What are the components of trusted Network?

A trusted network architecture facilitate information about the hardware and software states of devices in admission and access control decisions. When a device first “joins” the network, its hardware and software are tested; depends on these checks, the appropriate access control rules are used dynamically to the user, device and traffic.

In a trusted network, a user device determined to join the network connects its request to the NAD. The NAD creates the client device’s identity using EAP over the 802.1x protocol and sends the results to the AAA server utilizing the RADIUS protocol. The AAA server fix a document of posture authorization requirements and the addresses of the suitable PVSs.

The user then validates its posture with each of the PVSs. If the user is in agreement, the results are sent to the AAA server utilizing the HCAP protocol. On the other hand, if the client lacks one or more requirements, the appropriate posture remediation servers suggest remediation actions to the client.

The directory server determines the user group or role. Given some results from the PVSs and the directory server, the AAA server decides the set of rules that use to the user access and traffic and sends them to the NAD for enforcement.

The policy influence by the AAA server is in the form of an authentication requirement and a record of posture validation requirements. For example, tokenbased authentication can be needed and postures should be validated with the antivirus server, patch administration server and driver validation server.

There are several components of trusted network which are as follows −

Client Device − Each client device should be computed prior to admission to a TN.

Network Access Device − All connectivity to a trusted network is executed through a network access device (NAD), which implement policy. NAD functionality can exist in devices including switches, routers, VPN concentrators and wireless access points.

Authentication, Authorization and Access Control Server − The authentication, authorization and access control (AAA) server supports the policy and supports rules to NADs depends on the results of authentication and posture validation.

Posture Validation Servers − Posture validation servers (PVSs) compute the compliance of a user before it can join a TN. A PVS is frequently a specialization for one user attribute such as operating framework version and patch or virus signature release.

Posture Remediation Servers − These servers supports remediation options to a user device in case of non-compliance. For instance, a server can maintain the current virus signatures and needed a non-compliant client device to load the signatures before joining a TN.

Directory Server − This server authenticates user devices depends on their identities or roles.

Other Servers − These contains trusted versions of Audit, DNS, DHCP and VPN servers.

Updated on: 04-Mar-2022


Kickstart Your Career

Get certified by completing the course

Get Started