Home » Cisco Manuals » Networking » Cisco 5520 » Manual Viewer

Cisco 5520 Configuration Guide - Page 31

Tutorial - physical connectivity

UPC - 746320987088

Add to My Manuals
Save this manual to your list of manuals

Page 31 highlights

Tutorial CH A P T E R 4 CSD is a highly customizable suite of security tools that you can deploy in many different ways to secure remote systems and enforce your company's network security polices. Becoming familiar with the configuration procedure can help you understand the following: • How to deploy CSD • Which security decisions you need to make to best accommodate your users and secure your network Note This tutorial introduces you to the CSD configuration settings. Subsequent sections reinforce the instructions with detailed descriptions. The following sections guide you through the CSD configuration sequence: • Step One: Define Windows Locations • Step Two: Define Windows Location Identification • Step Three: Configure Windows Location Modules • Step Four: Configure Windows Location Features • Step Five: Configure Windows CE Features • Step Six: Configure Macintosh and Linux Features Step One: Define Windows Locations Begin configuring CSD by defining Windows locations. Windows locations apply to supported Microsoft Windows clients only; they do not apply to Windows CE, Macintosh, and Linux clients. Locations let you deploy an appropriately secure environment to hosts that connect through the VPN. They let you increase security on hosts that you determine are likely to be insecure, and offer flexibility to clients you determine are secure. You can restrict user privileges when they connect from unknown computers. You can also deploy the Secure Desktop and Cache Cleaner modules on insecure hosts to minimize session information that might contain confidential company information. We recommend that you consider the different types of hosts that will connect through the VPN before you determine the criteria needed to secure those hosts and the security policies to assign to those criteria. In addition, because it is physically impossible to ensure 100 percent removal of all data sent to a remote system, organizations may use Cisco Secure Desktop to minimize access to trusted assets. OL-8607-02 Cisco Secure Desktop Configuration Guide 4-1

Section	Page
Contents	3
Audience and Scope	7
Organization and Use	7
Conventions	8
Related Documentation	8
Obtaining Documentation	9
Cisco.com	9
Product Documentation DVD	9
Ordering Documentation	9
Documentation Feedback	10
CiscoProduct Security Overview	10
Reporting Security Problems in CiscoProducts	10
Product Alerts and Field Notices	11
Obtaining Technical Assistance	11
CiscoTechnical Support & Documentation Website	11
Submitting a Service Request	12
Definitions of Service Request Severity	12
Obtaining Additional Publications and Information	13
Installing or Upgrading the CSD Software	15
Enabling and Disabling CSD	21
Using CLI to Enable or Disable CSD	21
Using ASDM to Enable or Disable CSD	23
Introduction	25
CSD Capabilities	25
Navigation	26
Saving and Resetting the Running CSD Configuration	29
Tutorial	31
Step One: Define Windows Locations	31
Step Two: Define Windows Location Identification	33
Work	33
Home	33
Insecure	34
Step Three: Configure Windows Location Modules	34
Work	34
Home	34
Insecure	35
Step Four: Configure Windows Location Features	36
Work	36
Home	36
Insecure	37
Step Five: Configure Windows CE Features	38
Step Six: Configure Macintosh and Linux Features	38
Setting Up CSD for Microsoft Windows Clients	39
Creating Windows Locations	39
Defining Location Criteria	41
Location Module	42
Certificate Criteria	43
Using a Certificate File to Specify Certificate Criteria	43
Using a Signed File to Specify Certificate Criteria	44
Using the Certificates in Your Store to Specify Certificate Criteria	45
IP Criteria	45
Registry and File Criteria	46
Registry Criteria	47
File Criteria	49
Configuring the Secure Desktop for Clients that Match Location Criteria	51
Configuring a VPN Feature Policy for a Location	51
Configuring a Group-based Policy for a Location	51
Configuring Web Browsing, File Access, Port Forwarding, and Full Tunneling VPN Policies for a Loc...	54
Configuring Keystroke Logger for a Location	57
Configuring Cache Cleaner for a Location	60
Configuring Secure Desktop General for a Location	61
Configuring Secure Desktop Settings for a Location	63
Configuring Secure Desktop Browser for a Location	65
Setting Up CSD for Microsoft Windows CEClients	67
Setting Up CSD for Macintosh and Linux Clients	69
Frequently Asked Questions	71
General Questions	71
Can I use Fast User Switching on Windows XP?	71
Which Java Virtual Machine is used by the Secure Desktop and the Cache Cleaner?	71
When do modified settings apply to the Cache Cleaner and the Secure Desktop?	71
Do I need Administrator privileges to use the CSD features?	72
Does the Secure Desktop Manager support Japanese character encodings?	72
What does transparent handling of e-mail applications mean?	72
Which applications does the Secure Desktop handle transparently?	72
Timeout Questions	72
How does the timeout setting work on the Secure Desktop?	72
Do Macintosh and Linux have a timeout setting?	72
Vault and Secure Desktop Questions	73
Does Secure Desktop completely eliminate the risk that data will be left behind on a system?	73
Can I use uninstallation and Vault reuse with the Secure Desktop?	73
If I enable Vault reuse, how large is the download the second time?	73
How does an end user use the Vault after downloading it the first time?	73
Can I run multiple Secure Desktops at the same time?	73
System Detection Questions	73
Can CSD detect all keystroke loggers?	73
For System Detection, what is the AND/OR relationship among the various settings?	74
Which antivirus applications does System Detection support?	74
Which antispyware applications does System Detection support?	74
Which personal firewall applications does System Detection support?	74
Which personal operating systems does System Detection support?	75
Security Questions	75
What security settings do I need to set on user computers?	75
What kind of encryption do the Secure Desktop and Cache Cleaner use?	76
How long can the password be for Vault reuse?	76
What happens when the cache is cleaned, either by the Cache Cleaner or the Secure Desktop?	76
Networking and Firewall Questions	76
Does the Secure Desktop or Cache Cleaner detect a second network card for location determination?	76
I am using a personal firewall. What application must I “Allow” to access the network?	76

Match case Limit results 1 per page

CHAPTER

4-1

Cisco Secure Desktop Configuration Guide

OL-8607-02

Tutorial

CSD is a highly customizable suite of security tools that you can deploy in many different ways to secure

remote systems and enforce your company’s network security polices. Becoming familiar with the

configuration procedure can help you understand the following:

•

How to deploy CSD

•

Which security decisions you need to make to best accommodate your users and secure your

network

Note

This tutorial introduces you to the CSD configuration settings. Subsequent sections reinforce the

instructions with detailed descriptions.

The following sections guide you through the CSD configuration sequence:

•

Step One: Define Windows Locations

•

Step Two: Define Windows Location Identification

•

Step Three: Configure Windows Location Modules

•

Step Four: Configure Windows Location Features

•

Step Five: Configure Windows CE Features

•

Step Six: Configure Macintosh and Linux Features

Step One: Define Windows Locations

Begin configuring CSD by defining Windows locations. Windows locations apply to supported

Microsoft Windows clients only; they do not apply to Windows CE, Macintosh, and Linux clients.

Locations let you deploy an appropriately secure environment to hosts that connect through the VPN.

They let you increase security on hosts that you determine are likely to be insecure, and offer flexibility

to clients you determine are secure. You can restrict user privileges when they connect from unknown

computers. You can also deploy the Secure Desktop and Cache Cleaner modules on insecure hosts to

minimize session information that might contain confidential company information. We recommend that

you consider the different types of hosts that will connect through the VPN before you determine the

criteria needed to secure those hosts and the security policies to assign to those criteria. In addition,

because it is physically impossible to ensure 100 percent removal of all data sent to a remote system,

organizations may use Cisco Secure Desktop to minimize access to trusted assets.