external solutions for compliance reporting, centralized logging, and incident response.
- User Authentication: Delve into the setup of authentication infrastructures supporting wired, wireless, and VPN access, including Meraki Cloud Authentication, SAML, and RADIUS.
- Wired and Wireless LAN Security: Learn how to secure your LAN with features like 802.1X authentication, firewalling, and adaptive policies.
Introduction xix
Chapter 1 Meraki''s History 1 Roofnet 1 Start-up 3 Acquisition by Cisco 4 The Meraki Museum 7 Summary 7 Notes 8 Further Reading 8
Chapter 2 Security Frameworks and Industry Best Practices 11 The Cybersecurity Imperative 11 Adopting Industry Best Practice 13 Industry Standards 13 Security as a Team Sport 15 Key Themes Across Security Standards 15 Continuous Improvement 16 Comparison of Common Security Standards and Framework Requirements 16 Summary 17 Further Reading 17
Chapter 3 Meraki Dashboard and Trust 19 Meraki Dashboard 19 Out-of-Band Management 20 Meraki Dashboard Hierarchy 20 Trust 22 Privacy 23 Data Retention Policy 24 Data Security 24 Data Center Resiliency 26 Compliance with Information Standards, Regulations, and Industry Best Practices 26 Hardware Trust Model 28 Supply Chain Security 28 Secure Boot 29 Secure Device Onboarding 29 Software Trust Model 30 Cloud Shared Responsibility Model 32 Summary 32 Notes 33 Further Reading 33
Chapter 4 Role-Based Access Control (RBAC) 37 Meraki Dashboard''s Administration Hierarchy 38 Administrator Access Levels for Dashboard Organizations and Networks 38 Assigning Permissions Using Network Tags 40 Port-Level Permissions 42 Role-Based Access Control for Camera-Only Administrators 49 Role-Based Access Control for Sensor-Only Administrators 52 Role-Based Access Control Using Systems Manager Limited Access Roles 53 Summary 60 Further Reading 60
Chapter 5 Securing Administrator Access to Meraki Dashboard 61 Securing Administrative Access to Meraki Dashboard 61 Meraki Dashboard Local Administrator Access Controls 62 Creating Meraki Dashboard Local Administrator Accounts 62 Password Age 68 Password Reuse 70 Password Complexity 72 Account Lockout After Invalid Login Attempts 74 Idle Timeout 77 IP Whitelisting 79 Multifactor Authentication (MFA) 81 Configuring SAML Single Sign-On (SSO) for Dashboard 98 The Use Cases for Single Sign-On 98 SAML Single Sign-On Login Flow 99 SAML Single Sign-On Design 99 Configuring Meraki SAML SSO Using Cisco Duo and Microsoft Entra ID 102 Prerequisites 103 Adding SP-Initiated SAML SSO 146 Verifying SAML SSO Access to Meraki Dashboard with Cisco Duo and Microsoft Entra (Including Duo Inline Enrollment) 148 Implementing Additional Access Controls Using Cisco Duo and Microsoft Entra ID 159 Password Policies 159 Password Age 160 Password Reuse 160 Password Complexity 160 Account Lockout After Invalid Login Attempts 160 Security Policies 161 IP Whitelisting 161 Restricting Concurrent Logins 162 Automatically Disabling Inactive Accounts 162 Automatically Disabling Accounts After a Predetermined Period of Time Unless Revalidated 163 Automatically Disabling Temporary Accounts 165 Summary 165 Further Reading 166
Chapter 6 Security Operations 169 Centralized Logging Capabilities 170 Login Attempts 172 Change Log 172 Event Log 174 Creating API Keys 175 Finding Your Organization ID 180 Exporting Logs 180 Exporting Logs to Splunk 181 Syslog 190 Exporting Flow Data 192 NetFlow, IPFIX, and Encrypted Traffic Analytics 193 Syslog Flows 196 Compliance Reporting with AlgoSec 197 Prerequisites 197 Integrating AlgoSec with Meraki Dashboard for Compliance Reporting 197 Monitoring and Incident Response 208 Security Center 209 Alerts 210 External Alerting 213 Webhooks 213 SNMP Traps 224 External Polling 227 Meraki Dashboard API 228 SNMP 234 Automated Incident Response with ServiceNow 240 Security Management 246 Inventory 247 Hardware 247 Software 248 Configuration 249 Client Devices 251 Topology 252 Summary 253 Notes 253 Further Reading 254
Chapter 7 User Authentication 257 Configuring Meraki Cloud Authentication 260 Configuring SAML with Cisco Duo and Microsoft Entra 264 Confirming Functionality of SAML Configuration Using AnyConnect VPN 273 Configuring RADIUS Using Cisco ISE, Cisco Duo, and Microsoft Active Directory 276 Prerequisites 277 Configuring Users and Groups in Microsoft Active Directory 280 Configuring Group(s) in Active Directory 280 Configuring User(s) in Active Directory 281 Configuring Cisco Identity Services Engine (ISE) 285 Adding Network Access Devices (NADs) to Cisco ISE 285 RADIUS Configuration for Wired and Wireless
802.1X 295 Configuring Organization-Wide RADIUS in Meraki Dashboard 295 Creating a Policy Set for Wired and Wireless
802.1X in Cisco ISE 300 Configuring an Authentication Policy in Cisco ISE 304 Configuring an Authorization Policy in Cisco ISE 305 Confirming Functionality of RADIUS Authentication on Wireless 308 Confirming Functionality of RADIUS Authentication for Wired
802.1X 312 RADIUS Configuration for AnyConnect VPN with Duo MFA 315 Configuring Duo Authentication Proxy 317 Configuring AD Sync in Duo Admin Panel 319 Encrypting Passwords in Duo Authentication Proxy 330 Enrolling Users with Cisco Duo 330 Configuring Cisco Duo as an External RADIUS Server in Cisco ISE 335 Creating the Policy Set for AnyConnect VPN in Cisco ISE 337 Meraki Dashboard Using Active Directory Authentication for AnyConnect VPN 342 Prerequisites 342 Configuring Active Directory Authentication 346 Confirming Functionality of Active Directory Configuration 348 Summary 350 Further Reading 350
Chapter 8 Wired and Wireless LAN Security 353 Access Control Lists and Firewalls 354 Access Control Lists (Meraki MS) 354 Meraki MR Firewall 357 Layer 3 Firewall 358 Layer 7 Firewall (Including NBAR Content Filtering) 360 Ethernet Port Security Features (Meraki MS) 362 MAC Allow Lists 362 Sticky MAC Allow Lists 366 Port Isolation 368 SecurePort 370 Dynamic ARP Inspection 373 Rogue DHCP Server Detection (Meraki MS) 376 Hardening Meraki MR and MS Devices (Local Status Page) 379 Zero Trust (Wired and Wireless Dot1x) 382
802.1X with Protected EAP (PEAP) on Wired and Wireless Networks 383 Configuring Wireless
802.1X with Protected EAP (PEAP) 383 Configuring Wired
802.1X with Protected EAP (PEAP) 388 Configuring
802.1X Using EAP-TLS on Wired and Wireless Networks 394 Configuring the Identity Source Sequence in Cisco ISE 396 Configuring the Policy Set in Cisco ISE 398 Generating a Client Certificate Using Cisco ISE 404 Exporting the Cisco ISE Certificate Authority Certificate 408 Testing Wireless
802.1X with EAP-TLS 411 Testing Wired
802.1X with EAP-TLS 413 Sentry-Based
802.1X with EAP-TLS on Wired and Wireless Networks 416 Sentry Wi-Fi 416 Sentry LAN 419 Configuring MAC Authentication Bypass (MAB) 426 Configuring an Endpoint Identity Group in Cisco ISE 426 Creating a Policy Set in Cisco ISE for MAC Authentication Bypass 430 Configuring Wireless MAC Authentication Bypass in Meraki Dashboard 436 Configuring Wired MAC Authentication Bypass in Meraki Dashboard 439 Group Policies 443 Creating a Group Policy 443 Applying Group Policies 446 Applying Group Policies to a Client Manually 446 Applying Group Policies Using a Sentry Policy 449 Applying Group Policies Using RADIUS Attributes and Cisco ISE 452 Adaptive Policy and Security Group Tags (SGTs) 459 Enabling Adaptive Policy 460 Configuring Security Group Tag Propagation 461 Enabling SGT Propagation on Meraki MS Switches 461 Enabling SGT Propagation on Meraki MX Security Appliances 463 Creating Security Group Tags 466 Creating Adaptive Policy Groups in Meraki Dashboard 466 Creating Security Group Tags in Cisco ISE 469 Assigning Security Group Tags 472 Statically Assigning Security Group Tags to SSIDs 472 Statically Assigning Security Group Tags to Switch Ports 473 Assigning Security Group Tags Using Cisco ISE 475 Creating an Adaptive Policy 476 Testing Adaptive Policy 479 Client Laptop 480 POS Terminal 480 POS Server 483 Testing 483 Wireless Security 487 Summary 489 Notes 489 Further Reading 490
Chapter 9 Meraki MX and WAN Security 493 Meraki MX Introduction 493 Site-to-Site VPN (Auto VPN) 494 Site-to-Site VPN with Non-Meraki Devices 499 ThousandEyes 505 Remote-Access VPN 507 Client VPN 508 Sentry VPN 514 AnyConnect VPN 519 Confirming Functionality of AnyConnect VPN Access 524 Restricting Client VPN Traffic 529 Virtual MX (vMX) 531 Sizing a Virtual MX 531 Understanding Feature Parity with Meraki MX 532 Deploying Virtual MX in Amazon Web Services (AWS) 533 Creating a New vMX Network in Meraki Dashboard 533 Configuring the Default VPC in AWS 536 Deploying vMX in AWS 541 Viewing the New vMX in Meraki Dashboard 552 Summary 553 Notes 554 Further Reading 554
Chapter 10 Securing User Traffic 557 Comparison of Meraki''s Native Security Capabilities and Cisco Secure Connect 558 Native Meraki MX Capabilities 559 Layer 3 Firewall 559 Layer 7 Firewall 563 Geo-IP Firewall 566 Enabling Detailed Traffic Analysis 566 Config
Chapter 1 Meraki''s History 1 Roofnet 1 Start-up 3 Acquisition by Cisco 4 The Meraki Museum 7 Summary 7 Notes 8 Further Reading 8
Chapter 2 Security Frameworks and Industry Best Practices 11 The Cybersecurity Imperative 11 Adopting Industry Best Practice 13 Industry Standards 13 Security as a Team Sport 15 Key Themes Across Security Standards 15 Continuous Improvement 16 Comparison of Common Security Standards and Framework Requirements 16 Summary 17 Further Reading 17
Chapter 3 Meraki Dashboard and Trust 19 Meraki Dashboard 19 Out-of-Band Management 20 Meraki Dashboard Hierarchy 20 Trust 22 Privacy 23 Data Retention Policy 24 Data Security 24 Data Center Resiliency 26 Compliance with Information Standards, Regulations, and Industry Best Practices 26 Hardware Trust Model 28 Supply Chain Security 28 Secure Boot 29 Secure Device Onboarding 29 Software Trust Model 30 Cloud Shared Responsibility Model 32 Summary 32 Notes 33 Further Reading 33
Chapter 4 Role-Based Access Control (RBAC) 37 Meraki Dashboard''s Administration Hierarchy 38 Administrator Access Levels for Dashboard Organizations and Networks 38 Assigning Permissions Using Network Tags 40 Port-Level Permissions 42 Role-Based Access Control for Camera-Only Administrators 49 Role-Based Access Control for Sensor-Only Administrators 52 Role-Based Access Control Using Systems Manager Limited Access Roles 53 Summary 60 Further Reading 60
Chapter 5 Securing Administrator Access to Meraki Dashboard 61 Securing Administrative Access to Meraki Dashboard 61 Meraki Dashboard Local Administrator Access Controls 62 Creating Meraki Dashboard Local Administrator Accounts 62 Password Age 68 Password Reuse 70 Password Complexity 72 Account Lockout After Invalid Login Attempts 74 Idle Timeout 77 IP Whitelisting 79 Multifactor Authentication (MFA) 81 Configuring SAML Single Sign-On (SSO) for Dashboard 98 The Use Cases for Single Sign-On 98 SAML Single Sign-On Login Flow 99 SAML Single Sign-On Design 99 Configuring Meraki SAML SSO Using Cisco Duo and Microsoft Entra ID 102 Prerequisites 103 Adding SP-Initiated SAML SSO 146 Verifying SAML SSO Access to Meraki Dashboard with Cisco Duo and Microsoft Entra (Including Duo Inline Enrollment) 148 Implementing Additional Access Controls Using Cisco Duo and Microsoft Entra ID 159 Password Policies 159 Password Age 160 Password Reuse 160 Password Complexity 160 Account Lockout After Invalid Login Attempts 160 Security Policies 161 IP Whitelisting 161 Restricting Concurrent Logins 162 Automatically Disabling Inactive Accounts 162 Automatically Disabling Accounts After a Predetermined Period of Time Unless Revalidated 163 Automatically Disabling Temporary Accounts 165 Summary 165 Further Reading 166
Chapter 6 Security Operations 169 Centralized Logging Capabilities 170 Login Attempts 172 Change Log 172 Event Log 174 Creating API Keys 175 Finding Your Organization ID 180 Exporting Logs 180 Exporting Logs to Splunk 181 Syslog 190 Exporting Flow Data 192 NetFlow, IPFIX, and Encrypted Traffic Analytics 193 Syslog Flows 196 Compliance Reporting with AlgoSec 197 Prerequisites 197 Integrating AlgoSec with Meraki Dashboard for Compliance Reporting 197 Monitoring and Incident Response 208 Security Center 209 Alerts 210 External Alerting 213 Webhooks 213 SNMP Traps 224 External Polling 227 Meraki Dashboard API 228 SNMP 234 Automated Incident Response with ServiceNow 240 Security Management 246 Inventory 247 Hardware 247 Software 248 Configuration 249 Client Devices 251 Topology 252 Summary 253 Notes 253 Further Reading 254
Chapter 7 User Authentication 257 Configuring Meraki Cloud Authentication 260 Configuring SAML with Cisco Duo and Microsoft Entra 264 Confirming Functionality of SAML Configuration Using AnyConnect VPN 273 Configuring RADIUS Using Cisco ISE, Cisco Duo, and Microsoft Active Directory 276 Prerequisites 277 Configuring Users and Groups in Microsoft Active Directory 280 Configuring Group(s) in Active Directory 280 Configuring User(s) in Active Directory 281 Configuring Cisco Identity Services Engine (ISE) 285 Adding Network Access Devices (NADs) to Cisco ISE 285 RADIUS Configuration for Wired and Wireless
802.1X 295 Configuring Organization-Wide RADIUS in Meraki Dashboard 295 Creating a Policy Set for Wired and Wireless
802.1X in Cisco ISE 300 Configuring an Authentication Policy in Cisco ISE 304 Configuring an Authorization Policy in Cisco ISE 305 Confirming Functionality of RADIUS Authentication on Wireless 308 Confirming Functionality of RADIUS Authentication for Wired
802.1X 312 RADIUS Configuration for AnyConnect VPN with Duo MFA 315 Configuring Duo Authentication Proxy 317 Configuring AD Sync in Duo Admin Panel 319 Encrypting Passwords in Duo Authentication Proxy 330 Enrolling Users with Cisco Duo 330 Configuring Cisco Duo as an External RADIUS Server in Cisco ISE 335 Creating the Policy Set for AnyConnect VPN in Cisco ISE 337 Meraki Dashboard Using Active Directory Authentication for AnyConnect VPN 342 Prerequisites 342 Configuring Active Directory Authentication 346 Confirming Functionality of Active Directory Configuration 348 Summary 350 Further Reading 350
Chapter 8 Wired and Wireless LAN Security 353 Access Control Lists and Firewalls 354 Access Control Lists (Meraki MS) 354 Meraki MR Firewall 357 Layer 3 Firewall 358 Layer 7 Firewall (Including NBAR Content Filtering) 360 Ethernet Port Security Features (Meraki MS) 362 MAC Allow Lists 362 Sticky MAC Allow Lists 366 Port Isolation 368 SecurePort 370 Dynamic ARP Inspection 373 Rogue DHCP Server Detection (Meraki MS) 376 Hardening Meraki MR and MS Devices (Local Status Page) 379 Zero Trust (Wired and Wireless Dot1x) 382
802.1X with Protected EAP (PEAP) on Wired and Wireless Networks 383 Configuring Wireless
802.1X with Protected EAP (PEAP) 383 Configuring Wired
802.1X with Protected EAP (PEAP) 388 Configuring
802.1X Using EAP-TLS on Wired and Wireless Networks 394 Configuring the Identity Source Sequence in Cisco ISE 396 Configuring the Policy Set in Cisco ISE 398 Generating a Client Certificate Using Cisco ISE 404 Exporting the Cisco ISE Certificate Authority Certificate 408 Testing Wireless
802.1X with EAP-TLS 411 Testing Wired
802.1X with EAP-TLS 413 Sentry-Based
802.1X with EAP-TLS on Wired and Wireless Networks 416 Sentry Wi-Fi 416 Sentry LAN 419 Configuring MAC Authentication Bypass (MAB) 426 Configuring an Endpoint Identity Group in Cisco ISE 426 Creating a Policy Set in Cisco ISE for MAC Authentication Bypass 430 Configuring Wireless MAC Authentication Bypass in Meraki Dashboard 436 Configuring Wired MAC Authentication Bypass in Meraki Dashboard 439 Group Policies 443 Creating a Group Policy 443 Applying Group Policies 446 Applying Group Policies to a Client Manually 446 Applying Group Policies Using a Sentry Policy 449 Applying Group Policies Using RADIUS Attributes and Cisco ISE 452 Adaptive Policy and Security Group Tags (SGTs) 459 Enabling Adaptive Policy 460 Configuring Security Group Tag Propagation 461 Enabling SGT Propagation on Meraki MS Switches 461 Enabling SGT Propagation on Meraki MX Security Appliances 463 Creating Security Group Tags 466 Creating Adaptive Policy Groups in Meraki Dashboard 466 Creating Security Group Tags in Cisco ISE 469 Assigning Security Group Tags 472 Statically Assigning Security Group Tags to SSIDs 472 Statically Assigning Security Group Tags to Switch Ports 473 Assigning Security Group Tags Using Cisco ISE 475 Creating an Adaptive Policy 476 Testing Adaptive Policy 479 Client Laptop 480 POS Terminal 480 POS Server 483 Testing 483 Wireless Security 487 Summary 489 Notes 489 Further Reading 490
Chapter 9 Meraki MX and WAN Security 493 Meraki MX Introduction 493 Site-to-Site VPN (Auto VPN) 494 Site-to-Site VPN with Non-Meraki Devices 499 ThousandEyes 505 Remote-Access VPN 507 Client VPN 508 Sentry VPN 514 AnyConnect VPN 519 Confirming Functionality of AnyConnect VPN Access 524 Restricting Client VPN Traffic 529 Virtual MX (vMX) 531 Sizing a Virtual MX 531 Understanding Feature Parity with Meraki MX 532 Deploying Virtual MX in Amazon Web Services (AWS) 533 Creating a New vMX Network in Meraki Dashboard 533 Configuring the Default VPC in AWS 536 Deploying vMX in AWS 541 Viewing the New vMX in Meraki Dashboard 552 Summary 553 Notes 554 Further Reading 554
Chapter 10 Securing User Traffic 557 Comparison of Meraki''s Native Security Capabilities and Cisco Secure Connect 558 Native Meraki MX Capabilities 559 Layer 3 Firewall 559 Layer 7 Firewall 563 Geo-IP Firewall 566 Enabling Detailed Traffic Analysis 566 Config
De oplyste priser er inkl. moms
Butikker og åbningstid
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Find pensumliste
FAQ for studerende
Pensumlistegaranti
Sortiment og levering
Kompendier(for undervisere)
FAQ for studerende
Pensumlistegaranti
Sortiment og levering
Kompendier(for undervisere)
Polyteknisk Boghandel og Forlag A/S - Anker Engelundsvej 1 - 2800 Lyngby
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927