Posted by: David Davis
I recently read a NetworkWorld article where learned about a new Cisco security framework called “TrustSec”. TrustSec is a new Cisco Security Framework (I know, you are saying “another one???”). The new TrustSec framework is an add-on to the Cisco Self-defending network.
TrustSec is “intended to determine, through policies, the role of users and devices in the network before granting access to resources.”
Bob Gleichauf, CTO of Cisco’s Security Technology Group, says “We’re getting this threat defense thing down pretty good; now let’s start worrying about where we can go in the network.” And that is exactly what TrustSec does.
So what that means is that, not only are the devices connecting to the network authorized by NAC, that “authorization” stays with them as they conduct their business on the network. Once their “businesss” is done, they must be reauthorized to perform another “transaction” on the network. And, as they use this authorization, every switch and router is aware of who they are and their credentials.
Although I know they aren’t the same, this reminds me of Kerberos security because of the concepts of the “ticket” and the “ticket granting server”, etc.
TrustSec is set to be available for Cisco Catalyst 6500 switches in early 2008 and, over the next 18 months, it is supposed to be available for the entire switch lineup.
What do you think of this concept? Please post your comments here!
Personal Website: HappyRouter.com – home of Cisco how-to articles & videos
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series