Cisco® Trust Agent is a core component of the Network Admissions Control (NAC) solution.
NAC is a set of technologies and solutions built on an industry initiative led by Cisco Systems
®. NAC uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats such as viruses, worms, and spyware.
Cisco Trust Agent is client software that must be installed on hosts whose host policy state requires validation prior to permitting network access. A core component of NAC, Cisco Trust Agent allows NAC to determine if Cisco Security Agent, antivirus software, or other required third-party security or management software is installed and current. It also provides information about the OS version and patch level.
Cisco Trust Agent is available at no charge. It can be obtained directly from Cisco as a standalone application or bundled with Cisco Security Agent. It can also be obtained from NAC participants.
Cisco Trust Agent:
• Allows NAC to validate the posture of applications on managed assets
• Works in wired, wireless, remote-access, and remote office environments
• Is supported by a wide range of third-party vendors
• Is available on Windows and Red Hat Linux operating systems
• Is easy to deploy, lightweight to run, and free
Features and Benefits
Cisco Trust Agent:
• Acts as a middleware component that takes host policy information and securely communicates the information to the authentication, authorization, and accounting (AAA) policy server. Small and nonintrusive, Cisco Trust Agent can communicate the Cisco Security Agent version, OS, and patch version, as well as the presence, version, and other posture information of third-party applications that are part of the NAC initiative.
• Interacts directly with "NAC-enabled" applications running on the host without user intervention. Cisco Trust Agent will communicate with the NAC-enabled applications through communications channels integrated by NAC participants in their applications. There are currently more than 50 participants in the NAC initiative, including leading antivirus, client security, and patch management vendors.
• Can communicate at Layer 3 or Layer 2 using built-in communication components. Cisco Trust Agent includes both a Layer 3 communication component using Extensible Authentication Protocol over User Datagram Protocol (EAPoUDP), as well as an 802.1x supplicant, allowing Layer 2 communications.
• Includes an 802.1x supplicant for Layer 2 communications in wired environments. Cisco Trust Agent for Windows includes a free 802.1x supplicant based on technology from Meetinghouse Data Communications. This supplicant can be replaced by a full retail supplicant from third-party vendors for NAC in both wired and wireless environments.
• Authenticates the AAA server. Cisco Trust Agent validates the requestor through encrypted communications with the AAA server.
• Allows customers to build scripts for custom information gathering. Cisco Trust Agent offers an interface to receive information from customer-written scripts and make that information available for the posture validation process.
• Integrates with Cisco Security Agent and can be distributed by NAC participants with their applications for simplified management and distribution. Cisco Trust Agent is also available for download at no charge from Cisco.com as a standalone application.
Network Admissions Control Product Architecture
NAC is composed of several essential components (see Figure 1), including:
• Communications agent: The Cisco Trust Agent software tool collects security state information from security software solutions on the endpoint and communicates this to the network access device using EAPoUDP or over 802.1x (EAPoL). Cisco Trust Agent resides both on top of the TCP/IP stack and on 802.1x.
• Network access devices: Every device seeking network access initially contacts a network access device (router, switch, VPN concentrator, or firewall). These devices demand endpoint security "credentials" through Cisco Trust Agent and relay this information to the policy servers for an admission decision.
• Policy servers: Cisco Secure Access Control Server (ACS) and third-party vendor policy servers evaluate endpoint security credentials relayed from the network access device and determine the appropriate access policy to be applied (permit, deny, quarantine, or restrict).
Figure 1. Cisco Trust Agent Architecture Overview
Cisco Trust Agent allows NAC to use existing infrastructure investments, which extends the value of Cisco network devices, Cisco Security Agent software, and third-party security software, including antivirus and other third-party endpoint security and patch management technology investments.
Table 1 lists product specifications for Cisco Trust Agent 2.0.
Table 1. Product Specifications for Cisco Trust Agent 2.0
Cisco Trust Agent 2.0
Cisco Trust Agent 2.0 works with:
• Cisco Security Agent 4.0.2 and later
• AhnLab V3Pro2004 for NAC 6.0
• BigFix Enterprise Suite 5 and later
• Citadel Hercules 4.0
• Computer Associates eTrust AntiVirus 6, 7, and 7.1, and eTrust PestPatrol 5
• IBM Tivoli Security and Identity Management Product Suite
• InfoExpress CyberGatekeeper Server 3.1 and CyberGatekeeper Policy Manager 3.1
• McAfee VirusScan 7.x and 8.0i
• Senforce Endpoint Security Suite 3
• Symantec AntiVirus 9.0 and Symantec Client Security 2.0
• Trend Micro OfficeScan Corporate Edition 6.5 and later
More vendors continue to support and integrate Cisco Trust Agent. Vendor support and integration for Cisco Trust Agent are independent of the Cisco release schedule. Cisco Trust Agent 2.0 is also available for free download from Cisco.com.
Table 2 lists the system requirements for Cisco Trust Agent 2.0.
Table 2. System Requirements for Cisco Trust Agent 2.0
Cisco Trust Agent 2.0
• 5 MB of available hard disk space (20 MB recommended)
• Single or multiple Pentium processors, 200 MHz or faster
• Network connection
• 128 MB RAM minimum for Windows NT and Windows 2000
• 256 MB RAM minimum for Windows XP and Windows 2003
• Supports the following operating systems:
• Windows NT 4.0
• Windows 2000 Professional and Server (Service Pack 4)
• Windows XP Professional (up to Service Pack 2)
• Windows 2003
• Red Hat Linux Enterprise Linux 3.0
Note: Only English (United States) and Japanese language versions of operating systems have been tested. There are no known issues on any other language versions.