manualshive.com logo in svg

Cisco 5520 - ASA IPS Edition Bundle, Configuration Manual

Introducing the Cisco 5520 - ASA IPS Edition Bundle, a top-of-the-line network security solution. Ensure a quick and seamless setup with our comprehensive Quick Start Manual. Simplify your network management with this user-friendly manual, available for free download from manualshive.com. Maximize your network security with this high-performance product.

Share
Download
background image

C H A P T E R

 

6-1

Cisco Secure Desktop Configuration Guide

OL-8607-02

6

Setting Up CSD for Microsoft Windows 
CE Clients

CSD lets you configure a VPN feature policy to enable or restrict both web browsing and remote server 
file access for remote clients running Microsoft Windows CE. To do so, click 

Windows CE

 in the menu 

on the left. 

The Windows CE pane appears (

Figure 6-1

).

Figure 6-1

Windows CE

Set the attributes as follows:

Web Browsing—Check to let the remote user use the Secure Desktop to browse the web. 

Note

To ensure security, the Secure Desktop Manager supports only web browsing by clients in 
unknown locations and access outside of the CSD environment.

File Access

Check to let the remote user use the Secure Desktop to access files on a remote server.

Click 

Apply All

 to save the running configuration to the flash device.

Summary of Contents for 5520 - ASA IPS Edition Bundle

Page 1: ...sman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 526 4100 Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators Software Release 3 1 1 October 2006 Text Part Number OL 8607 02 ...

Page 2: ...A ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Any Internet Protocol IP addresses used in this document are not intended to be actual addresses Any examples command display output and figures included in the document are shown for illustrative purposes only Any use of actual IP addresses in illustrative c...

Page 3: ...Technical Assistance xi Cisco Technical Support Documentation Website xi Submitting a Service Request xii Definitions of Service Request Severity xii Obtaining Additional Publications and Information xiii C H A P T E R 1 Installing or Upgrading the CSD Software 1 1 C H A P T E R 2 Enabling and Disabling CSD 2 1 Using CLI to Enable or Disable CSD 2 1 Using ASDM to Enable or Disable CSD 2 3 C H A P ...

Page 4: ...iteria 5 5 Using a Signed File to Specify Certificate Criteria 5 6 Using the Certificates in Your Store to Specify Certificate Criteria 5 7 IP Criteria 5 7 Registry and File Criteria 5 8 Registry Criteria 5 9 File Criteria 5 11 Configuring the Secure Desktop for Clients that Match Location Criteria 5 13 Configuring a VPN Feature Policy for a Location 5 13 Configuring a Group based Policy for a Loc...

Page 5: ...Can I use uninstallation and Vault reuse with the Secure Desktop A 3 If I enable Vault reuse how large is the download the second time A 3 How does an end user use the Vault after downloading it the first time A 3 Can I run multiple Secure Desktops at the same time A 3 System Detection Questions A 3 Can CSD detect all keystroke loggers A 3 For System Detection what is the AND OR relationship among...

Page 6: ...Contents vi Cisco Secure Desktop Configuration Guide OL 8607 02 I N D E X ...

Page 7: ...he criteria used to identify those locations and the access rights and restrictions to assign to clients that match the location criteria It also describes how to configure features to support Windows CE Macintosh and Linux clients Organization and Use Table 1 describes the contents of this guide Table 1 Document Organization Topic Purpose Installing or Upgrading the CSD Software Describes how to ...

Page 8: ...pliance and Safety Information for the Cisco ASA 5500 Series Cisco ASA 5500 Series Hardware Installation Guide Migrating to ASA for VPN 3000 Concentrator Series Administrators Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide for the ASA 5510 ASA 5520 and ASA 5540 Cisco Security Appliance Command Line Configuration Guide Cisco Security Appliance Command Reference Setting Up C...

Page 9: ...umentation on a portable medium The DVD enables you to access installation configuration and command guides for Cisco hardware and software products With the DVD you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL http www cisco com univercd home home htm The Product Documentation DVD is created and released regularly DVDs are available singly...

Page 10: ...e Syndication PSIRT RSS feed Information about how to subscribe to the PSIRT RSS feed is found at this URL http www cisco com en US products products_psirt_rss_feed html Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products We test our products internally before we release them and we strive to correct all vulnerabilities quickly If you think that you have ...

Page 11: ...o Technical Support Documentation website on Cisco com features extensive online support resources In addition if you have a valid Cisco service contract Cisco Technical Assistance Center TAC engineers provide telephone support If you do not have a valid Cisco service contract contact your reseller Cisco Technical Support Documentation Website The Cisco Technical Support Documentation website prov...

Page 12: ...commended solutions If your issue is not resolved using the recommended resources your service request is assigned to a Cisco engineer The TAC Service Request Tool is located at this URL http www cisco com techsupport servicerequest For S1 or S2 service requests or if you do not have Internet access contact the Cisco TAC by telephone S1 or S2 service requests are those in which your production net...

Page 13: ... www cisco com go guide Cisco Marketplace provides a variety of Cisco books reference guides documentation and logo merchandise Visit Cisco Marketplace the company store at this URL http www cisco com go marketplace Cisco Press publishes a wide range of general networking training and certification titles Both new and experienced users will benefit from these publications For current Cisco Press t...

Page 14: ...ration Guide OL 8607 02 About This Guide Obtaining Additional Publications and Information World class networking training is available from Cisco You can view current offerings at this URL http www cisco com en US learning index html ...

Page 15: ... CSD software Install or upgrade the Cisco Secure Desktop CSD software as follows Step 1 Use your Internet browser to access the following URL and download the securedesktop_asa_ n _ n pkg file to any location on your PC http www cisco com cgi bin tablebuild pl securedesktop Step 2 Use your Internet browser to log in to ASDM Step 3 Choose Configuration CSD Setup The pane displays the message Pleas...

Page 16: ...Configuration Guide OL 8607 02 Chapter 1 Installing or Upgrading the CSD Software Figure 1 1 CSD Manager Not Installed Step 4 Click the Cisco Secure Desktop link ASDM opens the Configuration VPN WebVPN CSD Setup pane Figure 1 2 ...

Page 17: ... 5 Click Upload to prepare to transfer a copy of the CSD software from your local PC to the flash card installed in the ASA 5500 ASDM opens the Upload Image dialog box Step 6 Click Browse Local to prepare to select the file on your local PC The Selected File Path dialog box displays the contents of the latest local folder you accessed Figure 1 3 ...

Page 18: ...Image Step 7 Choose the securedesktop_asa_ n _ n pkg you downloaded in Step 1 and click Open ASDM closes the Select File Path dialog box and displays the file in the Local File Path field Step 8 Click Browse Flash to specify the target directory for the file Step 9 The Browse Flash Dialog box displays the contents of the flash card Figure 1 4 ...

Page 19: ...that you use the default name Step 10 Optional Choose the target folder in the Folders box Step 11 Click OK ASDM closes the Browse Flash Dialog box and displays the file in the Flash File System Path field Step 12 Click Upload File and click OK An Information dialog box displays the following message File is uploaded to flash successfully Step 13 Click OK ASDM closes the dialog box transfers a cop...

Page 20: ...e Step 15 Click OK to install the CSD software The Uninstall CSD dialog box opens if you upgraded from an earlier version of CSD and displays the following message Do you want to delete disk0 securedesktop_asa_ Previous_Version pkg Step 16 Click Yes unless you want to keep the previous version ASDM closes the dialog box revealing the installed image in the Secure Desktop Image field Refer to Enabl...

Page 21: ... the status of the CSD image show webvpn csd EXAMPLE F1 asa1 config show webvpn csd Secure Desktop version 3 1 0 25 is currently installed and enabled Note Disabling CSD does not alter the CSD configuration Use the CLI to enable or disable CSD as follows Step 1 Log in to the CLI and enter the config t command Step 2 Enter webvpn to access the webvpn command mode For example F1 asa1 config webvpn S...

Page 22: ...vailable 24281088 bytes used Flash Card Geometry Format Info COMPACT FLASH CARD GEOMETRY Number of Heads 4 Number of Cylinders 978 Sectors per Cylinder 32 Sector Size 512 Total Sectors 125184 COMPACT FLASH CARD FORMAT Number of FAT Sectors 61 Sectors Per Cluster 8 Number of Clusters 15352 Number of Data Sectors 122976 Base Root Sector 123 Base FAT Sector 1 Base Data Sector 155 F1 asa1 config webvp...

Page 23: ...ash device to the running configuration If you transfer or replace the data xml disable and then enable CSD to load the file Disabling CSD does not alter the CSD configuration Use ASDM to enable or disable CSD as follows Step 1 Choose Configuration VPN WebVPN CSD Setup The CSD Setup pane opens Figure 2 1 Figure 2 1 CSD Setup Enable Disable Note The Secure Desktop Image field displays the image and...

Page 24: ... Secure Desktop Configuration Guide OL 8607 02 Chapter 2 Enabling and Disabling CSD Using ASDM to Enable or Disable CSD Step 2 Check or uncheck Enable Secure Desktop and click Apply ASDM enables or disables CSD ...

Page 25: ...network element connection types corporate laptop home PC or Internet kiosk and applies a different security policy to each type These policies include System Detection which is the definition enforcement and restoration of client security in order to secure enterprise networks and data You can configure System Detection to confirm the presence of the CSD modules Secure Desktop or Cache Cleaner an...

Page 26: ...owing initial options are available in the CSDM menu Windows Location Settings Click to create a group of settings for Windows clients connecting from a particular type of location such as Work Home or Insecure Once you create a location you can specify how to determine that clients are connecting from that particular location For example clients with DHCP assigned IP addresses within a corporate ...

Page 27: ...sktop to connect a client application installed on the local PC to the TCP IP port of a peer application on a remote server CSD does not support location entries for Macintosh and Linux clients however it does support a limited set of security features for these platforms Figure 3 2 shows a CSD menu populated with locations Figure 3 2 Navigating the Secure Desktop Manager A location is a security ...

Page 28: ...he scan identifies Secure Desktop and Cache Cleaner launch only if the scan is clear or only if you assign administrative control to the user and the user approves of the applications the scan identifies Cisco Secure Desktop may be unable to detect every potentially malicious keystroke logger including but not limited to hardware keystroke logging devices Cache Cleaner Attempts to disable or erase...

Page 29: ...nsfer a copy of the disk0 sdesktop data xml file to the flash device of the target security appliance Disable and reenable CSD to read the disko sdesktop data xml file into the running CSD configuration CSD displays two buttons at the bottom of the CSD panes that interact with the disk0 sdesktop data xml file Use these buttons as follows To save the running CSD configuration to the data xml file c...

Page 30: ...3 6 Cisco Secure Desktop Configuration Guide OL 8607 02 Chapter 3 Introduction Saving and Resetting the Running CSD Configuration ...

Page 31: ...d Linux Features Step One Define Windows Locations Begin configuring CSD by defining Windows locations Windows locations apply to supported Microsoft Windows clients only they do not apply to Windows CE Macintosh and Linux clients Locations let you deploy an appropriately secure environment to hosts that connect through the VPN They let you increase security on hosts that you determine are likely ...

Page 32: ...er a password up to 127 characters in length when CSD creates the Secure Desktop Advanced features require company antivirus software company antispyware company firewall and Windows 2000 Service Pack 4 or Windows XP Check for keystroke logger Insecure No identification Cache Cleaner All features disabled except web browsing To create the three locations Step 1 Choose Windows Location Settings in ...

Page 33: ... registry The Use Module attribute at the bottom of the pane lets you enable or disable the Secure Desktop or Cache Cleaner modules for the associated location Work Identify clients in the Work location by registry entry as follows Step 1 Click the name Work in the menu on the left The Identification pane opens Step 2 Check Enable identification using Registry or File criteria Step 3 Add a registr...

Page 34: ...onfigure the Cache Cleaner If you selected Secure Desktop configure both the Secure Desktop and Cache Cleaner because CSD supports only the Cache Cleaner on Windows 98 machines Work Because you assigned neither the Secure Desktop and Cache Cleaner security modules to the location entry named Work do not configure the associated VPN Feature Policy Keystroke Logger Cache Cleaner Secure Desktop Gener...

Page 35: ...s pane Step 8 Click Secure Desktop Settings under Home The Secure Desktop pane appears Uncheck all options except for Allow e mail applications to work transparently See the option descriptions in Configuring Secure Desktop Settings for a Location for more information about the settings on this pane Insecure Use the default Cache Cleaner settings for the Insecure location Assign or confirm the ass...

Page 36: ...rwarding Full Tunneling Home Users connecting from home have advanced features like File Access Port Forwarding and Full Tunneling only if they meet the company network policies for antivirus software antispyware firewall software and Windows 2000 Service Pack 4 or Windows XP Provide users in the Home location with this level of access as follows Step 1 Click VPN Feature Policy under Home Step 2 S...

Page 37: ...button under Web Browsing A dialog box opens Step 4 Check AntiVirus and choose the antivirus software Note To choose multiple options for a given field Control click them Step 5 Check Firewall and choose the company firewall software Step 6 Check Anti spyware and choose the antispyware software Step 7 Check OS and choose 2000 SP4 XP no SP XP SP1 and XP SP2 Step 8 Check Feature and choose Cache Cle...

Page 38: ...Linux Features CSD handles Macintosh and Linux systems differently from Windows Instead of using different settings per location all Macintosh and Linux hosts use the same settings Hosts connecting from both secure and insecure locations connect with the same settings The following instructions explain how to grant only web browsing access privileges with a global timeout Configure the Macintosh a...

Page 39: ...their mixed use For these clients you might set up a location named Home that is specified by a corporate supplied certificate that employees install on their home PCs This location would require the presence of antivirus software and specific supported operating systems to grant full access to the network Finally for untrusted locations such as Internet cafes you might set up a location named Ins...

Page 40: ...to a location in the sequence shown in this box Caution If you create a location and do not specify criteria make sure it is the last entry in the Locations list Move Up and Move Down Select an entry in the Locations box and click one of these buttons to change its priority CSD evaluates clients against the locations in the order of their appearance in this list Close all open browser windows upon...

Page 41: ...n a remote server if the Secure Desktop installation fails or the remote client PC does not match any of the configured locations criteria In the interest of security we recommend that you do not check this option By default this attribute is unchecked Full tunneling Check to let the remote user establish a VPN tunnel with the SSL VPN Client if the Secure Desktop installation fails or the remote c...

Page 42: ...nly one of the criteria you specify must match that is CSD considers the criteria in a logical OR relationship For example if you specify several files under Enable identification using File or Registry criteria only one of these files must be present Refer to the sections that name the location criteria you want to configure Location Module Certificate Criteria IP Criteria Registry and File Crite...

Page 43: ...e The Certificate window opens Step 2 Click the Details tab Step 3 Complete both of the fields in the Certificate Criteria area of the Identification for Location pane Figure 5 2 as follows Issued By Click Subject in the Field column under the Details tab of the Certificate window The area below the Field column displays the subordinate fields and values assigned to the Subject field of the certif...

Page 44: ...dow The area below the Field column displays the subordinate fields and values assigned to the Subject field of the certificate The subordinate fields include such names as CN for common name O for organization unit name and E for e mail address Type the value of one of these subfields in the Issued By field on the Identification for Location pane to match it against the Subject field of the certi...

Page 45: ...cify the value of the subfield For example type the value of the O field not the O itself Issued To Click Issuer in the Field column under the Details tab of the Certificate window The area below the Field column displays the subordinate fields and values assigned to the Issuer field of the certificate The subordinate fields include such names as CN for common name O for organization unit name and...

Page 46: ...ure Criteria The Registry and File Criteria dialog box opens Figure 5 3 Figure 5 3 Registry and File Criteria The tables in this window list any registry key and file requirements needed to qualify a remote client to obtain the access rights associated with the location you are configuring Each entry is a logical OR operator that is the evaluation result for any entry must be TRUE to assign the lo...

Page 47: ... bit integer value or string value to a registry key on client computers to qualify them for the location you are configuring Step 1 Assign values to the mandatory attributes in the Add or Edit Registry Criterion dialog box as follows Entry Path menu Choose the hive the initial directory path of a registry key The options are as follows HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_U...

Page 48: ...rd value of a registry key or use it to add a Dword value to the registry key to satisfy the requirement you are configuring DWORD value menu Choose one of the following options next to DWORD value to specify the relationship of the Dword value of the registry key to the value to be entered to the right different from equal to greater than greater than or equal to less than less than or equal to D...

Page 49: ...alog box Step 4 Click Add if you want to specify another registry key refer to the next section if you want to specify a file criterion or click OK to return to the Identification for Location pane File Criteria In the File Criteria area of the Registry and File Criteria dialog box Figure 5 3 click Add if you want to confirm the presence or absence of a specific file as a criterion for assigning t...

Page 50: ...ersion tab Optional Version menu Choose one of the following options to specify the relationship of the Version value of the file to the number to be entered to the right less than less than or equal to equal to different from greater than greater than or equal to Optional Version field Type a string typically in dotted decimal notation to compare with the version of the file on the client compute...

Page 51: ...ing the Secure Desktop for Clients that Match Location Criteria Refer to the following sections to define the Secure Desktop experience for clients that match the criteria defined for a specific location Configuring a VPN Feature Policy for a Location Configuring Keystroke Logger for a Location Configuring Cache Cleaner for a Location Configuring Secure Desktop General for a Location Configuring S...

Page 52: ... Group Policy if you want to apply the Alternative group policy to any remote client matched to this location This option lets you apply an alternative to the default group policy so you can differentiate access rights Typically you would use the failure group policy to apply access rights that are more limited than those associated with the success group policy With this option set CSDM dims the ...

Page 53: ...his tab Note If you click this radio button choose the Configuration VPN General Tunnel Group Add Edit Tunnel Group WebVPN Access WebVPN tab Change the policy assigned to the Alternative group policy attribute to apply a policy to clients that fail to satisfy the criteria If you click this radio button CSDM activates the check boxes in the criteria area Note A Use Success Group Policy if criteria ...

Page 54: ...are window Step 6 For each enabled security category you check click one of the options or control click multiple options Note For the complete list of applications checked by System Detection see Figure 5 7 or refer to System Detection Questions Click Apply All to save the running CSD configuration Configuring Web Browsing File Access Port Forwarding and Full Tunneling VPN Policies for a Location...

Page 55: ...for the tab name the last four tabs are identical Also except for the row of radio buttons near the top they are also identical to the Group Based Policy tab Figure 5 7 Step 3 Click one of the following radio buttons Disabled to make the feature unavailable to the remote client that matches the location criteria This option is the default VPN policy setting for web browsing file access port forwar...

Page 56: ...onship is present among the enabled categories The options within each category have an OR relationship For example you can specify that any one of a list of antivirus software programs be running and even if you have checked all of them as possible candidates having just one of them running is enough to satisfy the antivirus software requirement The security categories are as follows Anti Virus C...

Page 57: ...oke logging applications that are safe or let the remote user approve of the applications the scan identifies Secure Desktop and Cache Cleaner launch only if the scan is clear or only if you assign administrative control to the user and the user approves of the applications the scan identifies It may not be possible for CSD to detect all keystroke loggers present including hardware keystroke loggi...

Page 58: ...e on the remote client By default this attribute is not checked and the other attributes and buttons are grayed out If you check this attribute the Force admin control on list of safe modules attribute becomes active Step 3 Check Force admin control on list of safe modules to give yourself control over which key loggers are exempt from scanning or uncheck it to give the remote user this control If...

Page 59: ...indow and click Edit if you want to modify its path CSDM opens the Input dialog box Figure 5 10 Input for Keystroke Logger Step 5 Type the path and name of the module or application in the Please enter module path field then click OK CSDM closes the dialog box and lists the entry in the List of Safe Modules window Note To remove a program from the list click the entry in the Path of safe modules l...

Page 60: ...the presence of that cookie Hidden URL Type the URL to use for administrative purposes if you checked Launch hidden URL after installation Show success message at the end of successful installation Check to display a dialog box on remote client PCs informing the user when the Cache Cleaner installation is successful Launch cleanup upon timeout based on inactivity Check to set a specific timeout pe...

Page 61: ...the user experience The Secure Desktop General pane appears Figure 5 12 shows the default settings Figure 5 12 Secure Desktop General Check the following attributes to configure the Secure Desktop General settings for the location you are configuring as required by your security policy Automatically switch to Secure Desktop after installation Check to set the Secure Desktop to load automatically a...

Page 62: ...hecking this option uninstalls the Vault from the user s computer when the Secure Desktop closes Force application uninstall upon Secure Desktop closing Check if you do not want to leave the Secure Desktop application on untrusted computers after users are done using it The Secure Desktop uninstalls when it closes Note Leave this option disabled if you want users to be able to use the Vault Checki...

Page 63: ... are those that use the Server Message Block SMB client server request response protocol to share such resources as files printers and APIs For maximum security we recommend that you check this attribute If you do the Secure Desktop Manager dims the following attribute Do not encrypt files on network drives Check to prevent the user from saving encrypted files to drives onto the network while on t...

Page 64: ...ion Allow email applications to work transparently Check to let the user open e mail while on the Secure Desktop and to prevent CSD from deleting e mail upon the termination of the CSD session The use of the term transparent means that the Secure Desktop handles e mail the same way that the local desktop handles it Transparent handling works for the following e mail applications Microsoft Outlook ...

Page 65: ... s bookmarks or favorites It lists only the ones shown in this pane Configure the Secure Desktop Browser as follows Step 1 Type the URL of the page that you want to open when the remote user establishes a CSD session into the Home Page field The Customized Bookmarks pane lists the folders and URLs that populate the browser Bookmarks or Favorites menu Step 2 Use the following guidelines to add modi...

Page 66: ...5 28 Cisco Secure Desktop Configuration Guide OL 8607 02 Chapter 5 Setting Up CSD for Microsoft Windows Clients Configuring the Secure Desktop for Clients that Match Location Criteria ...

Page 67: ...he menu on the left The Windows CE pane appears Figure 6 1 Figure 6 1 Windows CE Set the attributes as follows Web Browsing Check to let the remote user use the Secure Desktop to browse the web Note To ensure security the Secure Desktop Manager supports only web browsing by clients in unknown locations and access outside of the CSD environment File Access Check to let the remote user use the Secur...

Page 68: ...6 2 Cisco Secure Desktop Configuration Guide OL 8607 02 Chapter 6 Setting Up CSD for Microsoft Windows CE Clients ...

Page 69: ...r remote clients running Macintosh or Linux To configure the Secure Desktop experience for these clients click Mac Linux Cache Cleaner in the menu on the left The Mac and Linux Cache Cleaner pane appears Figure 7 1 Figure 7 1 Cache Cleaner Mac and Linux Cache Cleaner Note This pane lets you configure both the Cache Cleaner and VPN feature policy for all Mac and Linux clients ...

Page 70: ...d 1 s Choose the number of times for CSD to perform this cleanup task The default setting 1 pass meets the US Department of Defense DoD standard for securely deleting files Following the completion of the task the number of times specified CSD removes the pointer to the file Enable web browsing if Mac or Linux installation fails Check to allow web browsing but disable other remote access features ...

Page 71: ...ast User Switching because only one instance of the CSD software can run on the same computer Which Java Virtual Machine is used by the Secure Desktop and the Cache Cleaner CSD checks Internet Explorer to determine which Java Virtual Machine JVM has been configured for that particular machine and uses JVM to install the CSD components WhendomodifiedsettingsapplytotheCacheCleanerandtheSecureDesktop...

Page 72: ...g works for the following e mail applications Microsoft Outlook Express Microsoft Outlook Eudora Lotus Notes Which applications does the Secure Desktop handle transparently Secure Desktop provides transparent handling of Outlook Outlook Express Eudora and Notes Timeout Questions The following questions address timeout settings with the Secure Desktop and the Cache Cleaner How does the timeout sett...

Page 73: ...ultaneously If I enable Vault reuse how large is the download the second time When you enable Vault reuse the majority of the program is downloaded The next time the remote user reaches the site only a small application downloads approximately 40 KB in size How does an end user use the Vault after downloading it the first time Once you have downloaded and installed the Secure Desktop it appears as...

Page 74: ...dates having just one of them running is enough to satisfy the antivirus software requirement Which antivirus applications does System Detection support The antivirus applications that System Detection checks for includes Avast AntiVirus 4 0 AVG AntiVirus 7 0 eTrust Antivirus 7 0 to 2005 F Secure Antivirus 2003 to 2005 McAfee VirusScan 8 0 to 10 0 Enterprise 7 0 to 8 0 Norton AntiVirus For Windows...

Page 75: ... Edition Windows 98 Second Edition Security Questions The following questions address the Secure Desktop and the Cache Cleaner security settings and encryption level What security settings do I need to set on user computers The following Internet Explorer settings are required for CSD Use these settings as a guideline for other browsers To access and launch the executable page Scripting Active scr...

Page 76: ...be up to 127 characters and can include any combination of upper and lower case letters plus numbers and punctuation symbols including spaces What happens when the cache is cleaned either by the Cache Cleaner or the Secure Desktop The Cache Cleaner or the Secure Desktop sanitizes the system disabling or erasing all data that was downloaded inserted or created in the browser including file download...

Page 77: ... A 1 Use Module attribute 5 4 Windows 3 4 5 22 to 5 23 certificate 5 4 to 5 6 5 6 to 5 7 character encoding A 2 Check for keystroke loggers attribute 5 20 Checksum attribute 5 12 5 13 Cipher Block Chaining CBC A 6 Cisco Security Agent A 4 Clean the whole cache in addition to the current session cache attribute 5 22 CN certificate field 5 5 5 6 5 7 command prompt disable 5 26 configuration example ...

Page 78: ...ile 5 11 Entry Path criterion for a registry key 5 9 eTrust Antivirus A 4 example CSD configuration 4 1 to 4 3 Exists criterion for a file 5 12 Exists criterion for a registry key or file 5 9 F FAQs A 1 to A 6 fast user switching A 1 favorites 5 27 File Access Macintosh and Linux 7 2 Microsoft Windows CE 6 1 File access VPN Feature Policy Windows installation failure 5 3 VPN Feature Policy Windows...

Page 79: ...al timeout attribute 7 2 Launch cleanup upon timeout based on inactivity attribute 5 22 Launch hidden URL after installation attribute 5 22 Launch hidden URL upon Secure Desktop closing attribute 5 24 Let user reset timeout attribute 7 2 Linux 7 1 List of Safe Modules pane 5 20 local desktop switch 5 23 location adding viewing and deleting 5 2 criteria 5 3 to 5 13 definition 3 3 5 1 example config...

Page 80: ... force uninstall 5 24 General 3 4 5 23 to 5 24 inactivity timeout 5 24 local desktop switch 5 23 Location Module attribute option 5 15 5 18 Manager establishing a session 3 2 menu figure 3 3 multiple A 3 open web page when closing 5 24 prompt to uninstall 5 24 Settings window 3 4 5 25 to 5 26 Use Module attribute 5 4 security settings A 5 service packs A 5 Shift_JIS A 2 Show success message at the...

Page 81: ...to 7 2 Microsoft Windows CE 6 1 Windows 3 4 5 13 to 5 19 W Web Browsing Macintosh and Linux 7 2 Microsoft Windows CE 6 1 Web browsing Windows installation failure 5 2 success 5 16 Windows CE menu option 6 1 Windows Location Settings examples 4 2 menu option 3 2 5 1 Windows operating systems and service packs A 5 work example configuration 4 2 5 1 X xml 3 5 Z ZoneAlarm Personal Firewall A 5 ...

Page 82: ...Index IN 12 Cisco Secure Desktop Configuration Guide OL 8607 02 ...

Reviews:

No comments

Related manuals for 5520 - ASA IPS Edition Bundle

D-Link DFL-1000 Quick Install Manual preview
DFL-1000
Brand: D-Link Pages: 6
Dell SonicWALL SOHO APL31-0B9 Quick Start Manual preview
SonicWALL SOHO APL31-0B9
Brand: Dell Pages: 12
Dell SonicWALL TZ300 Quick Start Manual preview
SonicWALL TZ300
Brand: Dell Pages: 2
Dell sonicwall x series Deployment Manual preview
sonicwall x series
Brand: Dell Pages: 45
Jøtul JGFW-5 Manual preview
JGFW-5
Brand: Jøtul Pages: 12
Radware DefensePro VA Installation And Maintenance Manual preview
DefensePro VA
Brand: Radware Pages: 83
Fortinet FortiWiFi FortiWiFi-50B Install Manual preview
FortiWiFi FortiWiFi-50B
Brand: Fortinet Pages: 68
DryTek Vigor 2952 series User Manual preview
Vigor 2952 series
Brand: DryTek Pages: 811

Brands by name

Popular brands

Load more brands