Cisco 5520 Configuration Guide - Page 25

Introduction - firewall

Get Cisco 5520 - ASA IPS Edition Bundle PDF manuals and user guides
UPC - 746320987088
View all Cisco 5520 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

Introduction CH A P T E R 3 The following sections describe the capabilities of Cisco Secure Desktop (CSD), introduce the Cisco Secure Desktop Manager (CSDM) interface, and describe how to save configuration changes: • CSD Capabilities • Navigation • Saving and Resetting the Running CSD Configuration CSD Capabilities CSD seeks to minimize the risk of information being left after an SSL VPN session terminates. CSD's goal is to reduce the possibility that cookies, browser history, temporary files, and downloaded content remain on a system after a remote user logs out or an SSL VPN session times out. CSD encrypts data and files associated with, or downloaded, during the SSL VPN session. The protection provided by CSD is valuable in case of an abrupt session termination, or if a session times out due to inactivity. Furthermore, CSD stores session information in the secure vault desktop partition; when the session closes, CSD overwrites and attempts to remove session data using a U.S. Department of Defense (DoD) sanitation algorithm to provide endpoint security protection. CSD allows full customization of when and where it is downloaded. It supports profiles of network element connection types (corporate laptop, home PC, or Internet kiosk) and applies a different security policy to each type. These policies include System Detection, which is the definition, enforcement, and restoration of client security in order to secure enterprise networks and data. You can configure System Detection to confirm the presence of the CSD modules Secure Desktop or Cache Cleaner; and antivirus software, antispyware software, personal firewall software, and/or the Microsoft® Windows operating system and service packs on the user's computer as conditions for enabling particular features. Cisco SSL VPN solutions provide organizations with robust and flexible products for protecting the security and privacy of information, and can play an important part in an organization's compliance strategies. No single technology today addresses all security requirements under the proposed standards. In addition, given limitations of the Microsoft operating system, no technology that interoperates with the operating system can ensure the total removal of all data, especially from an untrusted system with potentially malicious third party software installed. However, deployments of Cisco SSL VPN using CSD, when combined with other security controls and mechanisms within the context of an effective risk management strategy and policy, can help to reduce risks associated with using such technologies. OL-8607-02 Cisco Secure Desktop Configuration Guide 3-1

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
CHAPTER
3-1
Cisco Secure Desktop Configuration Guide
OL-8607-02
3
Introduction
The following sections describe the capabilities of Cisco Secure Desktop (CSD), introduce the Cisco
Secure Desktop Manager (CSDM) interface, and describe how to save configuration changes:
CSD Capabilities
Navigation
Saving and Resetting the Running CSD Configuration
CSD Capabilities
CSD seeks to minimize the risk of information being left after an SSL VPN session terminates. CSD’s
goal is to reduce the possibility that cookies, browser history, temporary files, and downloaded content
remain on a system after a remote user logs out or an SSL VPN session times out. CSD encrypts
data and
files associated with, or downloaded, during the SSL VPN session.
The protection provided by CSD is valuable in case of an abrupt session termination, or if a session times
out due to inactivity. Furthermore, CSD stores session information in the secure vault desktop partition;
when the session closes, CSD overwrites and attempts to remove session data using a U.S. Department
of Defense (DoD) sanitation algorithm to provide endpoint security protection.
CSD allows full customization of when and where it is downloaded. It supports profiles of network
element connection types (corporate laptop, home PC, or Internet kiosk) and applies a different security
policy to each type. These policies include
System Detection
, which is the definition, enforcement, and
restoration of client security in order to secure enterprise networks and data. You can configure System
Detection to confirm the presence of the CSD modules Secure Desktop or Cache Cleaner; and antivirus
software, antispyware software, personal firewall software, and/or the Microsoft
®
Windows operating
system and service packs on the user's computer as conditions for enabling particular features.
Cisco SSL VPN solutions provide organizations with robust and flexible products for protecting the
security and privacy of information, and can play an important part in an organization's compliance
strategies. No single technology today addresses all security requirements under the proposed standards.
In addition, given limitations of the Microsoft operating system, no technology that interoperates with
the operating system can ensure the total removal of all data, especially from an untrusted system with
potentially malicious third party software installed. However, deployments of Cisco SSL VPN using
CSD, when combined with other security controls and mechanisms within the context of an effective risk
management strategy and policy, can help to reduce risks associated with using such technologies.