Configuration Guide
Page 5
...? A-2 Which applications does the Secure Desktop handle transparently? A-3 System Detection Questions A-3 Can CSD detect all keystroke loggers? A-6 Networking and Firewall Questions A-6 Does the Secure Desktop or Cache Cleaner detect a second network card for Vault reuse? A-4 Which antivirus applications does System Detection ...it the first time? A-6 What happens when the cache is the AND/OR relationship among the various settings? A-6 OL-8607-02 Cisco Secure Desktop Configuration Guide v A-2 Do Macintosh and Linux have a timeout setting? A-3 Can I enable Vault reuse, how large is...
...? A-2 Which applications does the Secure Desktop handle transparently? A-3 System Detection Questions A-3 Can CSD detect all keystroke loggers? A-6 Networking and Firewall Questions A-6 Does the Secure Desktop or Cache Cleaner detect a second network card for Vault reuse? A-4 Which antivirus applications does System Detection ...it the first time? A-6 What happens when the cache is the AND/OR relationship among the various settings? A-6 OL-8607-02 Cisco Secure Desktop Configuration Guide v A-2 Do Macintosh and Linux have a timeout setting? A-3 Can I enable Vault reuse, how large is...
Configuration Guide
Page 25
...to reduce the possibility that interoperates with the operating system can help to each type. and antivirus software, antispyware software, personal firewall software, and/or the Microsoft® Windows operating system and service packs on a system after an SSL VPN session terminates. OL-8607..., or if a session times out due to provide endpoint security protection. It supports profiles of Defense (DoD) sanitation algorithm to inactivity. Cisco SSL VPN solutions provide organizations with , or downloaded, during the SSL VPN session. You can play an important part in case of the...
...to reduce the possibility that interoperates with the operating system can help to each type. and antivirus software, antispyware software, personal firewall software, and/or the Microsoft® Windows operating system and service packs on a system after an SSL VPN session terminates. OL-8607..., or if a session times out due to provide endpoint security protection. It supports profiles of Defense (DoD) sanitation algorithm to inactivity. Cisco SSL VPN solutions provide organizations with , or downloaded, during the SSL VPN session. You can play an important part in case of the...
Configuration Guide
Page 28
...VPN Client. Typical location types include Work, Home, and Insecure (for such client connection sites as antivirus software, antispyware software, firewall software, and the operating system version and patch. • Keystroke Logger-Scans the client PC for a keystroke logging application. ...-Specifies the home page to disable printing from within which the browser connects when the remote user establishes a CSD session. Cisco Secure Desktop Configuration Guide 3-4 OL-8607-02 When you might configure a secure location to the configuration, the Desktop Manager displays...
...VPN Client. Typical location types include Work, Home, and Insecure (for such client connection sites as antivirus software, antispyware software, firewall software, and the operating system version and patch. • Keystroke Logger-Scans the client PC for a keystroke logging application. ...-Specifies the home page to disable printing from within which the browser connects when the remote user establishes a CSD session. Cisco Secure Desktop Configuration Guide 3-4 OL-8607-02 When you might configure a secure location to the configuration, the Desktop Manager displays...
Configuration Guide
Page 32
...a certificate given by a registry entry - The Windows Location Settings pane appears. Advanced features require company antivirus software, company antispyware, company firewall, and Windows 2000 Service Pack 4 or Windows XP - All features disabled except web browsing To create the three locations: Step 1 Step... the location entries in the office, "Home" is for those who do not meet the criteria for keystroke logger • Insecure - Cisco Secure Desktop Configuration Guide 4-2 OL-8607-02 No identification - Check for either, such as follows: • Work - If it is...
...a certificate given by a registry entry - The Windows Location Settings pane appears. Advanced features require company antivirus software, company antispyware, company firewall, and Windows 2000 Service Pack 4 or Windows XP - All features disabled except web browsing To create the three locations: Step 1 Step... the location entries in the office, "Home" is for those who do not meet the criteria for keystroke logger • Insecure - Cisco Secure Desktop Configuration Guide 4-2 OL-8607-02 No identification - Check for either, such as follows: • Work - If it is...
Configuration Guide
Page 36
...box opens. Check AntiVirus and choose the antivirus software. Check OS and choose 2000 SP4, XP no SP, XP SP1, and XP SP2. Cisco Secure Desktop Configuration Guide 4-6 OL-8607-02 Set Web Browsing to specify the level of access for each location when you create it. Click... have advanced features like File Access, Port Forwarding, and Full Tunneling only if they meet the company network policies for antivirus software, antispyware, firewall software, and Windows 2000 Service Pack 4 or Windows XP. Step Four: Configure Windows Location Features CSD creates security modules for a given field...
...box opens. Check AntiVirus and choose the antivirus software. Check OS and choose 2000 SP4, XP no SP, XP SP1, and XP SP2. Cisco Secure Desktop Configuration Guide 4-6 OL-8607-02 Set Web Browsing to specify the level of access for each location when you create it. Click... have advanced features like File Access, Port Forwarding, and Full Tunneling only if they meet the company network policies for antivirus software, antispyware, firewall software, and Windows 2000 Service Pack 4 or Windows XP. Step Four: Configure Windows Location Features CSD creates security modules for a given field...
Configuration Guide
Page 37
... browsing access only, and only if the Secure Desktop is active. Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Check Firewall and choose the company firewall software. OL-8607-02 Cisco Secure Desktop Configuration Guide 4-7 See the option descriptions in the "Insecure" location as follows: Step 1 Step 2 Step 3 Step 4 Click VPN Feature...
... browsing access only, and only if the Secure Desktop is active. Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Check Firewall and choose the company firewall software. OL-8607-02 Cisco Secure Desktop Configuration Guide 4-7 See the option descriptions in the "Insecure" location as follows: Step 1 Step 2 Step 3 Step 4 Click VPN Feature...
Configuration Guide
Page 53
...attributes in each category have an "OR" relationship. Step 4 Check Anti-Virus, Anti-Spyware, Firewall, and OS if you want to apply the following steps. An "AND" relationship is the default... of a list of Secure Desktop or Cache Cleaner as follows: OL-8607-02 Cisco Secure Desktop Configuration Guide 5-15 The options within each category to satisfy the criteria.... criteria specified on this radio button, choose the Configuration > VPN > General > Tunnel Group > Add/Edit Tunnel Group > WebVPN Access > WebVPN tab. Step 3 Continue with this step. • Use Success...
...attributes in each category have an "OR" relationship. Step 4 Check Anti-Virus, Anti-Spyware, Firewall, and OS if you want to apply the following steps. An "AND" relationship is the default... of a list of Secure Desktop or Cache Cleaner as follows: OL-8607-02 Cisco Secure Desktop Configuration Guide 5-15 The options within each category to satisfy the criteria.... criteria specified on this radio button, choose the Configuration > VPN > General > Tunnel Group > Add/Edit Tunnel Group > WebVPN Access > WebVPN tab. Step 3 Continue with this step. • Use Success...
Configuration Guide
Page 54
... Detection Questions." The VPN Feature Policy pane displays the default Group-Based Policy tab (described in the menu on a remote server. 5-16 Cisco Secure Desktop Configuration Guide OL-8607-02 Configuring Web Browsing, File Access, Port Forwarding, and Full Tunneling VPN Policies for a Location This section... use of the Secure Desktop to connect a client application installed on the local PC to the TCP/IP port of antivirus software. Note For the complete list of a personal firewall that is running CSD configuration. Click Apply All to save the running . CSD requires one above the...
... Detection Questions." The VPN Feature Policy pane displays the default Group-Based Policy tab (described in the menu on a remote server. 5-16 Cisco Secure Desktop Configuration Guide OL-8607-02 Configuring Web Browsing, File Access, Port Forwarding, and Full Tunneling VPN Policies for a Location This section... use of the Secure Desktop to connect a client application installed on the local PC to the TCP/IP port of antivirus software. Note For the complete list of a personal firewall that is running CSD configuration. Click Apply All to save the running . CSD requires one above the...
Configuration Guide
Page 56
...operating system and service pack. CSD requires one of the applications highlighted to be running on the remote client PC to satisfy the personal firewall requirement. • OS-Check to enable System Detection for the presence of antispyware software. If you choose is enough to satisfy the... of a VPN policy for this feature ends at this two such fields, one of the options or control-click multiple options. 5-18 Cisco Secure Desktop Configuration Guide OL-8607-02 Note An "Enabled if criteria match," setting without criteria is present among the enabled categories. An ...
...operating system and service pack. CSD requires one of the applications highlighted to be running on the remote client PC to satisfy the personal firewall requirement. • OS-Check to enable System Detection for the presence of antispyware software. If you choose is enough to satisfy the... of a VPN policy for this feature ends at this two such fields, one of the options or control-click multiple options. 5-18 Cisco Secure Desktop Configuration Guide OL-8607-02 Note An "Enabled if criteria match," setting without criteria is present among the enabled categories. An ...
Configuration Guide
Page 71
...Questions • Timeout Questions • Vault and Secure Desktop Questions • System Detection Questions • Security Questions • Networking and Firewall Questions General Questions The following questions address a broad range of the CSD software can run on Windows XP? When you modify the settings in... CSDM. OL-8607-02 Cisco Secure Desktop Configuration Guide A-1 CSD checks Internet Explorer to determine which Java Virtual Machine (JVM) has been configured for that a ...
...Questions • Timeout Questions • Vault and Secure Desktop Questions • System Detection Questions • Security Questions • Networking and Firewall Questions General Questions The following questions address a broad range of the CSD software can run on Windows XP? When you modify the settings in... CSDM. OL-8607-02 Cisco Secure Desktop Configuration Guide A-1 CSD checks Internet Explorer to determine which Java Virtual Machine (JVM) has been configured for that a ...
Configuration Guide
Page 74
... does System Detection support? The antispyware applications that System Detection checks for includes: - F-Secure Antivirus (2003 to 5.0) Cisco Secure Desktop Configuration Guide A-4 OL-8607-02 McAfee Personal Firewall (4.0 to 2005) - System Detection is enough to pass the System Detection check. Panda AntiVirus (Titanium 2004 or Platinum 7.0 to XP SP2) - Avast AntiVirus (4.0) - The...
... does System Detection support? The antispyware applications that System Detection checks for includes: - F-Secure Antivirus (2003 to 5.0) Cisco Secure Desktop Configuration Guide A-4 OL-8607-02 McAfee Personal Firewall (4.0 to 2005) - System Detection is enough to pass the System Detection check. Panda AntiVirus (Titanium 2004 or Platinum 7.0 to XP SP2) - Avast AntiVirus (4.0) - The...
Configuration Guide
Page 75
...1 - Windows 2000 Service Pack 1 - Windows XP (no service pack) - ZoneAlarm Personal Firewall (4.0 to 5.6) - Windows 2000 (no service pack) - Windows 98 Second Edition Security Questions The following Internet Explorer settings are required for CSD. The operating systems and service... and plug-ins > Download signed ActiveX controls > Enable OL-8607-02 Cisco Secure Desktop Configuration Guide A-5 Windows 2000 Service Pack 2 - What security settings do I need to 2005) - Norton Personal Firewall (2003 to set on user computers? Appendix A Frequently Asked Questions Security ...
...1 - Windows 2000 Service Pack 1 - Windows XP (no service pack) - ZoneAlarm Personal Firewall (4.0 to 5.6) - Windows 2000 (no service pack) - Windows 98 Second Edition Security Questions The following Internet Explorer settings are required for CSD. The operating systems and service... and plug-ins > Download signed ActiveX controls > Enable OL-8607-02 Cisco Secure Desktop Configuration Guide A-5 Windows 2000 Service Pack 2 - What security settings do I need to 2005) - Norton Personal Firewall (2003 to set on user computers? Appendix A Frequently Asked Questions Security ...
Configuration Guide
Page 76
...password can be up to access the network? I "Allow" to 127 characters, and can the password be for protecting data using a personal firewall. Cisco Secure Desktop Configuration Guide A-6 OL-8607-02 What happens when the cache is an algorithm for Vault reuse? Department of encryption, uses different ...keys to access the network. No, they detect only the IP address of encryption; DES-CBC is the Cipher Block Chaining (CBC) mode of DES, a stronger form of the first network card. ...
...password can be up to access the network? I "Allow" to 127 characters, and can the password be for protecting data using a personal firewall. Cisco Secure Desktop Configuration Guide A-6 OL-8607-02 What happens when the cache is an algorithm for Vault reuse? Department of encryption, uses different ...keys to access the network. No, they detect only the IP address of encryption; DES-CBC is the Cipher Block Chaining (CBC) mode of DES, a stronger form of the first network card. ...
Configuration Guide
Page 78
... cleaning, attribute 7-2 Enable identification using File or Registry criteria, attribute 5-8 to 5-13 Enable identification using IP criteria, attribute 5-7 Enable Secure Desktop inactivity timeout, attribute 5-24 Enable switching between Secure Desktop and local ...Windows installation failure 5-3 VPN Feature Policy, Windows installation success 5-16 file criteria 5-4, 5-8 firewall A-6 Firewall, attribute 5-16, 5-18 folders in favorites or bookmarks 5-27 Force admin control on list...Page, attribute 5-27 host integrity See System Detection IN-8 Cisco Secure Desktop Configuration Guide OL-8607-02
... cleaning, attribute 7-2 Enable identification using File or Registry criteria, attribute 5-8 to 5-13 Enable identification using IP criteria, attribute 5-7 Enable Secure Desktop inactivity timeout, attribute 5-24 Enable switching between Secure Desktop and local ...Windows installation failure 5-3 VPN Feature Policy, Windows installation success 5-16 file criteria 5-4, 5-8 firewall A-6 Firewall, attribute 5-16, 5-18 folders in favorites or bookmarks 5-27 Force admin control on list...Page, attribute 5-27 host integrity See System Detection IN-8 Cisco Secure Desktop Configuration Guide OL-8607-02
Configuration Guide
Page 79
...timer 5-22, 5-24 insecure location, example configuration 4-2, 5-1 installing CSD 1-1 to 1-6 Internet Connection Firewall (ICF) A-4 Internet Explorer settings on client A-5 IP address range 5-4, 5-7 ISS BlackICE PC Protection A-4 Issued By, attribute of Enable identification using certificate ...in priority order, window 5-2 Location to add, attribute 5-2 M Mac & Linux Cache Cleaner, menu option 7-1 main.exe A-6 McAfee Personal Firewall A-4 McAfee VirusScan A-4 menu, figure 3-3 Microsoft Anti-Spyware A-4 Microsoft Virtual Machine A-5 Microsoft Windows operating systems and service packs A-5 N ...
...timer 5-22, 5-24 insecure location, example configuration 4-2, 5-1 installing CSD 1-1 to 1-6 Internet Connection Firewall (ICF) A-4 Internet Explorer settings on client A-5 IP address range 5-4, 5-7 ISS BlackICE PC Protection A-4 Issued By, attribute of Enable identification using certificate ...in priority order, window 5-2 Location to add, attribute 5-2 M Mac & Linux Cache Cleaner, menu option 7-1 main.exe A-6 McAfee Personal Firewall A-4 McAfee VirusScan A-4 menu, figure 3-3 Microsoft Anti-Spyware A-4 Microsoft Virtual Machine A-5 Microsoft Windows operating systems and service packs A-5 N ...
Configuration Guide
Page 80
...Cache Cleaner, when settings apply A-1 configuring 5-1 description A-6 encryption type A-6 FAQs A-3, A-5 force uninstall 5-24 IN-10 Cisco Secure Desktop Configuration Guide General 3-4, 5-23 to 5-24 inactivity timeout 5-24 local desktop switch 5-23 Location Module, attribute...as a location criterion 5-10 Subject, field of a certificate 5-5, 5-6, 5-7 Suggest application uninstall upon Secure Desktop closing, attribute 5-24 Sygate Personal Firewall A-5, A-6 Sygate Security Agent A-6 System Detection configuring 5-13 to 5-19 definition 3-1 FAQs A-3 T timeout A-2 Linux A-2 Macintosh A-2 Timeout ...
...Cache Cleaner, when settings apply A-1 configuring 5-1 description A-6 encryption type A-6 FAQs A-3, A-5 force uninstall 5-24 IN-10 Cisco Secure Desktop Configuration Guide General 3-4, 5-23 to 5-24 inactivity timeout 5-24 local desktop switch 5-23 Location Module, attribute...as a location criterion 5-10 Subject, field of a certificate 5-5, 5-6, 5-7 Suggest application uninstall upon Secure Desktop closing, attribute 5-24 Sygate Personal Firewall A-5, A-6 Sygate Security Agent A-6 System Detection configuring 5-13 to 5-19 definition 3-1 FAQs A-3 T timeout A-2 Linux A-2 Macintosh A-2 Timeout ...
Configuration Guide
Page 81
U URLs on home page and favorites 5-27 V Vault 5-24, A-3, A-6 Version, attribute 5-12 VPN Feature Policy Macintosh and Linux 7-1 to 7-2 Microsoft Windows CE 6-1 Windows 3-4, 5-13 to 5-19 W Web Browsing Macintosh and Linux 7-2 Microsoft Windows CE 6-1 Web browsing Windows installation failure 5-2 success 5-16 Windows CE, menu option 6-1 Windows Location Settings examples 4-2 menu option 3-2, 5-1 Windows operating systems and service packs A-5 work, example configuration 4-2, 5-1 X xml 3-5 Z ZoneAlarm Personal Firewall A-5 OL-8607-02 Index Cisco Secure Desktop Configuration Guide IN-11
U URLs on home page and favorites 5-27 V Vault 5-24, A-3, A-6 Version, attribute 5-12 VPN Feature Policy Macintosh and Linux 7-1 to 7-2 Microsoft Windows CE 6-1 Windows 3-4, 5-13 to 5-19 W Web Browsing Macintosh and Linux 7-2 Microsoft Windows CE 6-1 Web browsing Windows installation failure 5-2 success 5-16 Windows CE, menu option 6-1 Windows Location Settings examples 4-2 menu option 3-2, 5-1 Windows operating systems and service packs A-5 work, example configuration 4-2, 5-1 X xml 3-5 Z ZoneAlarm Personal Firewall A-5 OL-8607-02 Index Cisco Secure Desktop Configuration Guide IN-11