Cisco Trust Agent

Cisco® Trust Agent is a core component of the Network Admissions Control (NAC) solution.

Product Overview

• Allows NAC to validate the posture of applications on managed assets

• Works in wired, wireless, remote-access, and remote office environments

• Is supported by a wide range of third-party vendors

• Is available on Windows and Red Hat Linux operating systems

• Is easy to deploy, lightweight to run, and free

Features and Benefits

• Acts as a middleware component that takes host policy information and securely communicates the information to the authentication, authorization, and accounting (AAA) policy server. Small and nonintrusive, Cisco Trust Agent can communicate the Cisco Security Agent version, OS, and patch version, as well as the presence, version, and other posture information of third-party applications that are part of the NAC initiative.

• Interacts directly with "NAC-enabled" applications running on the host without user intervention. Cisco Trust Agent will communicate with the NAC-enabled applications through communications channels integrated by NAC participants in their applications. There are currently more than 50 participants in the NAC initiative, including leading antivirus, client security, and patch management vendors.

• Can communicate at Layer 3 or Layer 2 using built-in communication components. Cisco Trust Agent includes both a Layer 3 communication component using Extensible Authentication Protocol over User Datagram Protocol (EAPoUDP), as well as an 802.1x supplicant, allowing Layer 2 communications.

• Includes an 802.1x supplicant for Layer 2 communications in wired environments. Cisco Trust Agent for Windows includes a free 802.1x supplicant based on technology from Meetinghouse Data Communications. This supplicant can be replaced by a full retail supplicant from third-party vendors for NAC in both wired and wireless environments.

• Authenticates the AAA server. Cisco Trust Agent validates the requestor through encrypted communications with the AAA server.

• Allows customers to build scripts for custom information gathering. Cisco Trust Agent offers an interface to receive information from customer-written scripts and make that information available for the posture validation process.

• Integrates with Cisco Security Agent and can be distributed by NAC participants with their applications for simplified management and distribution. Cisco Trust Agent is also available for download at no charge from Cisco.com as a standalone application.

Network Admissions Control Product Architecture

• Communications agent: The Cisco Trust Agent software tool collects security state information from security software solutions on the endpoint and communicates this to the network access device using EAPoUDP or over 802.1x (EAPoL). Cisco Trust Agent resides both on top of the TCP/IP stack and on 802.1x.

• Network access devices: Every device seeking network access initially contacts a network access device (router, switch, VPN concentrator, or firewall). These devices demand endpoint security "credentials" through Cisco Trust Agent and relay this information to the policy servers for an admission decision.

• Policy servers: Cisco Secure Access Control Server (ACS) and third-party vendor policy servers evaluate endpoint security credentials relayed from the network access device and determine the appropriate access policy to be applied (permit, deny, quarantine, or restrict).

Figure 1. Cisco Trust Agent Architecture Overview

Product Specifications

Table 1. Product Specifications for Cisco Trust Agent 2.0

System Requirements

Table 2. System Requirements for Cisco Trust Agent 2.0

For More Information