Configuration Guide
Page 2
...of the word partner does not imply a partnership relationship between Cisco and any other countries. Any use of actual IP addresses in this document or Website are the property of the UNIX operating system. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR ...display output, and figures included in the United States and certain other company. (0609R) Any Internet Protocol (IP) addresses used in illustrative content is a service mark of Cisco Systems, Inc.; All rights reserved. Changing the Way We Work, Live, Play, and Learn is unintentional and...
...of the word partner does not imply a partnership relationship between Cisco and any other countries. Any use of actual IP addresses in this document or Website are the property of the UNIX operating system. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR ...display output, and figures included in the United States and certain other company. (0609R) Any Internet Protocol (IP) addresses used in illustrative content is a service mark of Cisco Systems, Inc.; All rights reserved. Changing the Way We Work, Live, Play, and Learn is unintentional and...
Configuration Guide
Page 4
...Using a Certificate File to Specify Certificate Criteria 5-5 Using a Signed File to Specify Certificate Criteria 5-6 Using the Certificates in Your Store to Specify Certificate Criteria 5-7 IP Criteria 5-7 Registry and File Criteria 5-8 Registry Criteria 5-9 File Criteria 5-11 Configuring the Secure Desktop for Clients that Match Location Criteria 5-13 Configuring a VPN ...5-22 Configuring Secure Desktop General for a Location 5-23 Configuring Secure Desktop Settings for a Location 5-25 Configuring Secure Desktop Browser for a Location 5-27 Cisco Secure Desktop Configuration Guide iv OL-8607-02
...Using a Certificate File to Specify Certificate Criteria 5-5 Using a Signed File to Specify Certificate Criteria 5-6 Using the Certificates in Your Store to Specify Certificate Criteria 5-7 IP Criteria 5-7 Registry and File Criteria 5-8 Registry Criteria 5-9 File Criteria 5-11 Configuring the Secure Desktop for Clients that Match Location Criteria 5-13 Configuring a VPN ...5-22 Configuring Secure Desktop General for a Location 5-23 Configuring Secure Desktop Settings for a Location 5-25 Configuring Secure Desktop Browser for a Location 5-27 Cisco Secure Desktop Configuration Guide iv OL-8607-02
Configuration Guide
Page 26
Cisco Secure Desktop Configuration Guide 3-2 OL-8607-02 Figure 3-1 shows the default menu and the Secure Desktop Manager pane. Once you create a location, you can specify ..., choose Configuration > CSD Manager > Secure Desktop Manager. Click to create a group of location, such as Work, Home, or Insecure. For example, clients with DHCP-assigned IP addresses within a corporate address range connect from a particular type of settings for Windows clients connecting from the Work location. The Secure Desktop Manager pane opens.
Cisco Secure Desktop Configuration Guide 3-2 OL-8607-02 Figure 3-1 shows the default menu and the Secure Desktop Manager pane. Once you create a location, you can specify ..., choose Configuration > CSD Manager > Secure Desktop Manager. Click to create a group of location, such as Work, Home, or Insecure. For example, clients with DHCP-assigned IP addresses within a corporate address range connect from a particular type of settings for Windows clients connecting from the Work location. The Secure Desktop Manager pane opens.
Configuration Guide
Page 27
... these platforms. Figure 3-2 shows a CSD menu populated with locations. however, it does support a limited set of OL-8607-02 Cisco Secure Desktop Configuration Guide 3-3 Eligible matching criteria include certificate name and authority, IP address range, and local file or registry requirements. Each location also contains a set of a peer application on the local...
... these platforms. Figure 3-2 shows a CSD menu populated with locations. however, it does support a limited set of OL-8607-02 Cisco Secure Desktop Configuration Guide 3-3 Eligible matching criteria include certificate name and authority, IP address range, and local file or registry requirements. Each location also contains a set of a peer application on the local...
Configuration Guide
Page 33
... Issued By fields of the pane lets you enable or disable the Secure Desktop or Cache Cleaner modules for the associated location. OL-8607-02 Cisco Secure Desktop Configuration Guide 4-3 Add a registry criteria such as follows: Step 1 Step 2 Step 3 Step 4 Click the name Work in that location. Step Two: Define Windows...\Company exists." Check Enable identification using certificate criteria. Home Identify clients in the "Work" location by the administrator to be deployed for the location: certificate, IP address range, and file/registry.
... Issued By fields of the pane lets you enable or disable the Secure Desktop or Cache Cleaner modules for the associated location. OL-8607-02 Cisco Secure Desktop Configuration Guide 4-3 Add a registry criteria such as follows: Step 1 Step 2 Step 3 Step 4 Click the name Work in that location. Step Two: Define Windows...\Company exists." Check Enable identification using certificate criteria. Home Identify clients in the "Work" location by the administrator to be deployed for the location: certificate, IP address range, and file/registry.
Configuration Guide
Page 39
... might be considered more at risk to viruses due to define the location-based settings (also called adaptive policies) for clients that is specified by IP addresses on the 10.x.x.x network, and disable both the Cache Cleaner and the Secure Desktop function for exposing confidential information. Click Windows Location Settings in... remote client PCs against the locations in the menu on a 10.x.x.x network behind a NAT device are an unlikely risk for this location. OL-8607-02 Cisco Secure Desktop Configuration Guide 5-1
... might be considered more at risk to viruses due to define the location-based settings (also called adaptive policies) for clients that is specified by IP addresses on the 10.x.x.x network, and disable both the Cache Cleaner and the Secure Desktop function for exposing confidential information. Click Windows Location Settings in... remote client PCs against the locations in the menu on a 10.x.x.x network behind a NAT device are an unlikely risk for this location. OL-8607-02 Cisco Secure Desktop Configuration Guide 5-1
Configuration Guide
Page 41
... Desktop installation fails or the remote client PC does not match any of the configured locations criteria. Figure 5-2 Identification for OL-8607-02 Cisco Secure Desktop Configuration Guide 5-3 By default, this attribute is unchecked. • Port forwarding-Check to let the remote user connect a client... application installed on the local PC to the TCP/IP port of security, we recommend that you do not check this option. By default, this option. In the interest of a peer application...
... Desktop installation fails or the remote client PC does not match any of the configured locations criteria. Figure 5-2 Identification for OL-8607-02 Cisco Secure Desktop Configuration Guide 5-3 By default, this attribute is unchecked. • Port forwarding-Check to let the remote user connect a client... application installed on the local PC to the TCP/IP port of security, we recommend that you do not check this option. By default, this option. In the interest of a peer application...
Configuration Guide
Page 42
... "Enable identification using File or Registry criteria," only one of the following matching criteria: • Certificate name and issuer • IP address range • Presence or absence of the criteria you specify must be present. This default location pushes the Secure Desktop to ... IP criteria," and you specify "File company_software.exe #does exist#" under "Enable identification using File or Registry criteria," the client must meet both of the following options: • Secure Desktop-Check if you want to require the Secure Desktop to match the location. Cisco Secure...
... "Enable identification using File or Registry criteria," only one of the following matching criteria: • Certificate name and issuer • IP address range • Presence or absence of the criteria you specify must be present. This default location pushes the Secure Desktop to ... IP criteria," and you specify "File company_software.exe #does exist#" under "Enable identification using File or Registry criteria," the client must meet both of the following options: • Secure Desktop-Check if you want to require the Secure Desktop to match the location. Cisco Secure...
Configuration Guide
Page 45
... and "E" for e-mail address. CSD assigns the location to the client only if it against the Issuer field of the certificate. OL-8607-02 Cisco Secure Desktop Configuration Guide 5-7 Choose a certificate and click View. Click the Details tab. If a client has an address within the specified range, CSD...address. Type the value of one of these subfields in the Issued By field on the Identification for pane to connect. CSD checks the IP addresses of the Certificate window. Choose Internet Options. Complete both of the following, and only if it against the Subject field of the...
... and "E" for e-mail address. CSD assigns the location to the client only if it against the Issuer field of the certificate. OL-8607-02 Cisco Secure Desktop Configuration Guide 5-7 Choose a certificate and click View. Click the Details tab. If a client has an address within the specified range, CSD...address. Type the value of one of these subfields in the Issued By field on the Identification for pane to connect. CSD checks the IP addresses of the Certificate window. Choose Internet Options. Complete both of the following, and only if it against the Subject field of the...
Configuration Guide
Page 54
...server. • Port forwarding-Permits the use of the Secure Desktop to connect a client application installed on the local PC to the TCP/IP port of the location you would like to configure a policy. CSD requires one of the applications highlighted to be running on the left. CSDM... includes this two such fields, one of the applications highlighted to be running on a remote server. 5-16 Cisco Secure Desktop Configuration Guide OL-8607-02 CSD requires one of the applications highlighted to be running CSD configuration. Configuring the Secure Desktop for ...
...server. • Port forwarding-Permits the use of the Secure Desktop to connect a client application installed on the local PC to the TCP/IP port of the location you would like to configure a policy. CSD requires one of the applications highlighted to be running on the left. CSDM... includes this two such fields, one of the applications highlighted to be running on a remote server. 5-16 Cisco Secure Desktop Configuration Guide OL-8607-02 CSD requires one of the applications highlighted to be running CSD configuration. Configuring the Secure Desktop for ...
Configuration Guide
Page 70
... fails. • Web Browsing-Check to permit the use of the Secure Desktop to connect a client application installed on the local PC to the TCP/IP port of a peer application on a remote server. • Port Forwarding-Check to permit the use of the Secure Desktop to access files on a remote ...locations and access outside of the CSD environment. • File Access-Check to permit the use of the Secure Desktop to perform this cleanup task. Cisco Secure Desktop Configuration Guide 7-2 OL-8607-02 Use the drop-down list to set a global timeout after which CSD launches the Cache Cleaner.
... fails. • Web Browsing-Check to permit the use of the Secure Desktop to connect a client application installed on the local PC to the TCP/IP port of a peer application on a remote server. • Port Forwarding-Check to permit the use of the Secure Desktop to access files on a remote ...locations and access outside of the CSD environment. • File Access-Check to permit the use of the Secure Desktop to perform this cleanup task. Cisco Secure Desktop Configuration Guide 7-2 OL-8607-02 Use the drop-down list to set a global timeout after which CSD launches the Cache Cleaner.
Configuration Guide
Page 76
..., inserted, or created in the browser including file downloads, configuration changes, cached browser information, entered passwords, and auto-completed information. Cisco Secure Desktop Configuration Guide A-6 OL-8607-02 You must I am using a personal firewall. CSD encrypts data with personal firewalls such ...; Microsoft VM > Java permissions > High, medium or low safety What kind of the cache meets U.S. No, they detect only the IP address of Defense standards. Department of the first network card. I "Allow" to each data block three times. What happens when the cache...
..., inserted, or created in the browser including file downloads, configuration changes, cached browser information, entered passwords, and auto-completed information. Cisco Secure Desktop Configuration Guide A-6 OL-8607-02 You must I am using a personal firewall. CSD encrypts data with personal firewalls such ...; Microsoft VM > Java permissions > High, medium or low safety What kind of the cache meets U.S. No, they detect only the IP address of Defense standards. Department of the first network card. I "Allow" to each data block three times. What happens when the cache...
Configuration Guide
Page 78
...5-5, 5-6, 5-7 e-mail 5-26 Enable cancellation of cleaning, attribute 7-2 Enable identification using File or Registry criteria, attribute 5-8 to 5-13 Enable identification using IP criteria, attribute 5-7 Enable Secure Desktop inactivity timeout, attribute 5-24 Enable switching between Secure Desktop and local desktop, attribute 5-23 Enable Vault Reuse, attribute ... 5-9 HKEY_LOCAL_MACHINE 5-9, 5-10, 5-11 HKEY_USERS 5-9 home location, example configuration 4-2, 5-1 Home Page, attribute 5-27 host integrity See System Detection IN-8 Cisco Secure Desktop Configuration Guide OL-8607-02
...5-5, 5-6, 5-7 e-mail 5-26 Enable cancellation of cleaning, attribute 7-2 Enable identification using File or Registry criteria, attribute 5-8 to 5-13 Enable identification using IP criteria, attribute 5-7 Enable Secure Desktop inactivity timeout, attribute 5-24 Enable switching between Secure Desktop and local desktop, attribute 5-23 Enable Vault Reuse, attribute ... 5-9 HKEY_LOCAL_MACHINE 5-9, 5-10, 5-11 HKEY_USERS 5-9 home location, example configuration 4-2, 5-1 Home Page, attribute 5-27 host integrity See System Detection IN-8 Cisco Secure Desktop Configuration Guide OL-8607-02
Configuration Guide
Page 79
... timer 5-22, 5-24 insecure location, example configuration 4-2, 5-1 installing CSD 1-1 to 1-6 Internet Connection Firewall (ICF) A-4 Internet Explorer settings on client A-5 IP address range 5-4, 5-7 ISS BlackICE PC Protection A-4 Issued By, attribute of Enable identification using certificate criteria 5-5, 5-6, 5-7 Issued To, attribute of Enable identification using...access 5-25 Norton AntiVirus For Windows A-4 Norton Personal Firewall A-5 O O certificate field 5-5, 5-6, 5-7 operating systems 5-16, 5-18 P Panda AntiVirus A-4 password A-6 Cisco Secure Desktop Configuration Guide IN-9
... timer 5-22, 5-24 insecure location, example configuration 4-2, 5-1 installing CSD 1-1 to 1-6 Internet Connection Firewall (ICF) A-4 Internet Explorer settings on client A-5 IP address range 5-4, 5-7 ISS BlackICE PC Protection A-4 Issued By, attribute of Enable identification using certificate criteria 5-5, 5-6, 5-7 Issued To, attribute of Enable identification using...access 5-25 Norton AntiVirus For Windows A-4 Norton Personal Firewall A-5 O O certificate field 5-5, 5-6, 5-7 operating systems 5-16, 5-18 P Panda AntiVirus A-4 password A-6 Cisco Secure Desktop Configuration Guide IN-9