Networking Technology: Security – serie

Today's organizations need a new security model that more effectively adapts to the complexity and risks of modern environments, embraces hybrid workplaces, and protects people, devices, apps, and data wherever they're located. Zero Trust is the first model with the potential to do all that. Zero Trust Architecture: Theory, Implementation, Maintenance, and Growth is the first comprehensive guide for architects, engineers, and other technical professionals who want to move from Zero Trust theory to implementation and successful ongoing operation.

A team of Cisco's leading experts and implementers offer the most comprehensive and substantive guide to Zero Trust, bringing clarity, vision, practical definitions, and real-world expertise to a space that's been overwhelmed with hype. The authors explain why Zero Trust identity-based models can enable greater flexibility, simpler operations, intuitive context in the implementation and management of least privilege security. Then, building on Cisco's own model, they systematically illuminate methodologies, supporting technologies, and integrations required on the journey to any Zero Trust identity-based model.

Through real world experiences and case study examples, you'll learn what questions to ask, how to start planning, what exists today, what solution components still must emerge and evolve, and how to drive value in the short-term as you execute on your journey towards Zero Trust.

Securing Enterprise Networks with Cisco Meraki

Discover the Power of Cisco Meraki

Unlock the full potential of Cisco Meraki with this in-depth guide, designed to help you build and secure modern, cloud-managed networks. Cisco Meraki offers a unique, cloud-managed IT platform that integrates seamlessly with Cisco’s traditional products and other third-party tools. Whether you’re a new Meraki customer, an experienced network engineer, or an IT manager looking to streamline operations, this book provides you with the knowledge and practical steps needed to secure enterprise networks effectively.

In a world where cybercrime is an ever-present threat, Meraki’s cloud-managed solutions offer a robust alternative to traditional wired and wireless networks. This book not only introduces you to the fundamentals of Meraki but also dives deep into advanced security configurations, industry best practices, and real-world use cases. By the end of this book, you’ll be equipped to implement Meraki solutions that meet stringent IT security standards and frameworks, ensuring your network is not just operational but resilient and secure.

With this book as your guide, you will gain the skills to deploy secure, cloud-managed networks using Cisco Meraki. You will learn

Meraki’s History: Understand the evolution of Meraki from a research project at MIT to a key player in Cisco’s portfolio. Security Frameworks and Industry Best Practices: Learn about the essential IT security standards and frameworks and how Meraki can help you meet these requirements. Meraki Dashboard and Trust: Get familiar with the Meraki management portal and understand the considerations for adopting cloud-managed infrastructure. Role-Based Access Control (RBAC): Discover how to implement RBAC to enforce the principle of least privilege within your network. Securing Administrator Access to Meraki Dashboard: Master the configuration of strong authentication methods, including multifactor authentication (MFA) and SAML single sign-on (SSO). Security Operations: Explore the native Meraki tools and external solutions for compliance reporting, centralized logging, and incident response. User Authentication: Delve into the setup of authentication infrastructures supporting wired, wireless, and VPN access, including Meraki Cloud Authentication, SAML, and RADIUS. Wired and Wireless LAN Security: Learn how to secure your LAN with features like 802.1X authentication, firewalling, and adaptive policies.

SSE, SASE, and Zero Trust: Mastering Security Beyond Borders with Next-Gen Edge Technologies is the essential guide for securing the modern, cloud-connected enterprise. Covering the three most influential network security architectures of our time--Secure Services Edge (SSE), Secure Access Service Edge (SASE), and Zero Trust--this book demystifies how these technologies work, why they matter, and how to implement them effectively.

Whether you're modernizing a global enterprise, securing a remote workforce, or preparing for the next evolution of cybersecurity, this comprehensive resource delivers the clarity, strategy, and practical steps needed to build a resilient security foundation.

Written for IT leaders, cybersecurity professionals, network engineers, and students entering the field, SSE, SASE, and Zero Trust blends foundational knowledge with real-world design patterns, migration frameworks, and best practices. You’ll learn how these solutions work individually--and how they combine to form a holistic, future-ready security architecture.

If you’re looking for a single resource that ties together cloud security, network transformation, and Zero Trust principles, this is the guide you’ve been waiting for.

What You Will Learn

The core principles of SSE, SASE, and Zero Trust, explained in clear, practical terms How these architectures work together to secure modern, cloud-first environments Proven design patterns and deployment guidance for cloud-delivered security Best practices for protecting hybrid workforces and distributed networks How to evaluate vendors, plan migrations, and reduce legacy complexity Strategies to prevent lateral movement and protect data everywhere Practical examples, case studies, diagrams, and actionable, real-world guidance How to future-proof your security strategy in a rapidly evolving threat landscape

Who This Book Is For

This book is written for:

Cybersecurity analysts, engineers, and architects Network administrators and infrastructure teams CISOs, IT directors, and technology decision-makers Cloud and network architects designing modern environments Consultants, integrators, and managed service providers Students and professionals preparing for or advancing cybersecurity careers Anyone responsible for securing cloud, remote, or hybrid networks

Whether you’re a seasoned security professional or just beginning to explore modern security frameworks, this book will give you the knowledge and confidence to design scalable, effective, and resilient security solutions.

Why This Book Stands Out

A Complete View of Modern Security Connects SSE, SASE, and Zero Trust into a single, cohesive framework—not siloed concepts. Strategic and Hands-On Balances executive-level guidance with practical, technical implementation details. Holistic by Design Integrates identity, networking, cloud security, and Zero Trust into one unified approach. Built for What’s Next Addresses emerging threats and evolving architectures to help you stay ahead of change.

Securing AI Using Zero Trust Principles

Strategic Guidance for Defending AI Systems in a Rapidly Evolving Threat Landscape

Artificial intelligence is reshaping industries, driving innovation in critical sectors such as healthcare, finance, energy, and government. Yet, as organizations integrate AI into business operations, they inherit new risks, many of which conventional security models fail to address. Adversaries are weaponizing AI to automate reconnaissance, bypass defenses, and exploit vulnerable systems. The solution is not more trust, but less.

Zero Trust offers a foundational paradigm shift: no identity, device, system, or interaction is inherently trusted. Security must be continuously enforced, context-aware, and resilient by design. This book demonstrates how Zero Trust, when strategically applied to AI environments, enables organizations to secure data pipelines, mitigate emergent threats, and maintain control over evolving digital ecosystems.

Key insights include

AI Through a Security Lens: Demystifies machine learning, generative AI, and large language models with a focus on operational and business impact. Zero Trust Foundations: Provides a historical and architectural overview of Zero Trust, including Cisco’s Five Zero Trust Categories. Security by Design for AI: Offers guidance on protecting AI development workflows, from data ingestion and model training to inference and deployment. Threat Mitigation Strategies: Addresses adversarial AI, data poisoning, shadow AI, and insider misuse through identity enforcement, segmentation, and telemetry. Strategic Execution: Maps Zero Trust principles to regulatory frameworks including NIST AI RMF, EU AI Act, DORA, and ISO 27001, and provides actionable templates for running successful Zero Trust Segmentation Workshops.

Who Should Read This Book:

CISOs and security architects building AI-resilient architectures AI and data leaders embedding AI into enterprise infrastructure Risk, compliance, and governance professionals navigating regulatory change Technical teams seeking secure-by-design methodologies for AI initiatives

Why This Matters Now:

AI systems are expanding faster than most organizations can govern them. The risks, ranging from operational disruption to model corruption, require proactive, architectural defenses. This book bridges the gap between AI innovation and trusted enterprise security.

Securing AI Using Zero Trust Principles delivers the strategic playbook for building resilient, trustworthy, and standards-aligned AI systems that can withstand the threats of today and tomorrow.

Create and manage highly-secure Ipsec VPNs with IKEv2 and Cisco FlexVPN

The IKEv2 protocol significantly improves VPN security, and Cisco’s FlexVPN offers a unified paradigm and command line interface for taking full advantage of it. Simple and modular, FlexVPN relies extensively on tunnel interfaces while maximizing compatibility with legacy VPNs. Now, two Cisco network security experts offer a complete, easy-tounderstand, and practical introduction to IKEv2, modern IPsec VPNs, and FlexVPN.

The authors explain each key concept, and then guide you through all facets of FlexVPN planning, deployment, migration, configuration, administration, troubleshooting, and optimization. You’ll discover how IKEv2 improves on IKEv1, master key IKEv2 features, and learn how to apply them with Cisco FlexVPN.

IKEv2 IPsec Virtual Private Networks offers practical design examples for many common scenarios, addressing IPv4 and IPv6, servers, clients, NAT, pre-shared keys, resiliency, overhead, and more. If you’re a network engineer, architect, security specialist, or VPN administrator, you’ll find all the knowledge you need to protect your organization with IKEv2 and FlexVPN.

Understand IKEv2 improvements: anti-DDoS cookies, configuration payloads, acknowledged responses, and more Implement modern secure VPNs with Cisco IOS and IOS-XE Plan and deploy IKEv2 in diverse real-world environments Configure IKEv2 proposals, policies, profiles, keyrings, and authorization Use advanced IKEv2 features, including SGT transportation and IKEv2 fragmentation Understand FlexVPN, its tunnel interface types, and IOS AAA infrastructure Implement FlexVPN Server with EAP authentication, pre-shared keys, and digital signatures Deploy, configure, and customize FlexVPN clients Configure, manage, and troubleshoot the FlexVPN Load Balancer Improve FlexVPN resiliency with dynamic tunnel source, backup peers, and backup tunnels Monitor IPsec VPNs with AAA, SNMP, and Syslog Troubleshoot connectivity, tunnel creation, authentication, authorization, data encapsulation, data encryption, and overlay routing Calculate IPsec overhead and fragmentation Plan your IKEv2 migration: hardware, VPN technologies, routing, restrictions, capacity, PKI, authentication, availability, and more

Fully updated: The complete guide to Cisco Identity Services Engine solutions

Using Cisco Secure Access Architecture and Cisco Identity Services Engine, you can secure and gain control of access to your networks in a Bring Your Own Device (BYOD) world.

This second edition of Cisco ISE for BYOD and Secure Unified Accesscontains more than eight brand-new chapters as well as extensively updated coverage of all the previous topics in the first edition book to reflect the latest technologies, features, and best practices of the ISE solution. It begins by reviewing today’s business case for identity solutions. Next, you walk through ISE foundational topics and ISE design. Then you explore how to build an access security policy using the building blocks of ISE. Next are the in-depth and advanced ISE configuration sections, followed by the troubleshooting and monitoring chapters. Finally, we go in depth on the new TACACS+ device administration solution that is new to ISE and to this second edition.

With this book, you will gain an understanding of ISE configuration, such as identifying users, devices, and security posture; learn about Cisco Secure Access solutions; and master advanced techniques for securing access to networks, from dynamic segmentation to guest access and everything in between.

Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors offer in-depth coverage of the complete lifecycle for all relevant ISE solutions, making this book a cornerstone resource whether you’re an architect, engineer, operator, or IT manager.

· Review evolving security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT

· Understand Cisco Secure Access, the Identity Services Engine (ISE), and the building blocks of complete solutions

· Design an ISE-enabled network, plan/distribute ISE functions, and prepare for rollout

· Build context-aware security policies for network access, devices, accounting, and audit

· Configure device profiles, visibility, endpoint posture assessments, and guest services

· Implement secure guest lifecycle management, from WebAuth to sponsored guest access

· Configure ISE, network access devices, and supplicants, step by step

· Apply best practices to avoid the pitfalls of BYOD secure access

· Set up efficient distributed ISE deployments

· Provide remote access VPNs with ASA and Cisco ISE

· Simplify administration with self-service onboarding and registration

· Deploy security group access with Cisco TrustSec

· Prepare for high availability and disaster scenarios

· Implement passive identities via ISE-PIC and EZ Connect

· Implement TACACS+ using ISE

· Monitor, maintain, and troubleshoot ISE and your entire Secure Access system

· Administer device AAA with Cisco IOS, WLC, and Nexus