David’s Cisco Networking Blog

Dec 10 2007   3:27PM GMT

What is Cisco TrustSec?



Posted by: David Davis
Tags:
Cisco
Security

I recently read a NetworkWorld article where learned about a new Cisco security framework called “TrustSec”. TrustSec is a new Cisco Security Framework (I know, you are saying “another one???”). The new TrustSec framework is an add-on to the Cisco Self-defending network.

TrustSec is “intended to determine, through policies, the role of users and devices in the network before granting access to resources.”

Bob Gleichauf, CTO of Cisco’s Security Technology Group, says “We’re getting this threat defense thing down pretty good; now let’s start worrying about where we can go in the network.” And that is exactly what TrustSec does.

So what that means is that, not only are the devices connecting to the network authorized by NAC, that “authorization” stays with them as they conduct their business on the network. Once their “businesss” is done, they must be reauthorized to perform another “transaction” on the network. And, as they use this authorization, every switch and router is aware of who they are and their credentials.

Although I know they aren’t the same, this reminds me of Kerberos security because of the concepts of the “ticket” and the “ticket granting server”, etc.

TrustSec is set to be available for Cisco Catalyst 6500 switches in early 2008 and, over the next 18 months, it is supposed to be available for the entire switch lineup.

What do you think of this concept? Please post your comments here!
-David
Personal Website: HappyRouter.com – home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Faraz81
    Where is the difference then ? The regular dot1x is doing the same user based authentication . What do you mean my roles or users
    0 pointsBadges:
    report
  • Nashbstn
    I used to be a huge Cisco fan but lately I've been wondering if they haven't been spreading themselves a bit thin. There are certainly some unanswered questions about Trustsec's performance/reliability. The concept, however, is fantastic. One thing I found useful is to have succint talking points and this artcle breaks it down nicely. http://blogs.carouselindustries.com/network/4-reasons-why-your-network-needs-to-be-“identity-aware”/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+CarouselConnect+%28Carousel+Connect%29 Let's face it, it's not just what you say it's how you say it.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: