What is cisco ISE and use cases

InfosecHelper November 03, 2020

Introduction 

Cisco ISE has introduced almost 4 years ago. However, most organizations not utilizing their features completely.

What is Cisco ISE:

Basically, Cisco ISE is an NAC(network access control)solution where this has the visibility of the devices connected to the network also can work as an AAA server. However, I can't say all of its features in a single word. Let's dive into all the features one by one

Wired Authentication MAB(MAC Authentication Bypass)

I know MAB and 802.1X used interchangeably most of the times, however, there is some difference

  • MAB acts at Layer 2, basically, when a  device is connected to an access port this will check whether this device mac is permitted or not also it will  dynamically  authorize for a specific VLAN or assigned a unique access list 
  • MAB helps to map Device IP, MAC address, Switch and switch port this can be used for audits, network forensics, network use statistics, and troubleshooting.
  • Mab is very helpful when there are a mix of devices which support 802.1X and some not.in that case you can use it as fallback otherwise if you have all device which is not supported MAB.
  •  MAB can be used only  for device authentication this won't provide any user-based authentication  and the main drawback of MAB is always we need to keep the database of the mac address


Wired and Wireless Authentication using 802.1X:

To avoid all the confusion please understand all that 802.1X is not a single protocol or single thing. we can say 802.1X as authentication and authorization framework.that means 802.1X are widely used in NAC solutions such as Cisco ISE.this is majorly used in wired/wireless user/device authentication.

Posturing:

Posturing is a method where you can  check certain conditions are met while connecting devices to your network in the below ways

  • Wired
  • Wireless
  • VPN
Let's say you can create a condition for VPN users that only users have Symantec  Antivirus installed and updated with new AV definitions allowed to connect VPN. Cisco ISE can perform various conditions some of them are listed below 

  • AM Installation
  • Application Inventory
  • USB Check
  • AV Installation
  • AV version / date
  • Application / File Check
  • Service packs / Hotfixes
  • Process / Registry Check
  • Patch Management
  • Disk Encryption
  • Service Condition
  • Registry Condition
  • Machine Domain check 

Bring Your Own Device (BYOD)

Bring your own device is a concept where the users are allowed to connect their personal devices to connect a managed network. inside the organization, they may have employee users, contractors, and guest users.so it depends upon requirement according to your organization 

Profiling

Cisco ISE has great visibility to network devices connected to your network.that means it can give a clear picture about endpoints connected to your network

  • Who is connected 
  • Device type: (Laptop/mobile devices etc)

  • access time 
  • access location
  • access type (wired/wireless/VPN)
  • what access provided  (permitted network access/ACL)