Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2298
Views
0
Helpful
0
Comments

questions about trust sec

referinfo
Level 1
Level 1

‎01-11-2010 07:26 PM - edited ‎03-01-2019 04:29 PM

i read some articles about cisco's trustsec,the main merits are :sec the datapath(by 802.1AE);unified policy;role based access control.but i still have some questions:

1 i know Trusted computing Group,an orgnizaiton whose object is to build a more secure envorienment: PC,network etc.they have some WGs,one of them is TNC,Trusted netwok connected.recently i am also doing  some studying on trusted network,related to TCG's TNC.Why we use IPS,firewall to protect our campus and data center network before we use it?becase we don't trust it,we believe there must be virus and attacks in it.can we build a trusted campus network ,a trusted datacenter network without IPS,firewall(that is we trust the network).This is the content of my studying.does cisco'trustsec has something to do with the trusted network i mentioned here?--raise the secure level of the network to make it more trusted?

2 there are some working steps of trustsec:authentication,authorization and secure parameter negotiation.can you describe the initial scenario when all the switches unauthenticated(following pic shows 4 switches forming a loop,ACS server connects to switch2),and how they are authenticated by ACS server or by each other step by step and finally build the secure domain?there is a special switch called "seed",and does it play special function during the initial authentication process? I thinked it over and over and can not figure it out.

switch1-------switch2----ACS server

|                |

switche3------switch4

3  the working process said   "ingress tagging,egress filtering and packet will take with the tag along  the path".Is the tag packaged into the head of macsec packet?if yes,how is it transfered all the way because macsec is only for local link,i don't know how the tag infomation is transfered from the client,transiting multiple switches and to the server finally?i think trustsec can do all these actions on egress switches only:egress tagging ,egress filtering,why don't you suggest that?

4 trustsec seems like the cisco's private technology,how do you think to cooperation with other vendor's products? or do you do some work to let it be a standard in the future?

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents