Sign in or 
| Version | User | Scope of changes |
|---|---|---|
| Jul 11 2008, 11:13 AM EDT (current) | robboyd | 342 words added |
| Jul 11 2008, 11:10 AM EDT | robboyd |
Changes
Key: Additions Deletions
Podcast Episode 179
Release Date: August 7, 2008
Further Reading: Cisco TrustSec Whitepaper
I don’t have the details on what Cisco has invested over the years to get to this point but we are now starting to see the fruits of their labor become public as the very foundation of how network security is implemented from the ground up. What I am referring to is TrustSec. To fully grasp the enormity of the change being moved on here - lets remind ourselves of how security has been traditionally handled: We had a perimeter whereby everything inside was deemed good and everything outside: bad. simply really. Except for two things: the perimeter has dissolved for all the reasons we are already familiar with AND compliance issues among many others have forced us (quite reasonably of course) to distrust internal users. As an industry we have attempted to solve these new challenges by getting better at examining application flows, implementing policy by looking at traffic...but in general, still fighting the often losing battle of determining role by LOCATION. We fundamentally understand however that a far more accurate determination of role would be by the PERSON of course.
Cisco TrustSec re-factors the problem very creatively. The architecture encompasses these ideas:
1. Make the enterprise network more trustable (increase the confidence about the data that has transited the network);
2. When traffic enters the network tag each packet with an identifier that signifies what is known about it and do so in a way that most directly reflects how that data can be trusted.
3. Filter the data on exit from the network (e.g., at the point the network connects to a server) by acting on the tags.
Simple right? It is an ambitious undertaking as it encompasses technology changes that must be standardized across every device on the network. This is done by making changes to the ethernet packet itself. I told you this was a ground up change. So who better to ask about security and ethernet...than our very own packet monkey, Jimmy Ray.
Release Date: August 7, 2008
Further Reading: Cisco TrustSec Whitepaper
I don’t have the details on what Cisco has invested over the years to get to this point but we are now starting to see the fruits of their labor become public as the very foundation of how network security is implemented from the ground up. What I am referring to is TrustSec. To fully grasp the enormity of the change being moved on here - lets remind ourselves of how security has been traditionally handled: We had a perimeter whereby everything inside was deemed good and everything outside: bad. simply really. Except for two things: the perimeter has dissolved for all the reasons we are already familiar with AND compliance issues among many others have forced us (quite reasonably of course) to distrust internal users. As an industry we have attempted to solve these new challenges by getting better at examining application flows, implementing policy by looking at traffic...but in general, still fighting the often losing battle of determining role by LOCATION. We fundamentally understand however that a far more accurate determination of role would be by the PERSON of course.
Cisco TrustSec re-factors the problem very creatively. The architecture encompasses these ideas:
1. Make the enterprise network more trustable (increase the confidence about the data that has transited the network);
2. When traffic enters the network tag each packet with an identifier that signifies what is known about it and do so in a way that most directly reflects how that data can be trusted.
3. Filter the data on exit from the network (e.g., at the point the network connects to a server) by acting on the tags.
Simple right? It is an ambitious undertaking as it encompasses technology changes that must be standardized across every device on the network. This is done by making changes to the ethernet packet itself. I told you this was a ground up change. So who better to ask about security and ethernet...than our very own packet monkey, Jimmy Ray.
