Cisco TrustSec Manual de usuario descargar pdf (Pagina 8)

Infrastructure Components

Cisco Catalyst 2960,3560,3750,4500, and 6500 Series Switches, Cisco Nexus 7000,5000, and 2000 Series

Switches, Cisco Wireless LAN Controllers, Cisco Integrated Services Router Generation 2 (ISR-G2) platforms,

and Cisco ASR 1000 Series Aggregation Services Routers interact with network users for authentication and

authorization. Access to the wired or wireless network is dictated by policy, user identity, and other attributes.

Flexible authentication methods include 802.1X, web authentication, and MAC authentication bypass, all

controlled in a single configuration for each switch port. Device sensors in the wired and wireless infrastructure

automatically detect and help to classify devices attached to the network with minimal effort. Furthermore, Cisco

switches that use SGA technology can tag each data packet with user identity information so that further controls

can be deployed anywhere in the network.

In addition, Cisco Nexus switches support MACsec (IEEE 802.1AE standard encryption) today for data-in-motion

confidentiality and integrity protection.

For the latest matrix of the TrustSec features available on different Cisco platforms, please refer to

http://www.cisco.com/go/trustsec.

Policy Components

The Cisco Identity Services Engine is a next-generation identity and access control policy platform that enables

enterprises to enforce compliance, enhance infrastructure security, and streamline service operations. Its unique

architecture allows enterprises to gather real-time contextual information from networks, users, and devices to

make proactive governance decisions by enforcing policy across the network infrastructure. The Cisco Identity

Services Engine is an integral component of the Cisco TrustSec solution that helps secure and govern Borderless

Networks.

The Cisco Identity Services Engine provides a highly powerful and flexible attribute-based access control solution

that combines authentication, authorization, and accounting (AAA); posture; profiling; and guest management

services on a single platform. Administrators can centrally create and manage access control policies for users

and endpoints in a consistent fashion, and gain end-to-end visibility into everything that is connected to the

network. The Cisco Identity Services Engine automatically discovers and classifies endpoints, provides the right

level of access based on identity, and provides the ability to enforce endpoint compliance by checking a device’s

posture. The Cisco Identity Services Engine also provides advanced enforcement capabilities, including SGA

through the use of Security Group Tags (SGTs), Security Group Access Control Lists (SGACLs), and Security

Group Firewalls (SG-FW).

Endpoint Components

Cisco AnyConnect

™

provides reliable and easy-to-deploy encrypted network connectivity from any Apple iOS 4

device by delivering persistent corporate access for users on the go. Cisco AnyConnect enables business-critical

application connectivity. In addition, the Cisco NAC Agent provides endpoint information regarding device posture

and assists with endpoint remediation. It can be deployed as a persistent agent or as a temporal web-based

agent.

1 2 3 4 5 6 7 8 9 10

Sin comentarios

Cisco TrustSec Manual de usuario Pagina 8