Job Description :
Hello,
Hope you are doing good! I have the below opportunity for you, if interested please reply me with your updated resume.
Role : Cisco Identity Services Engine (ISE) Remediation
Location : Denver, CO
Duration: 6 months
Focused on the development and implementation of client’s Cisco Identity Services Engine (ISE) Remediation and Integration with wired, wireless and virtual private network (VPN
This ISE solution is part of client’s layered approach to security.
By implementing security policies for all devices seeking network access, client will create an environment that limits potential
damage from emerging security threats and risks.
Cisco ISE will give client a powerful, identity based methodology for preventing unauthorized access and improving network resiliency.
Based on recent security assessment performed at DEN, we are requesting proposers to provide remediation of all of the items highlighted in the ISE/Wired Assessment Report and the Wireless Assessment report.
At a high level, the four areas are:
Publicly Accessible Ethernet Jack Inventory
Deployment of new ISE Environment
Wired/Wireless Security Policy Development and Integration with ISE
Wireless Adaptive IPS Deployment and Integration with Splunk
installation, configuration, and testing of the wireless network
infrastructure. Below are specific tasks:
Configure AAA and RADIUS attributes on WLCs to point to ISE
Validate existing wireless controller configuration
WLAN
Interfaces
Verify pilot/test authentication VLAN, and access VLANs including the IP subnets and default gateways
Ensure that baseline configurations of all network devices are saved
Configure up to five (5) authentication policies (e.g., machine/user authentication, PEAP,EAP-TLS) and external authentication servers (if required)
Configure Wireless policy and SSID development for up to five (5) networks including TTS,
Printers and Internal
Configure Peer to Peer Isolation
Configure up to five (5) authorization profiles and policies (if required)
Configure up to five (5) profiling policies and actions (if required)
Configure guest services, sponsor group policies, guest user policies, rules, and conditions (if
required)
Configure user web authentication and redirect (if required)
Integrate ISE with ISE supported Mobile Device Management (MDM) platform
VPN Appliances for ISE & 802.1x
Configure and verify DNS and NTP settings on VPN Appliances
Configure AAA and RADIUS attributes on ASA Appliances to point to ISE
Validate existing VPN configuration
Finesse OS/FTD
Interfaces
ACLs/Dynamic Access Policies (DAP)
Authentication methods
Ensure that baseline configurations of all network devices are saved
Configure and verify VPN appliances (ASAs) based on templates specified during the design phase
Validate that agent/supplicant(AnyConnect) distribution with the right discovery host have been deployed to this site
Configure up to five (5) posture ACL, permitting relevant traffic policies
Verify pilot/test authentication VLAN, and access VLANs, including the IP subnets and default gateways
Perform migration of users to ISE-enabled VPN
ISE Policy and Services Configuration for VPN Access
Upgrade ASA VPN appliances (if applicable)
Configure up to five (5) authentication policies (e.g., machine/user authentication, PEAP,
EAP-TLS) and external authentication servers
Configure up to five (5) appropriate authorization profiles and policies
Configure up to five (5) appropriate profiling policies and actions
Configure up to five (5) network authorization and change of authorization (CoA) policies
Configure up to five (5) dynamic VLAN ACLs (if applicable)
Configure default ASA system user or captive portal page to use ISE
Configure appropriate timers for re-authentication, reauthorization, success log-on screen,
session timeouts, and remediation (if applicable)
Begin migrating users/endpoints and begin testing. All testing shall conform to the Testing
and Acceptance document drafted and agreed upon during the Network Design and
Discovery Workshop