Cisco Identity-Based Networking Services: Innovative and Scalable Security for Customers
PDF(100.6 KB) View with Adobe Reader on a variety of devices
Updated:June 2, 2009
® Identity-Based Networking Services (IBNS) is an innovative security solution that provides the foundation for authentication, access control, and policy enforcement at the network edge. Cisco IBNS helps customers strengthen their security while increasing user productivity, reducing operational costs, improving visibility, and addressing compliance.
The latest edition of the Cisco IBNS solution comprises a set of Cisco IOS
® Software services powered by Cisco Catalyst
® switches, Cisco WLANs, and other components, including Cisco Secure Services Client (SSC), Cisco Secure Access Control System (ACS), and Cisco NAC Profiler.
One of the core elements of Cisco IBNS is IEEE 802.1X, an industry standard for port-based authentication and network access control. The latest Cisco IBNS solution advances the usability and deployability of 802.1X by introducing an innovative phased and scenario-based deployment strategy that can be used to roll out IBNS with minimal impact to end users.
For instance, customers can choose one of three deployment modes, depending on their readiness and security requirements:
• Monitor mode: Provides visibility into end-user network access activities, assessment, and policy evaluation information.
• Low-impact mode: Enables differentiated access through policy-driven downloadable access control lists (dACLs), based on user identity information.
• High security mode: Delivers the highest security level of LAN-based access, where access cannot be granted unless authentication succeeds.
These deployment modes have gone through comprehensive system testing to help ensure solution quality and platform consistency across Cisco Catalyst switches.
Other new features in this edition of Cisco IBNS include:
• Flexible authentication that provides a flexible fallback mechanism among IEEE 802.1X, MAC authentication bypass (MAB), and web authentication methods
• IEEE 802.1X with multi-auth to allow more than one host to authenticate on an IEEE 802.1X-enabled switch port
• Expanded IP telephony support through enhancements to Cisco Discovery Protocol and multidomain authentication
Cisco SSC 5.1 offers advanced supplicant features to support authentication in both wired and wireless network environments, with enhancements such as VPN integration and post-connection script launch capabilities.
Cisco Secure ACS is a next-generation policy platform for centralized network identity and access control. Secure ACS 5.0 features a simple yet powerful rule-based policy model and a new, intuitive management interface designed for optimum control and visibility.
Cisco NAC Profiler dynamically identifies endpoint devices and manages these devices intelligently based on predefined security policies. By integrating with Cisco NAC Profiler, the Cisco IBNS solution helps customers simplify the deployment of support devices that do not have supplicants (such as printers or IP phones) and reduce administrative tasks associated with new devices, device moves, and replacements.
Cisco IBNS is an integral part of the overall Cisco security portfolio. In addition to its ability to provide authentication, access control, and policy enforcement at the network edge, Cisco IBNS also provides a foundation for
Cisco NAC and
Cisco Trustsec to deliver further security capabilities.
Cisco offers professional services to help ensure that the Cisco IBNS solution is successfully deployed, with minimal impact to production environments and maximum operational effectiveness. For more information about Cisco Services for IBNS, please contact your local Cisco representative.