BRKSEC-2022 Demystifying TrustSec, Identity, NAC and ISE Wednesday, February 1: 16:00
A very polished presentation of the concept of TrustSec. This session was a technical breakout that was to help demystify the technology behind the Cisco TrustSec System, including the Identity Services Engine.
TrustSec was explained as the next generation NAC, a system approach to Access Control. The opening to the session was just great and really set the scene about what identity is, take a look at the youtube video and you will see what I mean, it was used in the presentatioin.
The content of the session actually was more focused around Authoriization than Authentication. It was stressed in the presentation that Authorization is the biggest part of AAA.
There was a lot of information about 802.1x, and the default behaviour of Cisco switches with regard to 802.1x.I noticed that most of the sessions I have attended have in some way referred to 802.1x. I suppose this should not come as a suprise to me looking at all the security sessions I have attended, brush up on 802.1x its the future (Garlic Bread).
Soultions to devices that can not authenticate were also covered using MAB (Mac Authentication Bypass).
Profiling was also covered, with best guess sometimes to the posture of the client, can it do X Y or Z, it all looked like Cisco Secure Desktop though this was never mentioned.
The main thrust of the presentation was ISE. ISE is the next generation of RADIUS Sever, it did look like the ACS as a product will not survive.
