Cisco Boosts TrustSec Network Security

By Sean Michael Kerner | Mar 2, 2010 | Print this Page
http://www.enterprisenetworkingplanet.com/news/article.php/3868051/Cisco-Boosts-TrustSec-Network-Security.htm

How do you establish trust on a network?

Back in 2003, networking giant Cisco introduced the concept of NAC (Network Access Control) to help secure networks by ensuring that only healthy endpoints are granted admission. It expanded the idea in 2007 with the initial announcement of a new technology called TrustSec, which was supposed to provide additional identity and trust attributes on top of NAC. Yet after the initial TrustSec announcement, Cisco has remained largely quiet on the topic -- until now.

Cisco today announced the expansion of TrustSec to help create identity secured networks. The TrustSec news is being accompanied with the expansion of Cisco's AnyConnect VPN initiative, which also first debuted in 2007, to now bring secure networking VPN technology to mobile devices.

"What we're announcing is that we are now shipping some of the Catalyst and Nexus switches with the capability for TrustSec," Cisco Product Line Manager Horacio Zambrano told InternetNews.com. "It's really about the ability to add encryption features to the infrastructure so you can have better security and have support for 802.1x , which provides a stronger view of who is connecting to your network."

Zambrano added that today's moves expand on Cisco's efforts in 2007 to begin highlighting the importance of identity-aware networking. For example, he said, if a guest or contractor comes into a conference room and plugs into a port, the enterprise until now hasn't had a good way to cordon off how much of the corporate infrastructure they could see.

Additionally, Zambrano added that there wasn't a good way of logging what those contractors did while on the network.

"So the key part of TrustSec is support for 802.1x, will allow us to have a clear notion of who is connecting to what and from where, and we'll be tagging packets so we'll know what they're doing on the network," he said.

With TrustSec, Zambrano noted that the overall network access is secured as well. He added that previously, a contractor might have had open visibility to the network and could potentially even have been able to sniff all network traffic. Now, with the expansion of TrustSec, packets are now encrypted and tagged, so intelligent switches can determine if an employee or guest can have access to a resource within a network.

Zambrano also noted that TrustSec is more than just NAC, which provides a pre-admission health check to ensure that only trusted endpoints are allowed on a network. NAC can also be configured to have post-admission health checks, which can ensure that an endpoint remains in compliance while connected to the network.

"What we're doing with TrustSec is now creating a level of intelligence with identity and policy at the switch level," Zambrano said. "So you don't need to have NAC to have that type of policy, though NAC is still part of the strategy."

Cisco AnyConnect Secure Mobility Client

Cisco is also expanding its AnyConnect secure VPN initiative with the release of the AnyConnect Secure Mobility Client. The new secure mobility client is intended to provide mobile users with secure remote access to corporate assets by way of a VPN tunnel. The new client is being paired with backend security by way of the Cisco IronPort S-Series Web Security Appliance.

Cisco has been deploying AnyConnect clients for secure remote access since 2007. Now, the secure mobility client extends the models to more mobile platforms. It's a similar mobile security strategy to one that rival networking vendor Juniper recently announced.

"With AnyConnect, we're expanding the number of platforms we cover. Previously, we covered Windows, Mac and Linux, and now we're broadening that across all of the major enterprise mobility platforms including iPhone, Blackberry, Symbian and Palm," Zambrano said.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.