Go to Qiita Advent Calendar Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@IsaacJ(ジャッド アイザック)

ISE keywords

Last updated at Posted at 2021-10-25

ISE Specific Keywords:

Identity Service Engine or ISE. It's radius, TACACS, centralized visibility and control +more for large enterprise networks(10,000以上). It is composed of 4 nodes; PAN, PSN, MnT & PXG. Put these 4 together and you have an ISE Cube.

Administration Persona(Node = Administration Node or PAN): The control center where you do all you administration stuff on ISE like creating polices, configurations, certificates, and pushing out dACL, configurations and more.

Policy Service Persona(Node = Policy Service Node or PSN): Decision maker based on what you configured in the PAN. It evaluates and decides. There can be a large number of PSNs in a deployment. The PSNs can be kept in synch by sharing a "heartbeat" in within their group.

Monitoring Persona(Node = Monitoring Node or MnT): Collects and correlates logs and reports. It can create reports and alerts.

pxGrid Persona(pxGrid Node or PXG): It makes pxGrid services possible with ISE. It's role is to share "contextual-based information" using it's framework to exchange data such as threat information between both Cisco and third-parties vendors.

ISE Profiler:
In ISE platform this component responsible for the detection and classification of the asset.

Native Supplicant Provisioning(NSP):
Also TrustSec keyword with onboarding & provisioning. Assign different policies, connection details like type of EAP & SSID to use according to the OS.

Other General Keywords:

Identity: A representation of who you are.
Credential: Evidence to prove identity
Identity Store: A database of user or endpoint credentials. A single Identity Store is called a "Identity Source"

Internal Identity Stores:
This can be a limited account for special purpose like configuring a network device. After creating the Network Access User, you can then associate it with a User Identity Group.

External Identity Stores:
ISE supports many external Identity Sources including LDAP, AD(majority of cases), Radius token servers, RSA SecureID, OTP, and SAML.

Profiling:
Classification by collecting and analyzing attributes about user or device in order to determine with predefined level of certainty the true identity of asset.

Posturing:
Easy to confuse with profiling, but different.
Posturing happens after the profile is confirmed, and ISE is checking details of the asset such as if it has the correct certificates, applications, version #/patches installed.

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?