Cisco TrustSec Bedienungsanleitung PDF herunterladen (Seite 6)

Cisco TrustSec also supports the IEEE 802.1X-REV MACsec Key Agreement (MKA) standards-based key

exchange protocol. 802.1X-REV builds on 802.1X to support additional capabilities such as authentication of

multiple devices on a single switch port and keying material exchange for 802.1AE devices. 802.1X-REV

enhances crypto key management capabilities to assist 802.1AE standard-based data encryption.

Authorization

After network users and devices are authenticated and confirmed to comply with an organization’s security policy,

they are allowed network access. Their subsequent resource and service entitlement is accomplished by the

authorization process. Cisco TrustSec supports multiple authorization methods, including ACLs, VLANs, and

Security Group Access (SGA).

These choices help organizations design their security architecture and services offerings with maximum flexibility

and effectiveness. Downloadable, per-session ACLs and dynamic VLAN assignments can be implemented at the

ingress point where users and devices gain their initial entry to the network. In addition, SGA allows user identity

information to be captured and tagged with each data packet. Security Group Access Control List (SGACL) can be

implemented at an egress point where a network resource (such as a file server) is located. SGA-based access

control allows organizations to keep the existing logical design at the access layer, and with flexible policies and

services, to meet different business requirements without having to redeploy the security controls. Cisco TrustSec

also delivers Change of Authorization (CoA) based on RFC3576 RADIUS Disconnect Messages, which allows

session-based, on-demand authorization to support advanced services such as IP telephony integration.

Services

Cisco TrustSec provides secure guest access while delivering a high-quality user experience. The guest access

service supports guest access provisioning, notification, management, and reporting. Supported guest access

methods include both local LAN and wireless.

Cisco TrustSec delivers high-precision endpoint profiling by automatically identifying and classifying devices by

collecting endpoint data through the built-in ISE probes or network-based device sensors on the Cisco Catalyst

switching and wireless infrastructure, and further refining the classification with directed, policy-based active

endpoint scanning technology. This service provides visibility, intelligence, and automation to Cisco TrustSec

deployments in the most efficient and scalable manner, reducing the ongoing maintenance cost.

Many organizations have strict endpoint device posture requirements such as the appropriate operating system,

configurations and required system patches, as well as security software such as antivirus applications. The Cisco

TrustSec solution includes endpoint agents that provide posture assessment and remediation to bring endpoint

devices into compliance with security requirements. These services integrate with a wide range of endpoint

security applications, and support built-in policies for more than 350 applications from leading antivirus and

management software solution providers. Advanced features such as single-sign-on with Active Directory and

silent remediation greatly reduce the impact on end users. Planned integration with the leading MDM solutions will

further enhance organizations’ ability to ensure mobile device compliance with their security policies.

Cisco TrustSec supports Multi-Domain Authentication (MDA) that allows for the secure deployment of IP

telephony, whether a Cisco or a third-party IP phone is used. Cisco Catalyst switches can be configured to secure

data and voice VLANs on a single switch port. With MDA, a phone, with or without a supplicant, is authenticated

and subsequently placed in the voice VLAN (or domain). Any device connecting through the phone Ethernet port

will be authenticated first before access is allowed via a data VLAN.

1 2 3 4 5 6 7 8 9 10

Keine Kommentare

Cisco TrustSec Bedienungsanleitung Seite 6